With the release of Apple's new iPhone operating system, iOS 13, Apple introduced "Sign in with Apple," a new option to sign up for accounts in apps and websites. This new alternate sign-in option is said to secure your privacy better than similar solutions from Facebook, Google, and Twitter, but it also binds you even more tightly to the Apple ecosystem. We'll go over how it works and some of the concerns that could arise.
Sign in with Apple is a "single sign-on" (SSO) service that works in the same places you've probably seen buttons to log in with your Facebook or Google account. Instead of creating a new account using your email address and password for an app or website, you sign in with your Apple ID.
Signing in with Facebook and Google is convenient, but it also gives those companies and the apps you use a lot of information about you. (This is the parent company of Wirecutter, The New York Times.) Your personal information is shared every time you check in with Facebook or Google, allowing firms to monitor you wherever you go. That can be a lot of data, considering how much personal information is stored on those sites. It should include your email address, profile photo, and name at the very least. If you're logging in using Facebook, a site may ask for additional information, such as your birthdate, page likes, images, and friends list.
Apple claims to provide as little information as possible, just collecting your login and email address, and that it does not track your app or website activities. When you sign in with the Apple button, you have the option of creating a throwaway email address so that you never have to give the app or website your real email address. My username is Boots Cat in the guitar-lesson app Fratello, and my email address is [email protected] or something like that. If I want, any emails from the app are forwarded to the email address associated with my Apple ID, or I can disable forwarding. Even if I've deleted the app from my phone, I can withdraw access at any time. This functionality is very beneficial for programs that you don't care about or those you have to use only once.
Log in using Apple provides obvious privacy benefits by separating your name and email address from your new account, but its security enhancements aren't as obvious. Creating a fresh strong password for each account isn't difficult if you use a password manager (which you should). Sign in with Apple, on the other hand, is a far better option if you don't have one and instead use the same few passwords on every site.
It may not seem like the ideal idea to entrust all of your login information to a single firm, but there are benefits. Substantial organizations, such as Apple, Facebook, and Google, have large security teams, whereas smaller websites typically lack. As an example, consider the new account I created earlier: Apple is far less likely to be hacked than Fretello. However, SSO is still vulnerable to attacks, as evidenced by Facebook's announcement in 2018 of a breach affecting 90 million accounts.
Finally, the main question is whether you should trust Apple with your security rather than whatever random app you're signing up for an account with. When it comes to security, Apple has had a difficult year. On the one hand, Sign in with Apple requires you to utilize two-factor authentication, which is a good thing. For the initial Apple ID sign-in, Apple, on the other hand, continues to only offer the less secure SMS form of two-factor verification. If you only have one Apple device, this is your only option (in contrast, you can use a second Apple device as a second factor to verify yourself if you own say, both an iPad and an iPhone). It's past time for Apple to provide hardware and app authentication to users with only one Apple device.
You can roll your own set of throwaway email addresses with services like Mailinator or Guerrilla Mail if you prefer a DIY approach, but Apple's procedure is so seamless and simple that it's hard to picture doing it manually if you don't have to.
The fact that Sign in with Apple isn't currently offered in many places is one of the major roadblocks. I had to look for a compatible app for a few minutes just to see how it functioned. Apple sign-in does not display alongside Facebook or Google sign-in by default; app developers and websites must add support for it.
By April 2020, Apple will require every app available in the App Store that supports Facebook and Google SSO to also support Apple's button, although I expect many sites to wait as long as possible to continue snooping on visitors' personal information. If you've already registered an account somewhere, Sign in with Apple is less useful because you're unlikely to want to create a new account if you're already set up, and there's currently no option to switch over an existing account.
What matters more is what happens when you break off from Apple's ecosystem. Apple isn't offering Sign in with Apple because it wants to lock you into the Apple environment, not because it's a charitable organization. Although you'll be able to sign in with your Apple ID on the web, doing so replaces the seamless experience of using Touch ID or Face ID on an Apple device with the identical username and password experience you'll find elsewhere.
Signing in any place you've used Sign in with Apple is cumbersome if you decide to leave Apple at any stage. Let's imagine I create a Bird scooter account on my iPhone using Sign in with Apple, then switch to Android. When I try to sign in using Sign in with Apple again, it redirects me to a Web view, where I must sign in using my Apple ID. It's not a bad method, but it lacks the one-touch convenience of utilizing Sign in with Apple on an Apple device.
If you don't have a password manager (which you should), using Apple's choice is a convenient and secure alternative to making up new login credentials on the fly. If you don't anticipate ever leaving Apple's environment or if you only need a one-time-use account, it's easy to recommend.
Personally, I'll limit myself to utilizing it for apps and services that I don't mind losing access to, such as Bird scooters, where I could theoretically create a new account every time and have no effect on my experience. I'll use a password manager for everything I access frequently from a non-Apple device.