This Week's Sponsor:


Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.

Sign In with Apple: Goodbye Account Management

I love trying new apps and services. It may be part of my job at MacStories, but even if it weren’t, I would still constantly be on the lookout for interesting, creative products that can benefit either my work or leisure. In recent years it seems like there’s always a fresh stream of apps and services to check out. Often when I try something new, however, I’m immediately confronted with the obstacle of a login screen. At which point there’s a choice to make: do I go through the hassle of creating an account for this service, or – if the option is available – do I simply authenticate via a third party like Google or Facebook? Sadly, neither option is ideal.

Creating a new account for every service you try is a major pain. It’s made easier with the aid of iCloud Keychain and 1Password, but while those tools eliminate lots of friction, they can be a little clunky, and in the end you’re still trusting your data to the (usually unknown) privacy policies of the service you sign up for.

Third-party login buttons solve the convenience problem, mostly. They may require entering your credentials for that third-party service, but at least you don’t have to create and remember new credentials for multiple services. The data privacy issue can be a question mark with these buttons though; when you authenticate through, let’s say Facebook, do you really know exactly what data you’re sharing with the new service? Or how the service will use that data? As consumers continue losing trust in Facebook itself to secure their data, why would they trust a service that taps into their Facebook data?

Sign In with Apple is a modern alternative to the current mess of login methods, offering Apple users a solution that addresses the current options’ shortfalls. It makes account creation and sign-in trivially simple – even more so than buttons from Google or Facebook – while also keeping your data in the hands of a company with a decent privacy track record.

When apps update to adopt Sign In with Apple, I suspect many users’ initial thoughts will be some variation of what immediately popped into my mind after trying it for the first time: “Where has this been all my life?”

Launching across all of Apple’s software platforms this fall, Sign In with Apple will require developer adoption before it’s made available to users. Both app and web developers can embed a convenient sign-in button for Apple users in their apps and on websites. In places where it’s been deployed, the Sign In with Apple button will authenticate with your Apple ID and log you in with virtually no effort. No giving up your email, creating a password, or submitting any other sensitive data; Sign In with Apple will simply authenticate your identity with Face ID or Touch ID, and there’s nothing more you need to do.

It’s one thing to read about Sign In with Apple, and another thing to try it. The whole process is stupidly simple. While authentication buttons from Google and Facebook often require entering your login information for those services, because Sign In with Apple is integrated with the software already running on your Apple device, a mere biometric scan of either your face or fingerprint is all that’s needed. And in situations where you’re using a Windows or Android device, or if you have an Apple product that doesn’t support Touch ID or Face ID, Sign In with Apple falls back to the less convenient, but still reasonable method of requiring your Apple ID credentials for authentication.

This summer I’ve been able to try beta versions of apps that have implemented Sign In with Apple, including the delivery tracking app Parcel, and the as-yet-unreleased Homely for managing roommate chores and bills. In both apps, the process consisted of two simple taps: first hitting the Sign In with Apple button, then hitting Continue when a prompt asked confirmation that I wanted to create an account for the app using my Apple ID. After this last step, Face ID did its thing, and I was done. Whether you’re creating an account for the first time, or simply signing back in at a later date, in each case the process is identical.

Creating a new account in Homely required two taps and a Face ID scan.

Creating a new account in Homely required two taps and a Face ID scan.

Third-party authentication buttons from Facebook and Google have always been extremely convenient, which is why they’ve grown so widespread. No one wants to create new accounts with new passwords for every service they try. Privacy issues aside, it’s quite simply a hassle. But in my experience the convenience of Sign In with Apple not only matches, but even trumps that of Google and Facebook’s buttons – it’s hard to beat Face ID integration. And if you’re a heavy 1Password user who typically creates new accounts by activating the 1Password action extension, the convenience of Face ID may be nothing new, but Sign In with Apple still requires fewer steps to create your account, fewer steps every time you log in to that account, and it means you get to keep your email address confidential.

Although Sign In with Apple is mainly beneficial for new users who don’t yet have an account for a given app or service, with the system Apple has built, developers have the option of letting existing users convert their accounts to Sign In with Apple for its convenience and security benefits. Parcel has implemented this feature, making it almost as effortless as all other Sign In with Apple interactions. When you already have a Parcel account, from the app’s Settings screen you can tap Update Account Details, and you’ll see an option: ‘Start Using “Sign in with Apple.”’ After tapping this, you’ll be asked to enter your account login credentials for extra verification, just like you might when changing a password on an account, then the standard Sign In with Apple prompt will appear, and after a Face ID or Touch ID scan your account will be fully converted. Your former login credentials will no longer be valid, because the account has immediately been replaced by a Sign In with Apple account.

Existing accounts can be converted to Sign In with Apple accounts in apps that support that feature.

Existing accounts can be converted to Sign In with Apple accounts in apps that support that feature.

Another implementation option developers have is that they can ask for a user’s email address as part of the Sign In with Apple setup process, though the apps I’ve tested so far haven’t used that feature. One interesting tidbit regarding email though: Apple makes it possible for you to grant developers contact permission without actually sharing your real email address with them. As seen below, Sign In with Apple can create a tokenized email address that developers are given which then forwards messages directly to your actual address. This way, your email can be reached for legitimate reasons, but it can’t be sold to a third party or leaked in a data breach. Users will also retain the full power to cut off email access for specific apps or services because a different tokenized email is created for each one. Of course, if you’d rather not grant email permission of any kind in the first place, that option is in your hands too.

Email sharing options for Sign In with Apple.

Email sharing options for Sign In with Apple.

In a day where major data leaks are regularly in the news, developers have all the more reason to adopt a system like Sign In with Apple to reduce their own work and liability, and to reduce frustration and privacy concerns for users. That said, Sign In with Apple is entirely optional for apps shipping with iOS 13, aside from one key exception: if an app includes third-party login options such as those offered by Google and Facebook, then it also must include Sign In with Apple as an option. For apps that simply employ their own account system, with no other third-party options, they can continue doing that as before.

Sign In with Apple serves as a type of culmination of Apple’s efforts in recent years to make iCloud Keychain more powerful than ever. Thanks to improvements in previous OS versions, Keychain now enables easily saving account credentials, creating strong passwords effortlessly, and using auto-fill to easily log in to various services. These are all valuable features which I personally rely on every day – but Sign In with Apple has the potential to make these currently-essential features largely irrelevant in due time. If adoption of Sign In with Apple becomes widespread, then many of the use cases where Keychain is a lifesaver will be obviated entirely by Sign In with Apple. The standard login via email and password likely won’t go away entirely for a very long time, but it could fast become far less necessary than before.

Living in the Internet age requires some degree of privacy sacrifice. If you’re going to benefit from a given app or service, or even use a smartphone, laptop, or other type of computer in the first place, there’s a privacy risk that’s unavoidable. Because of this, Sign In with Apple can’t eliminate all risk. It can, however, offer a solution that mitigates risk far more than alternative options. Yes it’s the most convenient sign in option I’ve tried, but that convenience crucially doesn’t come at the cost of security; rather, convenience and security are both core elements of Apple’s approach.

There’s no perfectly secure solution, but when considering a feature like Sign In with Apple, we need only answer this one simple question: given the choice between Apple, Google, Facebook, and the host of random web services and apps out there, who do we trust most with our data?

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.