Sign In with Apple

[ChristopherA]

I really like the user experience and slight extra security that having Sign In With Apple that QR Vault has (new test flight today with v2 lifehash).

I think it is fairly trivial to add if you are only using it as 2FA. What does it cost in time to add it where current unlock happens?

[wolfmcnally]

I'm not sure why this is desirable or necessary. The main purpose of Sign in With Apple is to authenticate you for the app's cloud services, of which there are currently none.

[ChristopherA]

Log In with Apple isn't just for iCloud access/sync — it is available to developers.

Even if you don't use it to get an identifier, it does verify that your device is currently active at Apple, and thus is a form of 2FA, but better than SMS. As I said above "slight extra security" as it mostly addressed the problem of already being logged into your phone when it is compromised as it is more than a biometric. It mostly helps in the race to take back control of your phone in case of compromise.

What I like more is that it is a very positive UX model for consent. It isn't just a biometric, but also a click the side button. Try it with the QR vault — it is nice.

[wolfmcnally]

This seems like extra effort for what definitely amounts to security theater. Personally, I prefer FaceID or TouchID. If we add this, then I think we should leave it up to the user what level of 2FA they want: None, Local (passcode, TouchID, FaceID) or Log In With Apple. This can be the first item we add to a new Settings section.

[ChristopherA]

I still think the security theatre is good default for launch if we can as it makes it clear the consent to decrypt or sign.

I’m fine with it being in preferences as long as user can choose on first launch which they prefer. Not an MVP (yet).

Note that none and local with an app PIN or FIDO have to be set up differently at start, or migrated if preference changed, which makes this coding choice less easy.