Comment by CamperBob2
2 days ago
I'm not surprised that it occasionally prompts for a password (about once or twice a week for me), because otherwise people will forget their passwords and bug them about it.
The problem I have is that it doesn't explain who wants the password or why, and the prompts aren't associated with any particular action on my part. Instead, Apple is conditioning people to mindlessly type in their password on demand. Why in the world are they doing a stupid, dangerous, counterproductive thing like that?
People are supposed to have extremely complicated passwords, which are impossible to remember. The security is in your biometric ID. There is no reason for a person to ever have to remember any password except their login password, as long as they are using a device with biometric ID. And as far as I know, almost all Apple devices currently for sale have biometric ID.
iCloud is the only login that regularly breaks biometric ID functionality, and it's super annoying.
People are _required_ to have complicated passwords in most services.
Yet they'll still make you type it out in so many situations, including on account creation confirmation where some service will even block copy/paste to push you to type it.
Services will accept losing an user over password grating issues ("no compromise on security"), so it just gets worse and worse.
I get absolutely enraged at sites that block pasting. The two I know of are Quickbooks when paying an invoice with ACH and my tax collector website.
I'm pasting in a bank account number and some dumb person somewhere though, "Our users might be pasting in a bank account number... from... a 'bad' copy of it. Let's force them to potentially have to app switch repeatedly, and type 3 numbers at a time, from a 12-digit number they don't know well. Because we don't trust this 'Paste' voodoo!"
Even if I'm on a PC with windowing and don't have to app switch, the amount of misguided paternalism needed to tell me I cannot paste fills me with rage.
1 reply →
It's much more practical for me as a user to use biometric identification to fill in passwords. That means I can have different auto generated passwords for each service, that are impossible to crack. And if one gets leaked, then that's the only password that gets cracked. The security benefits are enormous, and the ease-of-use benefits are enormous.
I haven't seen any service block paste when filling in or making a password for at least the past 8 years. Any such service would instantly lose all their customers with iPhones or other Apple devices. Not good business.
1 reply →
Yes, it’s really bad for security. I just deny it if I don’t know what it’s for. I’m sure I’m missing out on some very important functionality.
My understanding is that iCloud backup requires it, among who-knows-what other things. So I've been reluctant to hit "Not now."
I just have to trust their security model to not allow random apps to pop up and issue those prompts.
I'd be surprised if there aren't malicious apps that pop up their own counterfeit version of Apple's "Just enter your password again, trust me bro" dialog that looks just like the real thing, and then do nefarious things with the trusting user's input.
1 reply →