Apple’s entry into the industry of authentication, as launched at WWDC, puts it in direct competition with Facebook and Google’s single sign-on buttons. Billed as a privacy-focused alternative, “Sign in with Apple” provides the ability to create a fresh account that is blank of all identifying data, enabling users to enter just what is needed for the app and minimizing third-party tracking.
Despite being a direct competitor to Apple’s new service, Google is somewhat welcoming of the new log-in option, with Google product management director Mark Risher revealing in an interview with The Verge it is preferable for users to employ some form of single sign on button to get into apps than to rely on the usual usernames and passwords, which can be reused between services.
“I honestly do think this technology will be better for the internet and will make people much, much safer,” advised Risher. “Even if they’re clicking our competitors button when they’re logging into sites, that’s still way better than typing in a bespoke username and password, or more commonly, a recycled username and password.”
The increased use of the sign-in buttons has made the internet and app experience better, saving users from having to set up their own credentials each time, which users still believe is the “best thing” to improve security. “But in actually [it] has no bearing on phishing, no bearing on password breaches, no bearing on password reuse,” Risher insists, with it being more important for users to reduce the total number of passwords they use.
Apple’s decision to focus on data collection and privacy as a reason to use Sign in with Apple over the others is seen as a criticism of Google’s version, but Risher takes the blame for Google having “not really articulated what happens when you press” its button. “A lot of people don’t understand, and some competitors have dragged it in the wrong direction,” he suggests, with the idea of the button press notifying friends of the user signing into an embarrassing site used as an example of the supposed unwarranted threat of the button’s use.
The introduction of a new option from Apple gives a chance to “reinvigorate the space and to make it clear what this means and what happens, that is really beneficial.”
Risher objects to the “bunch of innuendo” that suggests “only one of them is pure, and the rest of them are kind of corrupt.” Google is said to only log the moment of authentication, and that it isn’t using the event for any other purpose such as advertising, only for the user to see where they used it within a page of the Google account’s Security Checkup.
On the subject of having different levels of security for various apps and services instead of putting everything into the federated model of single-sign-on, Risher defends the idea of authentication buttons for apps by suggesting the metaphor is less about putting all of a user’s eggs into one basket, more about banking.
“There are two ways to store your hundred dollars: you could spread it around the house, putting one dollar in each drawer, and some under your mattress and all of that,” Risher proposes. “Or you could put it in a bank, which is one basket, but it’s a basket that is protected by 12-inch thick steel doors. That seems like the better option.”