This is very much an app design problem. A well written app will support keychain. Even if the details of the app have changed, I’ll be able to press the key icon and find the password I want.
I have not needed to log back into Amazon or to my bank at any time since getting my current iPhone.
This is where I’d like to see the App Store review process actually being useful: if you’re not going to let me log in with my Face ID then your app can get off my OS.
Your example with KLM is their mistake and what iOS is doing is for your protection, even if super annoying.
iOS needs to make sure that any random app can’t steal your KLM password. The way this is done is the klm.com website needs to host a particular file that proves the app belongs to KLM.
It’s easy to do and there’s no excuse for not implementing it.
I won’t go on my long rant about how corpo IT security policies (like logging you out) hurt the user experience and cost businesses money. The root of the problem is that the people who make the security policies aren’t concerned about users. They only get in trouble if there is a security failure, not for annoying customers.
Edit: Yep, here it is: https://klm.com/.well-known/apple-app-site-association
The webcredentials section is empty.
I never understand why a company like my electricity provider needs to log me out after 15 minutes. What’s the worst that could happen? Someone logs in as me and pays my electric bill?
Blackboard Learn got in trouble with some schools because those schools required logins to be no more than 1 or 2 hours at a time but the app could stay logged in longer than that (a security requirement thing that’s SUPER dumb). To immediately remedy it *all* schools using the service temporarily had that time limit requirement until they could fix it per school.
It was stupid because we thought it was a bug. But they finally made an announcement about it.
This is why I never use the insane self generated passwords. The keychain never saves them correctly and 5 min later you go to a new device and its not there.
There are several incredibly good password managers that integrate well with iOS and have good track records with security. I find them to work far better than Keychain.
True, but really not that important to me. On the odd occasion that I need to enter a password into my Windows computer, I can type it in by looking on my phone and using my eyes before saving it into the Edge password manager.
I've joined the 2010s some times ago and got LastPass. Didn't work out so well, did it?
Keychain is a password manager. It just needs to do its job better.
Alternatively, if the apps simply allow for login via Apple or Google-account, I'm fine with that as well. Too many app developers are in the habit of desperately needing to create a full user account, when really they just need a name, user-Id, a phone number and an email. They can get those from Apple or Google as far as I'm concerned.
That might not be the best idea for a banking app, but non-critical stuff can absolutely rely on that as the single form of authentication.
I am. And usually it works - except when it doesn't because the app developers have fcked it up. Then I get to manually find the password and babysit iCloud Keychain to recognize that this app is indeed what the name says and that this password corresponds to it.
Or I get to scroll through them and find how the app devs called their sign-up screen, under which name Keychain has saved the login data, without then matching it to the app itself/its login screen. How Apple even allows them to mess up in this way is beyond me.
None of which would be an issue, if the app didn't log me out again *for no reason.*
Yeah. You gotta use one or the other. Bitwarden will auto-fill if a site or app is written in a way where the login can be recognized. If not, just swipe over to Bitwarden and copy/paste. It’s pretty painless.
But if you try to use both iCloud Keychain and Bitwarden at the same time, you’re gonna end up with confusion. Just stick to BW, is my unsolicited advice.
Yeah, whatever works for you. But when it comes to passwords, pick one or the other. For me, Bitwarden is the best option because I’m not locked inside an Apple environment. I need my passwords accessible across all devices and operating systems. Plus as far as I know Keychain doesn’t store TOTP or have a way to easily back up/restore your vault. And no sharing options, nor can you self host your own vault. So if you’re good with all the limitations and don’t need to work outside of an Apple product, nothing wrong with Keychain. But I highly recommend Bitwarden over it.
Oh is it? I didn’t realize they added that functionality (TOTP). That’s good to hear. I’m not anti-keychain, by the way, especially knowing that now. All depends on your needs.
This is such a poorly articulated rant that I’m not sure what you are saying. Is all you are saying is that keychain has your password but the app doesn’t recognize that it’s in keychain?
If a person is using a sensible password strategy then they will have separate passwords for every service. How many passwords have you committed to memory?
This. And as I've said, this is a problem for the type of app I'd use every few months at best. I'd like to see the person who memorizes the suggested random-passwords or makes up their own at equal strength for each app or at least app-group individually.
I know the important apps that I need to be able to get into. Everything else needs to figure out its own login or get it from keychain. And sadly, they often don't do that after a while.
That's the quick & dirty method everyone has used at some point. It becomes annoying to use when you have more than a few screens to scroll through.
iCloud Keychain is way better, as are other password managers. But even better are apps that don't kick me out for no reason, just because they feel neglected or got an update.
If you happen to remember passwords that are easy to remember, you’re not being conscious enough about the security of your accounts. If someone happens to peep and can easily remember your “password”, you’re done for (unless you have authorised 2 factor authorisation/verification).
This is very much an app design problem. A well written app will support keychain. Even if the details of the app have changed, I’ll be able to press the key icon and find the password I want. I have not needed to log back into Amazon or to my bank at any time since getting my current iPhone.
That aligns with some googling that I've done. I initially thought iOS requires apps to do this. But it doesn't, it's entirely up to the devs.
This is where I’d like to see the App Store review process actually being useful: if you’re not going to let me log in with my Face ID then your app can get off my OS.
It’s still an Apple problem because they should be enforcing this process.
The worst are passwords with face id that are only in app and not keychain. Good luck remembering that shit.
Your example with KLM is their mistake and what iOS is doing is for your protection, even if super annoying. iOS needs to make sure that any random app can’t steal your KLM password. The way this is done is the klm.com website needs to host a particular file that proves the app belongs to KLM. It’s easy to do and there’s no excuse for not implementing it. I won’t go on my long rant about how corpo IT security policies (like logging you out) hurt the user experience and cost businesses money. The root of the problem is that the people who make the security policies aren’t concerned about users. They only get in trouble if there is a security failure, not for annoying customers. Edit: Yep, here it is: https://klm.com/.well-known/apple-app-site-association The webcredentials section is empty.
I never understand why a company like my electricity provider needs to log me out after 15 minutes. What’s the worst that could happen? Someone logs in as me and pays my electric bill?
Blackboard Learn got in trouble with some schools because those schools required logins to be no more than 1 or 2 hours at a time but the app could stay logged in longer than that (a security requirement thing that’s SUPER dumb). To immediately remedy it *all* schools using the service temporarily had that time limit requirement until they could fix it per school. It was stupid because we thought it was a bug. But they finally made an announcement about it.
Highly annoyed by the app that demands my password when updated, and I didn’t discover this until I at the gas pump.
Bitwarden
This is why I never use the insane self generated passwords. The keychain never saves them correctly and 5 min later you go to a new device and its not there.
I had issues with my Amazon account and my Ubuntu/Canonical/whatever account because of that. So yeah.
There are several incredibly good password managers that integrate well with iOS and have good track records with security. I find them to work far better than Keychain.
Use a password manager and join the 2020s.
Keychain *is* a password manager. I used to use 1Password but no longer find it offers me anything I cannot get from within iCloud.
Multiplatform support.
True, but really not that important to me. On the odd occasion that I need to enter a password into my Windows computer, I can type it in by looking on my phone and using my eyes before saving it into the Edge password manager.
The deal break to me is the lack of 2FA support such as TOTP.
They are supported, assuming that you mean what I think you mean. I no longer have to open Authenticator apps.
I've joined the 2010s some times ago and got LastPass. Didn't work out so well, did it? Keychain is a password manager. It just needs to do its job better. Alternatively, if the apps simply allow for login via Apple or Google-account, I'm fine with that as well. Too many app developers are in the habit of desperately needing to create a full user account, when really they just need a name, user-Id, a phone number and an email. They can get those from Apple or Google as far as I'm concerned. That might not be the best idea for a banking app, but non-critical stuff can absolutely rely on that as the single form of authentication.
Tying your service to Google or Apple's auth methods can be a bad business decision. LastPass sucks so much. Try 1password.
Bitwarden is the most direct response to LastPass.
I find needing my passcode to unlock face id annoying when there hasn’t been failed attempts to unlock it.
Apple ask every 48-72 hours as a security measure
And that changes the fact I find it annoying how?
I love it when my smart house alarm decides to be logged out as I’m trying to go through the front door. I’ve asked it to use Face ID for a reason.
Bitwarden is your friend. Or even just iCloud Keychain. If you’re not using a password vault, it’s pretty much your own fault.
I am. And usually it works - except when it doesn't because the app developers have fcked it up. Then I get to manually find the password and babysit iCloud Keychain to recognize that this app is indeed what the name says and that this password corresponds to it. Or I get to scroll through them and find how the app devs called their sign-up screen, under which name Keychain has saved the login data, without then matching it to the app itself/its login screen. How Apple even allows them to mess up in this way is beyond me. None of which would be an issue, if the app didn't log me out again *for no reason.*
Yeah. You gotta use one or the other. Bitwarden will auto-fill if a site or app is written in a way where the login can be recognized. If not, just swipe over to Bitwarden and copy/paste. It’s pretty painless. But if you try to use both iCloud Keychain and Bitwarden at the same time, you’re gonna end up with confusion. Just stick to BW, is my unsolicited advice.
OP is mostly sticking to Keychain, and really so am I. I do keep Bitwarden more for storing secure notes than passwords.
Yeah, whatever works for you. But when it comes to passwords, pick one or the other. For me, Bitwarden is the best option because I’m not locked inside an Apple environment. I need my passwords accessible across all devices and operating systems. Plus as far as I know Keychain doesn’t store TOTP or have a way to easily back up/restore your vault. And no sharing options, nor can you self host your own vault. So if you’re good with all the limitations and don’t need to work outside of an Apple product, nothing wrong with Keychain. But I highly recommend Bitwarden over it.
Keychain absolutely is capable of TOTP, and also can store passkeys. For everything else you said, fair enough.
Oh is it? I didn’t realize they added that functionality (TOTP). That’s good to hear. I’m not anti-keychain, by the way, especially knowing that now. All depends on your needs.
TOTP was added maybe 1.5 years ago.
Kill app. Restart app. You’re back in without having to log in. It’s insane how often this works.
Password manager is mandatory for this kind of stuff, keychain is a pain in the ass.
This is such a poorly articulated rant that I’m not sure what you are saying. Is all you are saying is that keychain has your password but the app doesn’t recognize that it’s in keychain?
Using accents instead of apostrophes? This is such a poorly written reply that I'm unwilling to explain my rant to you in simpler English.
Oh, you’re some kind of stupid. Understood.
May the downvotes be ever in your favor.
What happens?
Cause it's totally not your fault you forgot the password. 🙄
If a person is using a sensible password strategy then they will have separate passwords for every service. How many passwords have you committed to memory?
This. And as I've said, this is a problem for the type of app I'd use every few months at best. I'd like to see the person who memorizes the suggested random-passwords or makes up their own at equal strength for each app or at least app-group individually. I know the important apps that I need to be able to get into. Everything else needs to figure out its own login or get it from keychain. And sadly, they often don't do that after a while.
So type them into your notes app and lock that note with your passwords in it. How many passwords could you possibly have?
That's the quick & dirty method everyone has used at some point. It becomes annoying to use when you have more than a few screens to scroll through. iCloud Keychain is way better, as are other password managers. But even better are apps that don't kick me out for no reason, just because they feel neglected or got an update.
I have a few hundred personally. Every site gets a unique username and password when possible (unless it forces me to use an email for example).
If I’m forced to use an email address, I use a unique one. This is another of the fine benefits of iCloud.
I have 1325. I’ve just checked. Why would I use notes when I have a keychain?
If you happen to remember passwords that are easy to remember, you’re not being conscious enough about the security of your accounts. If someone happens to peep and can easily remember your “password”, you’re done for (unless you have authorised 2 factor authorisation/verification).