'Sign in with Apple' better than using passwords, says Google authentication chief

Posted:
in iOS edited June 2019
The head of Google's account sign-in teams is seemingly positive about Apple's introduction to the authentication space with "Sign in with Apple," revealing in an interview it would be preferable to use Apple's button than to manually enter usernames and passwords.




Apple's entry into the industry of authentication, as launched at WWDC, puts it in direct competition with Facebook and Google's single sign-on buttons. Billed as a privacy-focused alternative, "Sign in with Apple" provides the ability to create a fresh account that is blank of all identifying data, enabling users to enter just what is needed for the app and minimizing third-party tracking.

Despite being a direct competitor to Apple's new service, Google is somewhat welcoming of the new log-in option, with Google product management director Mark Risher revealing in an interview with The Verge it is preferable for users to employ some form of single sign on button to get into apps than to rely on the usual usernames and passwords, which can be reused between services.

"I honestly do think this technology will be better for the internet and will make people much, much safer," advised Risher. "Even if they're clicking our competitors button when they're logging into sites, that's still way better than typing in a bespoke username and password, or more commonly, a recycled username and password."

The increased use of the sign-in buttons has made the internet and app experience better, saving users from having to set up their own credentials each time, which users still believe is the "best thing" to improve security. "But in actually [it] has no bearing on phishing, no bearing on password breaches, no bearing on password reuse," Risher insists, with it being more important for users to reduce the total number of passwords they use.

Apple's decision to focus on data collection and privacy as a reason to use Sign in with Apple over the others is seen as a criticism of Google's version, but Risher takes the blame for Google having "not really articulated what happens when you press" its button. "A lot of people don't understand, and some competitors have dragged it in the wrong direction," he suggests, with the idea of the button press notifying friends of the user signing into an embarrassing site used as an example of the supposed unwarranted threat of the button's use.

The introduction of a new option from Apple gives a chance to "reinvigorate the space and to make it clear what this means and what happens, that is really beneficial."

Risher objects to the "bunch of innuendo" that suggests "only one of them is pure, and the rest of them are kind of corrupt." Google is said to only log the moment of authentication, and that it isn't using the event for any other purpose such as advertising, only for the user to see where they used it within a page of the Google account's Security Checkup.

On the subject of having different levels of security for various apps and services instead of putting everything into the federated model of single-sign-on, Risher defends the idea of authentication buttons for apps by suggesting the metaphor is less about putting all of a user's eggs into one basket, more about banking.

"There are two ways to store your hundred dollars: you could spread it around the house, putting one dollar in each drawer, and some under your mattress and all of that," Risher proposes. "Or you could put it in a bank, which is one basket, but it's a basket that is protected by 12-inch thick steel doors. That seems like the better option."

Comments

  • Reply 1 of 18
    lostkiwilostkiwi Posts: 639member
    Risher objects to the "bunch of innuendo" that suggests "only one of them is pure, and the rest of them are kind of corrupt." Google is said to only log the moment of authentication, and that it isn't using the event for any other purpose such as advertising, only for the user to see where they used it within a page of the Google account's Security Checkup.
    “Oh, of course we respect Safari’s security provisions. We would never hack into and ignore the preferences the customer had set up on that browser “

    Yeah right. 
    SnickersMagoomac_dogStrangeDaysRayz2016n2itivguylolliverjbdragonracerhomie3davgregcornchip
  • Reply 2 of 18
    wattoukwattouk Posts: 50member
    "I honestly do think this technology will be better for the internet and will make people much, much safer," advised Risher. "Even if they're clicking our competitors button when they're logging into sites, that's still way better than typing in a bespoke username and password, or more commonly, a recycled username and password." 
    BULLSHIT. He wants people to use google and Facebook sign-on's so that they can harvest data - we're not stupid. However, it seems apple is going the right way about privacy.
    lolliverjbdragonracerhomie3davgregwatto_cobra
  • Reply 3 of 18
    sflocalsflocal Posts: 6,092member
    wattouk said:
    "I honestly do think this technology will be better for the internet and will make people much, much safer," advised Risher. "Even if they're clicking our competitors button when they're logging into sites, that's still way better than typing in a bespoke username and password, or more commonly, a recycled username and password." 
    BULLSHIT. He wants people to use google and Facebook sign-on's so that they can harvest data - we're not stupid. However, it seems apple is going the right way about privacy.
    Of course he's lying.  With the uproar over privacy failures everywhere, management folks like him aren't going to say they're against an option that would secure an individual's privacy on the Internet.
    StrangeDaysjbdragonlostkiwidavgregFuzzyDicewatto_cobra
  • Reply 4 of 18
    rob53rob53 Posts: 3,241member
    lostkiwi said:
    Risher objects to the "bunch of innuendo" that suggests "only one of them is pure, and the rest of them are kind of corrupt." Google is said to only log the moment of authentication, and that it isn't using the event for any other purpose such as advertising, only for the user to see where they used it within a page of the Google account's Security Checkup.
    “Oh, of course we respect Safari’s security provisions. We would never hack into and ignore the preferences the customer had set up on that browser “

    Yeah right. 
    "fool me once, shame on — shame on you. Fool me — you can't get fooled again"
    lostkiwicharlesgresjbdragonJaiOh81davgregwatto_cobra
  • Reply 5 of 18
    WgkruegerWgkrueger Posts: 352member
    Rushers $100 analogy where each dollar is a password doesn’t make sense to me. What it sounds like is I have 100 passwords and I need to keep them in a password vault, like the one provided by 1Password. The Google authentication chief needs to get in touch with the Google analogy chief.  
    edited June 2019 gutengellostkiwicornchipwatto_cobra
  • Reply 6 of 18
    anonymouseanonymouse Posts: 6,857member

    In the interview with The Verge, Risher says:

    But there was a bunch of innuendo wrapped around the release that suggested that only one of them is pure, and the rest of them are kind of corrupt, and obviously I don’t like that. We only log the moment of authentication. It’s not used for any sort of re-targeting. It’s not used for any sort of advertising. It’s not distributed anywhere. And it’s partly there for user control so that they can go back and see what’s happened. We have a page, part of our security checkup, that says, “here’s all the connected apps, and you can go and break that connection.” This current product, I haven’t seen how it will be built, but it sounds like they will log that moment as well and then also, every email that’s ever sent by that company, which sounds a lot more invasive. But we’ll see how the details work out.

    A couple of points,

    1. First he objects to what he calls, "a bunch of innuendo," then he goes ahead and takes a dig at Sign In with Apple with ... a bunch of innuendo. Mostly, this tells you exactly how disingenuous he's being in the entire interview.

    2. He talks about how Google only logs, "the moment of authentication," but entirely avoids (throughout the interview, and that's a failure by The Verge) addressing what personal data of yours Google shares with apps/sites you log into, or what data they share with Google. Apple only shares your name and the email address you choose to use (personal or random). If Google really wants you to know that their single sign on service protects your privacy just as well as Apple's, you'd think that would be something Google would be proactively forthcoming about, rather than avoid discussing altogether. When a company avoids discussing something altogether, it's typically because they can't be honest without telling you things they don't want you to know.

    Also, I can't help noting that while he doesn't like the suggestion that Sign In with Apple is pure and similar services from Google are, "kind of corrupt," he also doesn't directly refute that.

    StrangeDaysjbdragonlostkiwicornchipwatto_cobra
  • Reply 7 of 18
    StrangeDaysStrangeDays Posts: 12,834member

    In the interview with The Verge, Risher says:

    But there was a bunch of innuendo wrapped around the release that suggested that only one of them is pure, and the rest of them are kind of corrupt, and obviously I don’t like that. We only log the moment of authentication. It’s not used for any sort of re-targeting. It’s not used for any sort of advertising. It’s not distributed anywhere. And it’s partly there for user control so that they can go back and see what’s happened. We have a page, part of our security checkup, that says, “here’s all the connected apps, and you can go and break that connection.” This current product, I haven’t seen how it will be built, but it sounds like they will log that moment as well and then also, every email that’s ever sent by that company, which sounds a lot more invasive. But we’ll see how the details work out.

    A couple of points,

    1. First he objects to what he calls, "a bunch of innuendo," then he goes ahead and takes a dig at Sign In with Apple with ... a bunch of innuendo. Mostly, this tells you exactly how disingenuous he's being in the entire interview.

    2. He talks about how Google only logs, "the moment of authentication," but entirely avoids (throughout the interview, and that's a failure by The Verge) addressing what personal data of yours Google shares with apps/sites you log into, or what data they share with Google. Apple only shares your name and the email address you choose to use (personal or random). If Google really wants you to know that their single sign on service protects your privacy just as well as Apple's, you'd think that would be something Google would be proactively forthcoming about, rather than avoid discussing altogether. When a company avoids discussing something altogether, it's typically because they can't be honest without telling you things they don't want you to know.

    Also, I can't help noting that while he doesn't like the suggestion that Sign In with Apple is pure and similar services from Google are, "kind of corrupt," he also doesn't directly refute that.

    Yeah, looks like the google-powered FUD machine is starting up. This is rich:

    This current product, I haven’t seen how it will be built, but it sounds like they will log that moment as well and then also, every email that’s ever sent by that company, which sounds a lot more invasive. But we’ll see how the details work out.

    ...riiiight, my guy, a private-email relay service is invasive? Keep re-framing that narrative! Google is defender of privacy! Apple is invasive! Unite, comrades!

    Are these people for real. 

    lostkiwicornchipwatto_cobra
  • Reply 8 of 18
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member

    In the interview with The Verge, Risher says:

    But there was a bunch of innuendo wrapped around the release that suggested that only one of them is pure, and the rest of them are kind of corrupt, and obviously I don’t like that. We only log the moment of authentication. It’s not used for any sort of re-targeting. It’s not used for any sort of advertising. It’s not distributed anywhere. And it’s partly there for user control so that they can go back and see what’s happened. We have a page, part of our security checkup, that says, “here’s all the connected apps, and you can go and break that connection.” This current product, I haven’t seen how it will be built, but it sounds like they will log that moment as well and then also, every email that’s ever sent by that company, which sounds a lot more invasive. But we’ll see how the details work out.

    A couple of points,

    1. First he objects to what he calls, "a bunch of innuendo," then he goes ahead and takes a dig at Sign In with Apple with ... a bunch of innuendo. Mostly, this tells you exactly how disingenuous he's being in the entire interview.

    2. He talks about how Google only logs, "the moment of authentication," but entirely avoids (throughout the interview, and that's a failure by The Verge) addressing what personal data of yours Google shares with apps/sites you log into, or what data they share with Google. Apple only shares your name and the email address you choose to use (personal or random). If Google really wants you to know that their single sign on service protects your privacy just as well as Apple's, you'd think that would be something Google would be proactively forthcoming about, rather than avoid discussing altogether. When a company avoids discussing something altogether, it's typically because they can't be honest without telling you things they don't want you to know.

    Also, I can't help noting that while he doesn't like the suggestion that Sign In with Apple is pure and similar services from Google are, "kind of corrupt," he also doesn't directly refute that.

    Yeah, looks like the google-powered FUD machine is starting up. This is rich:

    This current product, I haven’t seen how it will be built, but it sounds like they will log that moment as well and then also, every email that’s ever sent by that company, which sounds a lot more invasive. But we’ll see how the details work out.

    ...riiiight, my guy, a private-email relay service is invasive? Keep re-framing that narrative! Google is defender of privacy! Apple is invasive! Unite, comrades!

    Are these people for real. 



    He's just shaking in his boots.
    Can't wait for Sign-in with Apple and Apple Card.

    P.S. Will only Apple users see this button? Will some sites support the button which will in turn show up on iKnockoffs and Windows machines?
    watto_cobra
  • Reply 9 of 18
    jbdragonjbdragon Posts: 2,305member
    I'm all for this. I don't expect to see it being used at many sites other than maybe Apple type blogs like here at Apple Insider. It's going to take a few years before seeing it at other sites.

    I use Lastpass. I've been working on changing passwords where they are all computer generated, 20+ digits long. Ever single password completely different and complete random. It's actually not that big o f a deal in iOS anymore since iOS12 came out. I turned off Keychain, and only use Lastpass. It works on all my different hardware. I have no hope of remembering one of them, so I think they're quite good. I also turn on 2-Factor everywhere that I can. Good thing as someone somehow I guess got my old Apple password and was trying to Log in a new device which needed that 2nd factor. It showed it coming from CHINA!!!! Of course I clicked on DENY. Then I changed my Apple password to a new Lastpast generated 20+ digit password.

    I feature I really like with LastPass is you can set it up so when you DIE your family member(s) can gain access to your passwords. Allowing your wife or whoever access to your Bank account and insurance and all the other important things as everything is done Online these days. You do this buy setting up any number of people with a password. Say 3 people, but only need 2 of them. Then a email is sent to YOU. If you don't respond and say, HEY, I'm still living, they can't get access. If you don't replay, LastPass will assume you are dead. You can set the time delay for however long you want. You can keep your iOS device passwords in it someplace so your family member is not locked out of the device, unless you don't want to to see what's on it.

    There is no way in hell I would ever use Google or Facebook to log into sites. I've never used them and I never will. I'll create a new account at that site instead. I don't need them to also be tracking me.
    edited June 2019 watto_cobra
  • Reply 10 of 18
    davgregdavgreg Posts: 1,036member
    I am sure Google and Facebook will honor this right out of the box- just like the "do not track" signal sent from Safari.
    Do not hold your breath with these two.

  • Reply 11 of 18
    macguimacgui Posts: 2,350member
    Google has ignored the elephant in the room – its lack of credibility. Some people don't give a whit about privacy, and that's a choice. Not one I like to make, but apparently it's fine for those people. Until it isn't.

    FB isn't even worthy of discussion and I've said too much already. 

    Sign in with Apple on will be required on every App Store app that uses or will use Sign in with... Whether we see it on any sites other than Apple centric sites is a guess. Given the slow adoption/proliferations of Pay with Apple Pay buttons on sites, I wouldn't expect to see wide spread or quick responses. It should be easier to implement than using Apple Pay, Until then I'll hope for the best and expect – nothing. Anything more than that will be a plus.
    lostkiwiAppleExposedwatto_cobra
  • Reply 12 of 18
    gatorguygatorguy Posts: 24,176member
    davgreg said:
    I am sure Google and Facebook will honor this right out of the box- just like the "do not track" signal sent from Safari.
    Do not hold your breath with these two.

    Honor what? There's nothing to "honor". If you use "Sign in with Apple" it's using their log-in credentials and same with Google. 
  • Reply 13 of 18
    MacProMacPro Posts: 19,718member
    Apple should add an extra option in Catalina ... "Click here to always Sign in with Apple and don't show 'sign in with Google or FaceBook' again ... ever".
    lostkiwiAppleExposedwatto_cobra
  • Reply 14 of 18
    MacProMacPro Posts: 19,718member
    gatorguy said:
    davgreg said:
    I am sure Google and Facebook will honor this right out of the box- just like the "do not track" signal sent from Safari.
    Do not hold your breath with these two.

    Honor what? There's nothing to "honor". If you use "Sign in with Apple" it's using their log-in credentials and same with Google. 
    Kind of the whole point, thus avoiding touching anything related to Google.
    AppleExposedcornchipwatto_cobra
  • Reply 15 of 18
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member
    MacPro said:
    Apple should add an extra option in Catalina ... "Click here to always Sign in with Apple and don't show 'sign in with Google or FaceBook' again ... ever".
    Haha Brilliant!

    I would add this to iOS first.
    lostkiwiwatto_cobra
  • Reply 16 of 18
    gatorguygatorguy Posts: 24,176member
    MacPro said:
    gatorguy said:
    davgreg said:
    I am sure Google and Facebook will honor this right out of the box- just like the "do not track" signal sent from Safari.
    Do not hold your breath with these two.

    Honor what? There's nothing to "honor". If you use "Sign in with Apple" it's using their log-in credentials and same with Google. 
    Kind of the whole point, thus avoiding touching anything related to Google.
    Well yeah, pretty obvious, except for the "touching anything related to Google" which wouldn't be assured. 
  • Reply 17 of 18
    MacProMacPro Posts: 19,718member
    MacPro said:
    Apple should add an extra option in Catalina ... "Click here to always Sign in with Apple and don't show 'sign in with Google or FaceBook' again ... ever".
    Haha Brilliant!

    I would add this to iOS first.
    All the Apple OSs should have that.  As long as it's an option no one could claim it was monopolistic either.
    watto_cobra
  • Reply 18 of 18
    gatorguygatorguy Posts: 24,176member
    MacPro said:
    Apple should add an extra option in Catalina ... "Click here to always Sign in with Apple and don't show 'sign in with Google or FaceBook' again ... ever".
    Haha Brilliant!

    I would add this to iOS first.
    I don't believe Apple and Google have all that much problem with each other especially where both benefit monetarily and legislatively from partnering on various things. Quite obviously they work together when it's beneficial to their businesses. Some of their fans not so much. It's a good thing they have nothing to do with running either of them. 
    FileMakerFeller
Sign In or Register to comment.