Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iphnhelp

macrumors 6502
Original poster
Jun 16, 2010
258
42
There is this trend with websites now, and I don’t know if it’s a security feature or they’re just being too clever with the design- but their log in screen presents the name field alone.

Then you have to click Next to get to the password field on a different screen. The result is you need to authenticate with Face ID twice. Once to auto fill the name, and once again to auto fill the password.

I wonder if there is some smarts Apple could add in iOS 13 that gets you logged in with only 1 authentication.

Have you guys experienced this?
 

casperes1996

macrumors 604
Jan 26, 2014
7,488
5,650
Horsens, Denmark
I think it's a design concern for most sites, but can definitely be a security element in some circumstances too.

It would be possible for Apple to make one authentication enough; There are a few ways of implementing it specifically, but they'd all have some security concerns. There are likely non-trivial implementations that could avoid the security concern, and in the end it very much depends on the way the specific site implements this function.

For instance, if it's a JavaScript file that changes the UI box after a username has been entered, but with onlye one POST/SQL call to the server at the end, Apple could fairly easily fix this up at their end.

If the website on the other hand checks the database for the entered username, before moving on to allow password entry, Apple can't trivially allow FaceID to enter both fields and log you in, without changing other fundamental security parameters of FaceID in the process - It's not impossible, just requires a lot more reworking, and anything that's security sensitive should be checked carefully, optimally by multiple parties, and remain somewhat stable within the checked parameters.

In the end I think this concern should be handled at the web end, not the Apple end. Although Apple could be a participant in setting a standardised approach for doing multi-screen logins that would then work with one authentication only.
 

Shirasaki

macrumors P6
May 16, 2015
15,707
11,004
For Touch ID device situation is the same. You need to Touch ID twice to finish the entire login process. Microsoft and google have used this two step approach for quite a while now.

And I agree that this should be addressed from website site and maybe Apple side as well.
 

mariusignorello

Suspended
Jun 9, 2013
2,092
3,168
There is this trend with websites now, and I don’t know if it’s a security feature or they’re just being too clever with the design- but their log in screen presents the name field alone.

Then you have to click Next to get to the password field on a different screen. The result is you need to authenticate with Face ID twice. Once to auto fill the name, and once again to auto fill the password.

I wonder if there is some smarts Apple could add in iOS 13 that gets you logged in with only 1 authentication.

Have you guys experienced this?
Funny enough, Apple’s own auth system uses this two step login method but password autofill works as expected in this case. Tap in the Apple ID box, autofill, tap the continue button, your password is already autofilled and tap continue again.
 

iphnhelp

macrumors 6502
Original poster
Jun 16, 2010
258
42
Oh, you’re right. I just tried this with iCloud.com and it looks like they’re hiding the password field... but it appears after putting in the user name and doesn’t load a second page. A better implementation.

So they are aware of it and hopefully iOS 13 can help with this.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.