Comment by paxys
2 days ago
And it's even worse if you are accessing Apple services on a non-Apple device. No matter how many times I click "trust device" when logging in to icloud.com it will still make me do the password + one-time code song and dance the next day.
Another pointless annoyance - if Face ID fails when making a payment or installing an app (like it frequently does for reasons like sleeping in bed or wearing sunglasses) it won't fall back to PIN but ask you to enter your Apple account password. Why?? And of course when you're on that prompt there's no way to open your password manager without cancelling out of it entirely. Makes for a fun experience at the checkout counter...
In 2025, I don’t think that accessing apple accounts on a non-apple device is a happy path for apple anymore.
"Trust this device" is the modern day elevator door close button.
I've found that it's only american elevator door close buttons that don't work.
The rest of the world manages to keep them operational.
2 replies →
Haha
Why in the world does it need you to type a code id you have already accepted it at the other device? This whole flow is stupid, I guess they want to cover their asses.
I agree with you, but it's the same reason why Microsoft asks you to type a numeric code generated by their Outlook app in order to login. It's to prevent people from dismissing the alert by clicking "OK" without even reading (especially if they're in the middle of something else, e.g. during a scam phone call).
Right, the numeric code is proof of intent. In theory, tapping "ok" or "yes, this is me" should be proof of intent. In reality, it's common for those who have compromised someone's password to flood people with these notifications and auth prompts to get them to eventually say "ok," even if by accident.
2 replies →
TIL, this now makes a lot of sense, won't be as mad about it anymore.
To prevent an attack where someone steals your username and password, triggers the 2-factor notification, and waits for you to accept it. This can be automated and repeated until you eventually click the wrong button for one reason or another.
By requesting a short-lived code, attackers now need to communicate with you at the same time of the attack and somehow convince you to give them that code. Much harder.
It does also increase friction for non-first party applications and Apple has a strong history of using product design to discourage non-first party apps.
Microsoft crap is similarly broken. After each and every login there is the question whether it should remember me and whether it should ask that question again. It doesn't matter at all what you answewr there, it changes absolutely nothing.
I wonder how many millions of productivity hours have been lost due to millions of people having to click through these stupid, useless prompts countless times per day.
That is the single most useless dialog/question in IT. I wonder how much money that costs the global economy a year.
Disable anti-tracking features and ad blocks, it turns out cookies and temp storage for ad tracking are how IDPs track your choice to trust the device too.
Adblocking and anti-tracking are mandatory on my company laptop, cannot switch those off. And I wouldn't want to.
1 reply →
Most adblockers etc are pretty selective about cookies.
I guess if you got really aggressive like an allow-list approach, you could have friction, but just using ublock's defaults I don't get 'unrecognized' from anything any quicker than I do on a device without it.
It often falls back to PIN if you retry faceid three times. But if the app is using faceid as a biometric second factor, in addition to or instead of as a password caching mechanism, then a device PIN is not biometric attestation and so it downgrades to full password.
Dismiss the password prompt and reinitiate the auth, FaceID will work again. I’m not sure why Apple doesn’t let us retry FaceID on the get go, but at least theres this method.
related pet peeve: faceid is often (but unpredictably) really slow - like, I'm looking at the phone and in a hurry and would prefer to enter my pin but touching the screen goes back to the lockscreen, and swiping up starts faceid again.
> if Face ID fails when making a payment or installing an app (like it frequently does for reasons like sleeping in bed or wearing sunglasses) it won't fall back to PIN but ask you to enter your Apple account password.
What? FaceID will prompt for a re-try. Always. It will never fail once and then refuse to do FaceID.
If you can't figure out to lift the sunglasses off your face or sit up in bed for a second, that's not anyone's fault but your own.
Also, FaceID will never fall back to your account password for Apple Wallet transactions with a physical credit card reader.
You’re right except in the very specific case of the App Store purchase or download process. You only get one chance at FaceID and then it demands a password. But, if you cancel and do it again, you get another chance at FaceID. It’s mystifying why they’d make that UX choice.