“Sign In with Apple” makes it easy for users to log into apps and websites using their Apple ID. Instead of filling out forms, verifying email addresses, and choosing new passwords, users can use “Sign In with Apple” to set up an account and start using apps right away. All accounts are protected with two-factor authentication for superior security, and Apple will not track users’ activity in apps or websites.
Ryan Christoffel for MacStories:
Creating a new account for every service you try is a major pain. It’s made easier with the aid of iCloud Keychain and 1Password, but while those tools eliminate lots of friction, they can be a little clunky, and in the end you’re still trusting your data to the (usually unknown) privacy policies of the service you sign up for.
Third-party login buttons solve the convenience problem, mostly. They may require entering your credentials for that third-party service, but at least you don’t have to create and remember new credentials for multiple services. The data privacy issue can be a question mark with these buttons though; when you authenticate through, let’s say Facebook, do you really know exactly what data you’re sharing with the new service? Or how the service will use that data? As consumers continue losing trust in Facebook itself to secure their data, why would they trust a service that taps into their Facebook data?
Sign In with Apple is a modern alternative to the current mess of login methods, offering Apple users a solution that addresses the current options’ shortfalls. It makes account creation and sign-in trivially simple – even more so than buttons from Google or Facebook – while also keeping your data in the hands of a company with a decent privacy track record.
MacDailyNews Take: Sign In with Apple is as smooth as silk and, because it’s from Apple, not the likes of Google or Facebook, your privacy is protected to boot!
Sign In with Apple is a beautiful solution for those of us who value our privacy and it works with all Apple devices — Mac, iPhone, iPad, Apple Watch, Apple TV and iPod touch! — MacDailyNews, June 7, 2019
If any website can have you sign in with Apple ID, is there a danger of nefarious sites stealing your Apple log on. After all, you going to a website that Apple doesn’t not control and entering your sensitive information. How would I know I can trust the website?
Because you do not log in on the site itself. You log in via Apple and the third party site never sees any credentials.
Still doesn’t answer my question. If a nefarious website redirects you to a fake Apple logon site and not to the actual Apple logon site, how would you know? As more and more sites use this, people are will be trained to just log on. Its a new vector for hackers to trick people into giving away they Apple ID and password.
Am I missing something here. What if a hacker created a website and embed a FAKE apple sign-in button the looks and acts like the authentic Apple sign-on button, but all it does is logs Apple IDs and password. Is there a mechanism in place to prevent this from happening, and is there a way for users to know if the site is tricking them or not?
You don’t enter your Apple ID and password on the website. It is similar to Google Sign in or Facebook Login or other similar OAuth flows – you are redirected to a new Apple Sign in screen/sheet/popover where you actually log in (and allow with 2 factor authentication and/or Touch/Face ID).
https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
I understand how it’s suppose to work. I am not worry about legitimate websites. The Apple Sign-in Button seems like it could easily be faked to trick a user, this is more of my concern, how do you know which site is using the real Apple Sign-in Button verses a FAKE one.
An what a mess it truly is..
I hope it works smoothly and gains support everywhere.