iOS 8 Simplifies App Login Process with Safari Password Sharing

MacRumors · Jun 13, 2014

Logging into and setting up apps will be easier in iOS 8 thanks to new Continuity APIs Apple has introduced to allow iOS apps to access Safari's stored usernames and passwords. The feature, announced at a developer session at WWDC (via 9to5Mac), will let users quickly log in to an app that is associated with a website they have previously visited.

For example, if a user has accessed Gmail in Safari for Mac or iOS and opted to store a password, that password can then be used to log in to Google's Gmail iOS app with a single tap, greatly speeding up and streamlining the login process. During the session, Apple demonstrated with a test website and app called "Shiny."

The functionality is available to all developers and has the potential to be built into any third-party app with an accompanying website. Developers will need to associate a website with their app, which will then give them the option to request credentials saved in Safari, offering the option at login.

The process also works both ways. Apps that have an associated website that a user has not visited will be able to store login information to Safari, later letting a user access that stored information on the web when browsing to the site associated with the app.

As part of Continuity, the new Safari/app integration is designed to make it easier to seamlessly switch between devices, cutting down on the frustration of logging into an app. Apple also hopes the new system will increase security, as users can now select Safari's randomized suggested passwords for both apps and websites.

Article Link: iOS 8 Simplifies App Login Process with Safari Password Sharing

joejoejoe · Jun 13, 2014

This combined with iCloud Keychain and Touch ID and we'll barely ever have to remember our passwords again.

Cali Fornia · Jun 13, 2014

TouchID and this will be heaven for anyone who hates inserting passworts.
Looking forward to upgrading my iPhone 5 in the fall.

BlahBlahBen · Jun 13, 2014

How will developers need to associate? will it be just a string of a domain, or is there any verification...

marf1million · Jun 13, 2014

Great new feature.

rorschach · Jun 13, 2014

BlahBlahBen said:
How will developers need to associate? will it be just a string of a domain, or is there any verification...

My question as well.

itcomesinwaves · Jun 13, 2014

Oh happy day!

Hooray! I've been hoping for this feature. Now if they could just make it a bit more comprehensive in Safari. Too often it doesn't catch it when I change my password, or just plain doesn't work for some sites (cough cough, gmail, cough).

Heck even MacRumors doesn't work with it. I literally just reset my password fro post this comment and Safari continues to autofill my previous (incorrect) password for MacRumors.

The Doctor11 · Jun 13, 2014

Cali Fornia said:
TouchID and this will be heaven for anyone who hates inserting passworts.
Looking forward to upgrading my iPhone 5 in the fall.

Yes. Its just sucks having to type in the user name and then the password... This is nice to have.

cariacou · Jun 13, 2014

7 years of iOS developpment, worth the wait

lotzosushi · Jun 13, 2014

All hail Continuity!

ArtOfWarfare · Jun 13, 2014

BlahBlahBen said:
How will developers need to associate? will it be just a string of a domain, or is there any verification...

Great question - I'm wondering the same thing.

Apple requires app developers to provide support email addresses and websites with their submissions, but I've noticed that many people supply made up email addresses and websites - Apple doesn't even bother verifying they're real. Heck, I saw one app that had http://www.apple.com listed as the support website (and it wasn't an Apple app). I've reported them as I see them, but the fact that in Apple's review process they don't bother checking email addresses or URLs right now suggests that they won't bother checking associated URLs, either.

Perhaps the real way this will work is Apple will make sure that the app never receives the credentials itself, and the framework instead handles the credentials itself and just sends them to the URL they're associated with when it's told to do so?

In that way, anyone could make a Facebook app, but the credentials would only ever be sent to Facebook.

Apple would have to be sure to keep the credentials always encrypted on device though, or else a little bit of introspection code and it would be trivial for any app to access the credentials.

nezr · Jun 13, 2014

this is revolutionary...for real.

bacaramac · Jun 13, 2014

I CAN NOT WAIT FOR THIS. I hate trying to remember my passwords for an app when all the safari sites have it saved.

furi0usbee · Jun 13, 2014

I'm a loyal 1Password user, but there is at least once scenario where I might stop using 1Password and use Apple's solution.

If I can choose to sign into these websites using the stored keychain password *while* authenticating with a fingerprint, I think I'd be be able to sleep that anyone couldn't pick up my phone and log into stuff.

So if it works like this...

1. Visit amazon.com for first time
2. Go to login
3. Phone says "hey I see you already have a login, want to use it forever?"
4. I say yeah
5. Anytime I try to log into amazon, I just touch the sensor and it logs me in using keychain info.

If this solution logs in regardless of any finger ID, I wouldn't want to use it. I would only feel comfortable touching the sensor while logging in.

jclo · Jun 13, 2014

BlahBlahBen said:
How will developers need to associate? will it be just a string of a domain, or is there any verification...

rorschach said:
My question as well.

ArtOfWarfare said:
Great question - I'm wondering the same thing.

Apple requires app developers to provide support email addresses and websites with their submissions, but I've noticed that many people supply made up email addresses and websites - Apple doesn't even bother verifying they're real. Heck, I saw one app that had http://www.apple.com listed as the support website (and it wasn't an Apple app). I've reported them as I see them, but the fact that in Apple's review process they don't bother checking email addresses or URLs right now suggests that they won't bother checking associated URLs, either.

Perhaps the real way this will work is Apple will make sure that the app never receives the credentials itself, and the framework instead handles the credentials itself and just sends them to the URL they're associated with when it's told to do so?

In that way, anyone could make a Facebook app, but the credentials would only ever be sent to Facebook.

Apple would have to be sure to keep the credentials always encrypted on device though, or else a little bit of introspection code and it would be trivial for any app to access the credentials.

There is a verification process.

Parasprite · Jun 13, 2014

bacaramac said:
I CAN NOT WAIT FOR THIS. I hate trying to remember my passwords for an app when all the safari sites have it saved.

As someone who uses randomly generated 30+ character passwords, I can't help but agree with this. It's one of the reasons why I rarely use app versions of websites .

nwcs · Jun 13, 2014

I hope they allow password managers like 1Password participate in this capability. A lot of us prefer to manage our passwords outside of Safari for various reasons. Having deeper integration would be awesome.

AngerDanger · Jun 13, 2014

I love that their test website and app were called Shiny; it's like Apple is parodying itself.

raam89 · Jun 13, 2014

good

I used safari icloud keychain's autosuggest feature for password in some websites and had to go through the stored password in safari preferences and enter it in the iPhone app. I was just then thinking Apple could introduce an API to pick stored passwords from safari and they've delivered.

Peteman100 · Jun 13, 2014

+1 on hoping 1Password is allowed to have the same capability

madsci954 · Jun 13, 2014

It's...it's so beautiful....

<weeps many manly tears>

dugbug · Jun 13, 2014

So is this only for uiwebkit objects or an actual external (to uiwebkit) api?

mistafro · Jun 13, 2014

Awesome.

coolfactor · Jun 13, 2014

These credentials are stored in Keychain, not "in Safari". Safari merely stored them in Keychain, but other applications can access them. This is actually a very handy feature, and I hope it comes to OS X, as well.

NightFox · Jun 13, 2014

Cali Fornia said:
TouchID and this will be heaven for anyone who hates inserting passworts.
Looking forward to upgrading my iPhone 5 in the fall.

The only trouble with systems that handle the ID/password process automatically behind the scenes is when you lose your passwords, such as accidentally wiping your keychain and because you've not had to type in your passwords for years (or created really good, complex ones) you can't remember what they were!

I can still remember my "Compunet" logon and password from 1986 because I had to type it in every time I went online - but I wouldn't have a clue what my current broadband one is.

iOS 8 Simplifies App Login Process with Safari Password Sharing

macrumors bot

macrumors 65816

macrumors regular

macrumors newbie

macrumors regular

macrumors 68020

macrumors member

macrumors 603

macrumors 6502a

macrumors 6502

macrumors G3

macrumors 6502

macrumors 65816

macrumors 68000

Managing Editor

macrumors 68000

macrumors 68030

Graphics

macrumors member

macrumors 6502

macrumors 68030

macrumors 68000

macrumors regular

macrumors 604

macrumors 68040

Our Staff