← Back to context

Comment by sircastor

2 days ago

I have a very old iPad that my kid uses. It’s stuck to iOS 10.3. Also, it can’t use my password manager. The browser is so old that the website won’t load (32-bit app). And the PW manager app isn’t made for this old a device.

So Apple wants me to type in my 50+ character password every time I use the App Store app. It’s such a pain.

8 comments

sircastor

Reply
paxys  2 days ago

If it helps there's no security advantage of a 50+ character password over a suitable 16 character one.

  • mbreese  2 days ago

    Yeah, but passphrases don’t require switching keyboards as often in mobile. And if you’re using a 16 character P@s5w0R6, a 50 character passphrase can be just as secure.

    What I can’t stand if when I’m prompted to type a password on my Apple TV and can’t use my phone for some reason. Scrolling across the alphabet for a passphrase is torture.

    • happymellon  2 days ago

      My work switched our passwords from minimum 8 digits of upper, lower, numeric and special (requires all 3 present) to a passphrase.

      Now its 21 minimum but requires upper, lower and numeric. I guess at least I don't have to stick an exclamation on the end.

  • mikepurvis  2 days ago

    Remember how 1Password used to install itself as a custom keyboard that could "type" your passwords into arbitrary text fields anywhere in the OS, before password management specific hooks were added?

    It would be nifty if your phone could just connect to other devices as a BT keyboard and type in passwords there too. Probably not worth the actual fuss of pairing a BT device, but if that part were not so painful it could be quite a nice solution.

    • alasarmas  2 days ago

      One major flaw in this approach is the one-way channel (keyboard input) prevents the password manager from knowing if it is supplying credentials to the correct recipient. Phishing attacks are relatively common and users expect a password manager to know these things, even in situations like you have described where it’s clearly impossible. I think this is why this approach hasn’t succeeded in the marketplace and FIDO2/WebAuthn support seem to be table stakes.

      1 reply →

Xevion  2 days ago

Then why'd you pick a 50+ character password? No one made you do that. That's your fault, not Apple's.

- As you said, it's a multi-platform account, so probably multiple devices in multiple locations will need the password. Meaning you won't have easy access to your password manager. - Popular account, so you'll likely be using it often, probably re-typing or pasting it.

Common sense says that manually typing out a password was a likely scenario.

Switch to a phrase-based password. It'll still be really secure, and you'll be freed from your self-inflicted woes.

  • crazygringo  2 days ago

    > Switch to a phrase-based password.

    I assume that's why it's 50+ characters long, as opposed to 20 gibberish characters. Because phrase-based passwords are longer. And whether it's 40 or 50 or 50+ doesn't even matter, the point is it's not short like a 6-digit PIN.

    I have the exact same problem. It's still incredibly annoying to type on a touchscreen keyboard. If you mistype one character...

    So no, it's not the commenter's fault. And it's certainly not mine. I'm doing the best with the tools I have available. It's Apple's fault, mainly.