One step closer to a password-less web
At WWDC 2019, Apple introduced attendees and viewers to the new ‘Sign in with Apple’ feature rolling out across all devices. While this feature isn’t necessarily groundbreaking or the selling point to go out and grab a MacBook or iPhone, it has since developed into an appreciated part of Apple’s suite of device features.
Apple Pay launched five years earlier and is probably the most closely related and comparable feature. Both Apple Pay and ‘Sign in with Apple’ are two ways that Apple is continuing to push for a simpler, more intuitive experience not only from a hardware and operating system perspective but now even in third-party applications.
What Is ‘Sign in With Apple’?
In recent years, signup forms across the web have been simplified in many different ways. One of the most common ways of simplifying the process is through using OAuth, an open protocol that allows secure authorization on the web, mobile, and desktop applications.
You’ve likely been to websites where you’re given the option to either sign up with an email address or by linking a popular service account such as Google or Facebook. In most cases, this is OAuth in action.
Apple’s ‘Sign in with Apple’ feature works very similarly to OAuth. If you’ve seen the Apple Pay button on any mobile website or app, Apple’s new sign-in button is very similar.
If your device is running iOS 13 or above, you’ll be able to use your device’s Apple sign-in information to instantly and easily create an account. The only requirement is that you have two-factor authentication enabled on your Apple ID.
‘Sign in with Apple’ has some very interesting perks that you won’t find while using OAuth and similar services. An example is Apple’s ‘Hide My Email’ feature.
With Hide My Email, Apple will generate a random email address on the privaterelay.appleid.com domain name that will forward to your real iCloud mail account and use this during account signup. With the rate at which websites are being hacked, this is a great security buffer that can save your iCloud account from being potentially breached.
Creating an account with Apple’s new sign-in feature will allow you to sign in by using your device’s Face ID, Touch ID, or passcode. In a world attempting to move beyond text-based passwords, this is a step in the right direction.
How To Use ‘Sign In With Apple’
Apple’s new sign-in feature is still relatively young and is only out on a select few apps in the App Store—Instacart and Bird are two examples. If you’d like to take Sign In With Apple for a spin, you can download either of those apps.
On the signup page for any app with support, you’ll see the Sign in with Apple button, black and branded with the Apple logo.
Tapping on this button will bring up a prompt that shows your device’s current iCloud information, allowing you to select if you would like to sign up with your real iCloud email address or mask it with Apple’s Hide My Email feature.
The button to sign in will either be Continue with Passcode or mention the biometric that you use to protect your Apple ID – either Face ID or Touch ID. Continuing and verifying your passcode, Face ID, or Touch ID will create your account and allow you to sign in to it in the future on devices linked to your Apple ID.
How Safe Is ‘Sign in with Apple’?
Apple’s new sign-in service is one of the most secure methods of account creation to reach the mainstream web. It requires an Apple device with two-factor authentication enabled, and you’ll need to pass your phone’s standard security check to access your account. There are very few other systems on the web where your sign-in information is associated with a physical device.
Additionally, while throwaway email services and email forwarders are nothing new, Apple’s integration of Hide My Email streamlines the process and opens up the possibility of email masking to users who otherwise may not even know or understand the existence of such a security measure.
As far as user privacy goes, Apple promises the following on their official sign-in support page: “Sign in with Apple won’t track or profile you as you use your favorite apps and websites, and Apple retains only the information that’s needed to make sure you can sign in and manage your account.”
Overall, Apple has raised the bar with its new sign-in service. OAuth has been a major timesaver for years, but Sign in with Apple brings so much more to the table if you’re able to find an app that supports it and you own an Apple ID protected by two-factor authentication. This is one big step closer to a passwordless web.
If you have any questions or comments regarding Apple’s new sign-in service, be sure to drop us a comment below!