Sign in with Apple was one of the most exciting features announced at WWDC 2019 that happened early this month. The sign in method was a clear attack on other single sign-on(SSO) features from companies like Google, Twitter, and Facebook.
Apple stated that the new authentication option will be mandatory for all App Stores apps once it goes live later this year. It is going to be challenging to get developers on board. Unlike Google’s and Facebook’s SSO, Apple will protect users’ privacy by creating a new and anonymized email address for each service access via Sign In. When it launches, Sign in with Apple will let you log in to any service on any platform using an Apple account if you have one sparing you the need to either remember complex passwords or deal with randomly generated authentication codes.
Facebook had a similar tool
So, let’s get to Facebook. The social media giant doesn’t think that Sign in with Apple will get developers interested. During the 2019 Code Conference organized by Recode, Andrew “Boz” Bosworth, Facebook’s VP who currently leads its hardware efforts said that Facebook had launched a similar anonymous login tool at their annual F8 conference and it wasn’t popular with developers and at that time developers not only used the email for login but also for a couple of different parts of their workflows. Andrew then adds that developers get a lot of value in their entire chain of acquiring consumers and re-engaging them by virtue of having access to that email address. He concludes by saying that they’ll be watching how the new authentication feature plays out for Apple as it rolls out.
I the talk, Adam Mosseri who runs Instagram was also present and said that breaking up the social media platform won’t solve the issues it has.
“Personally, if we split it off, it might make a lot of my life easier, and it would probably be beneficial for me as an individual. But I just think it’s a terrible idea. If you’re trying to solve election integrity, if you’re trying to approach content issues like hate speech, and you split us off, it would just make it exponentially more difficult — particularly for us at Instagram — to keep us safe.”
Is another single sign-on(SSO) really necessary and is Apple’s new feature safe?
If you’re already inside Apple’s walled garden, the feature could be one of the most secure single sign-on they can have but if you’re not, it’s going to be challenging. Sign in with Apple will, however, be available on the web so if you don’t have any Apple device, you could use the feature.
To enhance the security of your account, you’ll have to use the weaker SMS-based 2FA that leaves your account more vulnerable.
SSO works by generating a token that authenticates your identity so you now have to remember only one password – it’s alluring but imperfect. SSO’s are not without a flaw – either Google’s, Facebook’s, Twitter’s or even Apple’s. If it is breached, all your accounts that depend on your SSO become vulnerable.
Google’s one tap 2FA is a much better and secure way than SMS based 2FA Apple offers but the tech giant has FaceID, TouchID and pop-up prompts after setup if you have an Apple device. If you don’t you’re stuck with SMS based 2FA.
SSO systems are less secure than password managers. Late last year, Facebook admitted to a breach where hackers stole SSO security tokens from tens of millions of accounts. This wasn’t the first breach. Thank God, Facebook dropped their version of this tool.
Apple hopes that its relatively strong stance on user privacy(it’s no angel either) will lure developers and have an intuitive user interface for regular users on board with their SSO.
To be totally safe, ditch these passwords, get a password manager and enable 2FA on all platforms that offer it including using a hardware key if possible. If you must use SS0, use more than one just to be sure.
All in all, in the era of antitrust probes, Apple is just the latest giant tech company that just wants to consolidate your data and regulators have started showing interest.
The Department of Justice will certainly be investigating Apple for its [consults notes] privacy-enhancing monopoly https://t.co/kl1MLqI1pR
— Glenn Fleishman (@GlennF) June 3, 2019