iOS 8 Simplifies App Login Process with Safari Password Sharing

Discussion in ' News Discussion' started by MacRumors, Jun 13, 2014.

  1. macrumors bot


    Apr 12, 2001

    Logging into and setting up apps will be easier in iOS 8 thanks to new Continuity APIs Apple has introduced to allow iOS apps to access Safari's stored usernames and passwords. The feature, announced at a developer session at WWDC (via 9to5Mac), will let users quickly log in to an app that is associated with a website they have previously visited.

    For example, if a user has accessed Gmail in Safari for Mac or iOS and opted to store a password, that password can then be used to log in to Google's Gmail iOS app with a single tap, greatly speeding up and streamlining the login process. During the session, Apple demonstrated with a test website and app called "Shiny."

    The functionality is available to all developers and has the potential to be built into any third-party app with an accompanying website. Developers will need to associate a website with their app, which will then give them the option to request credentials saved in Safari, offering the option at login.

    The process also works both ways. Apps that have an associated website that a user has not visited will be able to store login information to Safari, later letting a user access that stored information on the web when browsing to the site associated with the app.

    As part of Continuity, the new Safari/app integration is designed to make it easier to seamlessly switch between devices, cutting down on the frustration of logging into an app. Apple also hopes the new system will increase security, as users can now select Safari's randomized suggested passwords for both apps and websites.

    Article Link: iOS 8 Simplifies App Login Process with Safari Password Sharing
  2. macrumors 65816

    Sep 13, 2006
    This combined with iCloud Keychain and Touch ID and we'll barely ever have to remember our passwords again.
  3. macrumors regular

    Feb 27, 2012
    Vienna, Austria
    TouchID and this will be heaven for anyone who hates inserting passworts.
    Looking forward to upgrading my iPhone 5 in the fall.
  4. macrumors newbie

    Jun 12, 2014
    How will developers need to associate? will it be just a string of a domain, or is there any verification...
  5. macrumors member

    Jul 23, 2013
  6. macrumors 68000


    Jul 27, 2003
    My question as well.
  7. macrumors member

    Jul 2, 2003
    Oh happy day!

    Hooray! I've been hoping for this feature. Now if they could just make it a bit more comprehensive in Safari. Too often it doesn't catch it when I change my password, or just plain doesn't work for some sites (cough cough, gmail, cough).

    Heck even MacRumors doesn't work with it. I literally just reset my password fro post this comment and Safari continues to autofill my previous (incorrect) password for MacRumors.
  8. macrumors 603

    The Doctor11

    Dec 15, 2013
    New York
    Yes. Its just sucks having to type in the user name and then the password... This is nice to have.
  9. macrumors 6502


    Jul 21, 2010
  10. macrumors 6502


    Jan 10, 2007
  11. macrumors 604


    Nov 26, 2007
    Great question - I'm wondering the same thing.

    Apple requires app developers to provide support email addresses and websites with their submissions, but I've noticed that many people supply made up email addresses and websites - Apple doesn't even bother verifying they're real. Heck, I saw one app that had listed as the support website (and it wasn't an Apple app). I've reported them as I see them, but the fact that in Apple's review process they don't bother checking email addresses or URLs right now suggests that they won't bother checking associated URLs, either.

    Perhaps the real way this will work is Apple will make sure that the app never receives the credentials itself, and the framework instead handles the credentials itself and just sends them to the URL they're associated with when it's told to do so?

    In that way, anyone could make a Facebook app, but the credentials would only ever be sent to Facebook.

    Apple would have to be sure to keep the credentials always encrypted on device though, or else a little bit of introspection code and it would be trivial for any app to access the credentials.
  12. macrumors member


    Feb 19, 2010
    Vancouver, BC
  13. macrumors 65816


    Dec 29, 2007
    I CAN NOT WAIT FOR THIS. I hate trying to remember my passwords for an app when all the safari sites have it saved.
  14. macrumors 65816


    Jul 11, 2008
    I'm a loyal 1Password user, but there is at least once scenario where I might stop using 1Password and use Apple's solution.

    If I can choose to sign into these websites using the stored keychain password *while* authenticating with a fingerprint, I think I'd be be able to sleep that anyone couldn't pick up my phone and log into stuff.

    So if it works like this...

    1. Visit for first time
    2. Go to login
    3. Phone says "hey I see you already have a login, want to use it forever?"
    4. I say yeah
    5. Anytime I try to log into amazon, I just touch the sensor and it logs me in using keychain info.

    If this solution logs in regardless of any finger ID, I wouldn't want to use it. I would only feel comfortable touching the sensor while logging in.
  15. Editor


    Staff Member

    Dec 7, 2012
    There is a verification process.
  16. macrumors 68000


    Mar 5, 2013
    As someone who uses randomly generated 30+ character passwords, I can't help but agree with this. It's one of the reasons why I rarely use app versions of websites .
  17. macrumors 6502a

    Sep 21, 2009
    I hope they allow password managers like 1Password participate in this capability. A lot of us prefer to manage our passwords outside of Safari for various reasons. Having deeper integration would be awesome.
  18. macrumors 68020


    Dec 9, 2008
    I love that their test website and app were called Shiny; it's like Apple is parodying itself.
  19. macrumors member

    Jul 21, 2011
    The Golden state

    I used safari icloud keychain's autosuggest feature for password in some websites and had to go through the stored password in safari preferences and enter it in the iPhone app. I was just then thinking Apple could introduce an API to pick stored passwords from safari and they've delivered. :)
  20. macrumors 6502

    Apr 28, 2011
    Berkeley, CA
    +1 on hoping 1Password is allowed to have the same capability
  21. macrumors 68020

    Oct 14, 2011
    It''s so beautiful....

    <weeps many manly tears>
  22. macrumors 65816


    Aug 23, 2008
    Somewhere in Florida
    So is this only for uiwebkit objects or an actual external (to uiwebkit) api?
  23. macrumors member

    Aug 24, 2003
  24. macrumors 68020

    Jul 29, 2002
    Vancouver, BC CANADA
    These credentials are stored in Keychain, not "in Safari". Safari merely stored them in Keychain, but other applications can access them. This is actually a very handy feature, and I hope it comes to OS X, as well.
  25. macrumors 68000


    May 10, 2005
    Shropshire, UK
    The only trouble with systems that handle the ID/password process automatically behind the scenes is when you lose your passwords, such as accidentally wiping your keychain and because you've not had to type in your passwords for years (or created really good, complex ones) you can't remember what they were!

    I can still remember my "Compunet" logon and password from 1986 because I had to type it in every time I went online - but I wouldn't have a clue what my current broadband one is.

Share This Page