Websites with 2 step log in process are annoying with Face ID

Discussion in 'iOS 12' started by iphnhelp, May 18, 2019.

  1. iphnhelp macrumors regular

    Joined:
    Jun 16, 2010
    #1
    There is this trend with websites now, and I don’t know if it’s a security feature or they’re just being too clever with the design- but their log in screen presents the name field alone.

    Then you have to click Next to get to the password field on a different screen. The result is you need to authenticate with Face ID twice. Once to auto fill the name, and once again to auto fill the password.

    I wonder if there is some smarts Apple could add in iOS 13 that gets you logged in with only 1 authentication.

    Have you guys experienced this?
     
  2. casperes1996 macrumors 68040

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #2
    I think it's a design concern for most sites, but can definitely be a security element in some circumstances too.

    It would be possible for Apple to make one authentication enough; There are a few ways of implementing it specifically, but they'd all have some security concerns. There are likely non-trivial implementations that could avoid the security concern, and in the end it very much depends on the way the specific site implements this function.

    For instance, if it's a JavaScript file that changes the UI box after a username has been entered, but with onlye one POST/SQL call to the server at the end, Apple could fairly easily fix this up at their end.

    If the website on the other hand checks the database for the entered username, before moving on to allow password entry, Apple can't trivially allow FaceID to enter both fields and log you in, without changing other fundamental security parameters of FaceID in the process - It's not impossible, just requires a lot more reworking, and anything that's security sensitive should be checked carefully, optimally by multiple parties, and remain somewhat stable within the checked parameters.

    In the end I think this concern should be handled at the web end, not the Apple end. Although Apple could be a participant in setting a standardised approach for doing multi-screen logins that would then work with one authentication only.
     
  3. Shirasaki macrumors G3

    Shirasaki

    Joined:
    May 16, 2015
    #3
    For Touch ID device situation is the same. You need to Touch ID twice to finish the entire login process. Microsoft and google have used this two step approach for quite a while now.

    And I agree that this should be addressed from website site and maybe Apple side as well.
     
  4. mariusignorello macrumors 68000

    Joined:
    Jun 9, 2013
    #4
    Funny enough, Apple’s own auth system uses this two step login method but password autofill works as expected in this case. Tap in the Apple ID box, autofill, tap the continue button, your password is already autofilled and tap continue again.
     
  5. iphnhelp thread starter macrumors regular

    Joined:
    Jun 16, 2010
    #5
    Oh, you’re right. I just tried this with iCloud.com and it looks like they’re hiding the password field... but it appears after putting in the user name and doesn’t load a second page. A better implementation.

    So they are aware of it and hopefully iOS 13 can help with this.
     

Share This Page

4 May 18, 2019