Member-only story
To Trust Apple Sign-In, You Need to Trust Apple
Experts agree that it’s not perfect, but it’s almost certainly better than what you’re using
Apple wants to own the only account you use to sign in to services across the internet. On Monday, the company unveiled Sign In with Apple, a log-in service similar to those offered by Google and Facebook. Unlike those two, Apple says it will protect your privacy by creating new, anonymized email addresses for each service access via Sign In. That’s all well and good, but there’s a bigger concern to be addressed: Is using your Apple account to sign in to apps and services safe in the first place?
When it launches later this year, Sign In with Apple will let users log in to services on any platform using their Apple account. On the iPhone, you can even use Face ID or Touch ID to confirm your identity, which spares you from remembering complex passwords or dealing with randomly generated authentication codes.
For people inside the Apple ecosystem, it could be one of the most secure systems around. If you step outside of Apple’s world, however, security gets a bit weaker.
Apple didn’t respond to a request for comment, but according to the company’s website, Sign In with Apple will be available on the web, which means it can be used on any non-Apple device, obviously without the protections offered by Face ID or Touch ID. In that case, users will have to rely on the security of their Apple account itself, and it appears they’ll only be able to protect their account with weaker, SMS-based two-factor authentication (2FA). That could leave not only their Apple accounts more vulnerable, but any app they log in to with Apple, as well.
Apple’s new sign-in feature — as well as its Google and Facebook counterparts — is what’s known as a “Single Sign-On” (SSO) service. You log in to one product, like your Facebook account, on your computer or phone. Then, when you want to log in to another service on that same device — Spotify, say — Facebook generates a token that confirms your identity. Instead of having to remember passwords for hundreds of different apps, you can remember just one.
It’s an appealing promise, but it’s not flawless. The biggest drawback to SSO — whether it…
