'Sign in with Apple' better than using passwords, says Google authentication chief
The head of Google's account sign-in teams is seemingly positive about Apple's introduction to the authentication space with "Sign in with Apple," revealing in an interview it would be preferable to use Apple's button than to manually enter usernames and passwords.
Apple's entry into the industry of authentication, as launched at WWDC, puts it in direct competition with Facebook and Google's single sign-on buttons. Billed as a privacy-focused alternative, "Sign in with Apple" provides the ability to create a fresh account that is blank of all identifying data, enabling users to enter just what is needed for the app and minimizing third-party tracking.
Despite being a direct competitor to Apple's new service, Google is somewhat welcoming of the new log-in option, with Google product management director Mark Risher revealing in an interview with The Verge it is preferable for users to employ some form of single sign on button to get into apps than to rely on the usual usernames and passwords, which can be reused between services.
"I honestly do think this technology will be better for the internet and will make people much, much safer," advised Risher. "Even if they're clicking our competitors button when they're logging into sites, that's still way better than typing in a bespoke username and password, or more commonly, a recycled username and password."
The increased use of the sign-in buttons has made the internet and app experience better, saving users from having to set up their own credentials each time, which users still believe is the "best thing" to improve security. "But in actually [it] has no bearing on phishing, no bearing on password breaches, no bearing on password reuse," Risher insists, with it being more important for users to reduce the total number of passwords they use.
Apple's decision to focus on data collection and privacy as a reason to use Sign in with Apple over the others is seen as a criticism of Google's version, but Risher takes the blame for Google having "not really articulated what happens when you press" its button. "A lot of people don't understand, and some competitors have dragged it in the wrong direction," he suggests, with the idea of the button press notifying friends of the user signing into an embarrassing site used as an example of the supposed unwarranted threat of the button's use.
The introduction of a new option from Apple gives a chance to "reinvigorate the space and to make it clear what this means and what happens, that is really beneficial."
Risher objects to the "bunch of innuendo" that suggests "only one of them is pure, and the rest of them are kind of corrupt." Google is said to only log the moment of authentication, and that it isn't using the event for any other purpose such as advertising, only for the user to see where they used it within a page of the Google account's Security Checkup.
On the subject of having different levels of security for various apps and services instead of putting everything into the federated model of single-sign-on, Risher defends the idea of authentication buttons for apps by suggesting the metaphor is less about putting all of a user's eggs into one basket, more about banking.
"There are two ways to store your hundred dollars: you could spread it around the house, putting one dollar in each drawer, and some under your mattress and all of that," Risher proposes. "Or you could put it in a bank, which is one basket, but it's a basket that is protected by 12-inch thick steel doors. That seems like the better option."
Apple's entry into the industry of authentication, as launched at WWDC, puts it in direct competition with Facebook and Google's single sign-on buttons. Billed as a privacy-focused alternative, "Sign in with Apple" provides the ability to create a fresh account that is blank of all identifying data, enabling users to enter just what is needed for the app and minimizing third-party tracking.
Despite being a direct competitor to Apple's new service, Google is somewhat welcoming of the new log-in option, with Google product management director Mark Risher revealing in an interview with The Verge it is preferable for users to employ some form of single sign on button to get into apps than to rely on the usual usernames and passwords, which can be reused between services.
"I honestly do think this technology will be better for the internet and will make people much, much safer," advised Risher. "Even if they're clicking our competitors button when they're logging into sites, that's still way better than typing in a bespoke username and password, or more commonly, a recycled username and password."
The increased use of the sign-in buttons has made the internet and app experience better, saving users from having to set up their own credentials each time, which users still believe is the "best thing" to improve security. "But in actually [it] has no bearing on phishing, no bearing on password breaches, no bearing on password reuse," Risher insists, with it being more important for users to reduce the total number of passwords they use.
Apple's decision to focus on data collection and privacy as a reason to use Sign in with Apple over the others is seen as a criticism of Google's version, but Risher takes the blame for Google having "not really articulated what happens when you press" its button. "A lot of people don't understand, and some competitors have dragged it in the wrong direction," he suggests, with the idea of the button press notifying friends of the user signing into an embarrassing site used as an example of the supposed unwarranted threat of the button's use.
The introduction of a new option from Apple gives a chance to "reinvigorate the space and to make it clear what this means and what happens, that is really beneficial."
Risher objects to the "bunch of innuendo" that suggests "only one of them is pure, and the rest of them are kind of corrupt." Google is said to only log the moment of authentication, and that it isn't using the event for any other purpose such as advertising, only for the user to see where they used it within a page of the Google account's Security Checkup.
On the subject of having different levels of security for various apps and services instead of putting everything into the federated model of single-sign-on, Risher defends the idea of authentication buttons for apps by suggesting the metaphor is less about putting all of a user's eggs into one basket, more about banking.
"There are two ways to store your hundred dollars: you could spread it around the house, putting one dollar in each drawer, and some under your mattress and all of that," Risher proposes. "Or you could put it in a bank, which is one basket, but it's a basket that is protected by 12-inch thick steel doors. That seems like the better option."
Comments
Yeah right.
In the interview with The Verge, Risher says:
A couple of points,
1. First he objects to what he calls, "a bunch of innuendo," then he goes ahead and takes a dig at Sign In with Apple with ... a bunch of innuendo. Mostly, this tells you exactly how disingenuous he's being in the entire interview.
2. He talks about how Google only logs, "the moment of authentication," but entirely avoids (throughout the interview, and that's a failure by The Verge) addressing what personal data of yours Google shares with apps/sites you log into, or what data they share with Google. Apple only shares your name and the email address you choose to use (personal or random). If Google really wants you to know that their single sign on service protects your privacy just as well as Apple's, you'd think that would be something Google would be proactively forthcoming about, rather than avoid discussing altogether. When a company avoids discussing something altogether, it's typically because they can't be honest without telling you things they don't want you to know.
Also, I can't help noting that while he doesn't like the suggestion that Sign In with Apple is pure and similar services from Google are, "kind of corrupt," he also doesn't directly refute that.
This current product, I haven’t seen how it will be built, but it sounds like they will log that moment as well and then also, every email that’s ever sent by that company, which sounds a lot more invasive. But we’ll see how the details work out.
...riiiight, my guy, a private-email relay service is invasive? Keep re-framing that narrative! Google is defender of privacy! Apple is invasive! Unite, comrades!
Are these people for real.
He's just shaking in his boots.
Can't wait for Sign-in with Apple and Apple Card.
P.S. Will only Apple users see this button? Will some sites support the button which will in turn show up on iKnockoffs and Windows machines?
I use Lastpass. I've been working on changing passwords where they are all computer generated, 20+ digits long. Ever single password completely different and complete random. It's actually not that big o f a deal in iOS anymore since iOS12 came out. I turned off Keychain, and only use Lastpass. It works on all my different hardware. I have no hope of remembering one of them, so I think they're quite good. I also turn on 2-Factor everywhere that I can. Good thing as someone somehow I guess got my old Apple password and was trying to Log in a new device which needed that 2nd factor. It showed it coming from CHINA!!!! Of course I clicked on DENY. Then I changed my Apple password to a new Lastpast generated 20+ digit password.
I feature I really like with LastPass is you can set it up so when you DIE your family member(s) can gain access to your passwords. Allowing your wife or whoever access to your Bank account and insurance and all the other important things as everything is done Online these days. You do this buy setting up any number of people with a password. Say 3 people, but only need 2 of them. Then a email is sent to YOU. If you don't respond and say, HEY, I'm still living, they can't get access. If you don't replay, LastPass will assume you are dead. You can set the time delay for however long you want. You can keep your iOS device passwords in it someplace so your family member is not locked out of the device, unless you don't want to to see what's on it.
There is no way in hell I would ever use Google or Facebook to log into sites. I've never used them and I never will. I'll create a new account at that site instead. I don't need them to also be tracking me.
Do not hold your breath with these two.
FB isn't even worthy of discussion and I've said too much already.
Sign in with Apple on will be required on every App Store app that uses or will use Sign in with... Whether we see it on any sites other than Apple centric sites is a guess. Given the slow adoption/proliferations of Pay with Apple Pay buttons on sites, I wouldn't expect to see wide spread or quick responses. It should be easier to implement than using Apple Pay, Until then I'll hope for the best and expect – nothing. Anything more than that will be a plus.
I would add this to iOS first.