appleinsideruser

About

Username
appleinsideruser
Joined
Visits
117
Last Active
Roles
member
Points
207
Badges
0
Posts
191
  • Apple passkey feature will be our first taste of a truly password-less future

    How does a user intuitively know what data is shared with the website?

    However, the point was more that it's unclear if a website is spoofing the Sign in with Apple prompt asking for my local machine password. Surely a site could phish those details then download a script that has the password for my Mac...
    watto_cobra
  • Apple passkey feature will be our first taste of a truly password-less future

    The issue for me is trusting a dialog box on a website that’s asks for my Mac password. The Apple UI doesn’t make it clear that this info stays on my device and isn’t sent to the server as is normal. This paaswordless stuff will suffer the same issue and I will struggle to trust where my data goes.
    This is an excellent point, and one I'm really surprised Apple hasn't addressed yet. But it's difficult - not technically, but in terms of training users how to behave.

    So far the only entities I've seen addressing this issue are some banks, and not even most of them - I think they feel the ROI isn't worth it.

    The obvious way to do it is to allow the user to select an image which is proof that the system is talking, and not the app. The image is protected and inaccessible to all apps. Then when you get a dialog asking for a password or other sensitive info, the system displays this image along with the request. The presence of the image authenticates the request.

    There are other similar schemes (text or sound instead of an image). In general, you have to have a token signifying legitimacy (not a physical one, unless you intend to put a little LED on the phone just to signal "system interaction", and Apple would never do something so ugly). Implementing this is not in the least bit challenging.

    The big problem is teaching users to pay attention and understand the significance of the token. People understand the idea of "password" - it means "way to prove I'm really me". They *don't* generally understand the concept of "way for the OS to prove it's really the OS (and not malware spoofing the OS)", and they have no simple word for that like "password". This won't be an easy battle to fight and I guess Apple isn't willing to take it on yet. :-(
    On réflection i think Apple has already done this. Visit say iCloud.com and the modal dialog, that asks for my Mac password, disables the window’s close button. I have to use the awkward Cancel button to get the regular authentication that ironically I trust. I guess this is the ‘image’ you mention…
    watto_cobra
  • Apple passkey feature will be our first taste of a truly password-less future

    The issue for me is trusting a dialog box on a website that’s asks for my Mac password. The Apple UI doesn’t make it clear that this info stays on my device and isn’t sent to the server as is normal. This paaswordless stuff will suffer the same issue and I will struggle to trust where my data goes.
    watto_cobra
  • Amber Alert on AirPods damaged teenager's hearing, lawsuit claims

    So, how do you turn them off? Searching Amber in Settings shows Notifications, but nothing in there mentions them…

    aha, it’s a US only problem feature. https://www.imore.com/amber-alerts-your-iphone-what-they-are-and-how-manage-them
    JaiOh81
  • Western Australia Police can now use CarPlay to respond to emergencies

    bsbeamer said:
    Apple needs to allow a CarPlay-like mode to be enabled or activated to run on iPhone directly.  Many vehicles (even recent ones) only support BT audio and would cut down on a lot of the fiddling that unfortunately still happens while driving.
    Huh? CarPlay already runs on the iPhone directly -- it's run off the phone and uses the head unit as an external touch-enabled monitor.
    I suspect they meant, run on iPhone directly on its screen. i.e. a simplified UI on the phone screen when in a car.
    watto_cobra