To Trust Apple Sign-In, You Need to Trust Apple

Experts agree that it’s not perfect, but it’s almost certainly better than what you’re using

Eric Ravenscraft
OneZero
Published in
6 min readJun 6, 2019

--

AApple wants to own the only account you use to sign in to services across the internet. On Monday, the company unveiled Sign In with Apple, a log-in service similar to those offered by Google and Facebook. Unlike those two, Apple says it will protect your privacy by creating new, anonymized email addresses for each service access via Sign In. That’s all well and good, but there’s a bigger concern to be addressed: Is using your Apple account to sign in to apps and services safe in the first place?

When it launches later this year, Sign In with Apple will let users log in to services on any platform using their Apple account. On the iPhone, you can even use Face ID or Touch ID to confirm your identity, which spares you from remembering complex passwords or dealing with randomly generated authentication codes.

For people inside the Apple ecosystem, it could be one of the most secure systems around. If you step outside of Apple’s world, however, security gets a bit weaker.

Apple didn’t respond to a request for comment, but according to the company’s website, Sign In with Apple will be available on the web, which means it can be used on any non-Apple device, obviously without the protections offered by Face ID or Touch ID. In that case, users will have to rely on the security of their Apple account itself, and it appears they’ll only be able to protect their account with weaker, SMS-based two-factor authentication (2FA). That could leave not only their Apple accounts more vulnerable, but any app they log in to with Apple, as well.

Apple’s new sign-in feature — as well as its Google and Facebook counterparts — is what’s known as a “Single Sign-On” (SSO) service. You log in to one product, like your Facebook account, on your computer or phone. Then, when you want to log in to another service on that same device — Spotify, say — Facebook generates a token that confirms your identity. Instead of having to remember passwords for hundreds of different apps, you can remember just one.

It’s an appealing promise, but it’s not flawless. The biggest drawback to SSO — whether it…

--

--

Eric Ravenscraft
OneZero

Written by Eric Ravenscraft

26K Followers
Writer for

Eric Ravenscraft is a freelance writer from Atlanta covering tech, media, and geek culture for Medium, The New York Times, and more.

More from Eric Ravenscraft and OneZero

See all from Eric Ravenscraft
See all from OneZero

Recommended from Medium

Lists

Breaking News: Tim Cook unveils Vision Pro headset in Apple’s most significant launch since iPhone

Apple's Vision Pro

7 stories35 saves

Tech & Tools

15 stories102 saves
A series of icons from the John Lewis icon library
An aerial view of a desktop, with digital devices, a command key, and paperclips

Icon Design

31 stories171 saves

Stories to Help You Live Better

19 stories858 saves
See more recommendations

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams