Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Apple Unveils Privacy-Focused Authentication System

Sign in with Apple

Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC) a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google.

Sign in with Apple

Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC) a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google.

The new Sign in with Apple system is advertised as fast, secure and privacy friendly. It allows users to sign in to a third-party application with their Apple ID, while making it more difficult for apps to track them.

Developers can add the Sign in with Apple button to their applications and users only need to tap it in order to authenticate via FaceID with a new account. The apps can request the user’s name and email address, but the new sign-in system allows them to hide the real email address and instead provide a randomly-generated address from where emails are forwarded to the user.

According to Apple, the new authentication mechanism works on iOS, macOS, tvOS and watchOS, and it can also be added to websites and apps running on other platforms.

Sign in with Apple is expected to become available for beta testing this summer. Once it becomes generally available later this year, developers will be required to add it to apps that support third-party logins.

“After witnessing Netflix customers and Amazon partners having their account hacked, this new feature from Apple is a much needed step in the right direction toward safer web commerce,” commented Shlomi Gian, CEO at CybeReady, a provider of autonomous cyber security awareness. “One area that would still remain vulnerable has to do with consumer behavior toward phishing as there are still too many instances where consumers literally give away their credentials to hackers unintentionally. Increased awareness might be the only way to reduce risk in the foreseeable future.”

However, some security experts are skeptical of Apple’s privacy-related claims.

“This feels like the exact same thing we already have, but with a promise from Apple that they will be nice,” Chris Morales, head of security analytics at threat detection and response firm Vectra, told SecurityWeek. “Google once had the slogan ‘don’t be evil’. It is all big companies trying to be the central point of authentication. I’m sure it works great, however, I think the privacy angle is more geared towards marketing than anything else.”

Advertisement. Scroll to continue reading.

Apple also announced on Monday that its upcoming iOS 13, which should be launched this fall, will also include some privacy-focused enhancements, such as making it easier for users to prevent apps from tracking their location.

Related: Hackers Can Bypass macOS Security Features With Synthetic Clicks

Related: Google Criticizes Apple Over Safari Security, Flaw Disclosures

Related: Apple Patches FaceTime Spying Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

SpecterOps has appointed Tim Bender as CFO, Pat Sheridan as CRO, and Bryce Hein as CMO.

CISA has officially announced the appointment of Madhu Gottumukkala as its new deputy director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.