Hands-On Apple 229 transcript
Please be advised that this transcript is AI-generated and may not be word-for-word. Time codes refer to the approximate times in the ad-free version of the show.
Mikah Sargent [00:00:00]:
You've probably seen this Sign in with Apple button hundreds of times by now. Every other app you sign up for these days offers it right next to Google and Facebook. It's fast, it's clean, it works with face ID and touch id. And there's honestly a good case to be made that it's the single most privacy friendly authentication option when it comes to using these third party logins. But there's also a question hiding underneath the convenience that almost nobody asks until it's too late. What happens to the dozens of accounts you've created with Sign In With Apple if, if your Apple account ever becomes unavailable? Well, today we're walking through the whole picture. What Sign In With Apple does. Well, the stuff most people don't realize they can configure.
Mikah Sargent [00:00:40]:
And the one big trade off that comes with putting all your eggs in one Appley basket. Stay tuned for this episode of Hands on Apple podcasts you love from people you trust. This is tw. Welcome to Hands on Apple. I am Micah Sargent and today we are taking a look at Sign In With Apple. Sign In With Apple is Apple's sort of federated login system. So instead of creating a username and password for every app and website, you simply use your Apple account to sign in. Apple kind of acts as a middleman that vouches for your identity to the third party app.
Mikah Sargent [00:01:27]:
So let's say the third party app, it's your, I don't know, your, your diving score tracker or you're a swimmer and you dive. You're a diver and it has an account. You go to this service, you sign up for this service with by tapping on a button and the service says, okay. You say, you're John, John Cleon, and I'm not sure. And you say, well, I'm pretty sure and Apple knows I am. So ask Apple. And then they go, okay, cool, we'll ask Apple. Apple says, yeah, that's John Kleon.
Mikah Sargent [00:02:02]:
And then the process goes from there. The next time you log in, it says, are you John Kleon? You say, ask Apple. Apple says, well, yeah, John Kleon's logged in here. Everything's fine, you're good to go. We'll talk more about it as we get through it. But it launched in 2019 alongside iOS 13, and it was actually a response to those Sign in with options that were available at the time. Sign in with Google, Sign in with Facebook, very dominant options for years. And those sign in options were known for collecting your information and using that as advertising data.
Mikah Sargent [00:02:39]:
So These services, when you logged in, at the very least gave those companies the ability to know what other services you were using. But oftentimes it would go further than that. You could track activity, you could do more. And so Apple wanted to have another sign in with option that was a little bit more privacy focus. The feature works on iOS, iPadOS, Mac OS, WatchOS, TVOs, Vision OS and in any web browser, so that even if you sign up for a service on your iPhone, you can still later log in on the same account from a Windows PC or Android phone through the web. And Apple's pitch was this. There's no new password to remember. You can use the convenient and arguably more secure face ID or touch ID to do authentication.
Mikah Sargent [00:03:22]:
Plus two factor authentication was built in by default. And very clearly, Apple says it does not track you across the apps you sign into and says it will not profile you or share your data with the apps beyond what's needed to authenticate. The app gets a nod or a, a nod or a shake. Based on your login, you can hide your real email address using the Hide my email feature, which gives apps a unique random forwarding address instead of your actual inbox. And we'll talk about that more because that's arguably one of the most privacy preserving features which we'll dig into shortly. So how does it actually work? Well, let's take a look at IPADOs where we are going to go through the process. So let's say I download the very good notability app and I want to create an account. I'm going to go up to the gears and choose to sign in to notability and you'll see there are three options.
Mikah Sargent [00:04:24]:
Continue with Google, Continue with Apple, Continue with Microsoft and sign in with email. Now if I already had an Apple account I would tap Continue with Apple. But I don't already have an account here. I have an Apple account but not for this login. I have not used sign in with Apple for this login. However, I'm going to go ahead and hit Continue with Apple and see what happens. Well, when it does that notability will actually check and see if there's already an Apple account. Well, notability Apple will check and see if there's already an Apple account tied to notability and because there is not, then it gives you the option.
Mikah Sargent [00:04:59]:
Now I can change the name that I use for this account by tapping on name and then I can also choose between Share my email and hide my email. If I choose share my email, it will give them my email address micatwitcloud.com if I choose Hide my email, it will randomly generate an email that is unique to this app and this account. And that email address will actually forward when they send mail to it to to my micatoytedicloud.com account. So I'm going to tap and hold on Touch ID to continue. And as simple as that, I now have a notability account with this private relay Apple ID email notability can send emails to this and those get forwarded. This is important because it means that this specific account does not have more than just this email address. But I want to show you the process of actually signing in now that we've created created this an account, I'll sign out and then we'll sign back in. I tap sign in, I choose continue with Apple.
Mikah Sargent [00:06:08]:
It pops up, hey, I know about your Apple account and I tap to sign in with Touch id and as easy as that, I'm logged back in. From that point on, Sign in with Apple is going to make it easy to do. The next time you visit the app or the site, you tap that. There's no password needed, you just authenticate. And if you're on someone else's device or on a non Apple device, don't worry, you can sign in via the web. You enter your Apple account, email and password and then you will need to have a trusted device on which to approve the sign in. Now let's talk about that one aspect, right, of sign in with Apple that I think is the best part. Honestly, it's a little bit underrated because Hide My Email is a pretty amazing thing.
Mikah Sargent [00:06:58]:
When you choose Hide My Email during signup, Apple will generate this unique random email address and shares that only with the app. Any email the app sends to that random address forwarded to your real account and the app will never see your real email. Why does that matter? Well, because your email addresses are tracked across services. And so if you've got the same email address everywhere, then advertisers and data brokers are creating a profile about you across the dozens of services that you've signed up for. Hide my Email and is going to make that not possible. Also if a company gets breached and your data leaks, boom, they've got your random email, but not your real one. And if the service starts spamming you or decides to sell your email address, then you're going to know. Because if you're getting email from anything other than notability, in this case you'll know that something is up.
Mikah Sargent [00:07:48]:
So how do you manage your Hide My Email addresses. Well, you'll launch the Settings app. You'll tap on your name in the top left corner for your Apple account, you'll tap on icloud and then you'll scroll down to Hide My email. From here we'll see the different email addresses that we've created over time that are used with Hide My Email or rather with Sign in with Apple. So there's notability. I can tap on that and I can see that the Hide My Email address is thus and I can set it to keep forwarding or not forwarding to my Micah Twit at icloud account. From there I can choose to manage my settings. For my Sign in with Apple options, I could scroll down and choose notability.
Mikah Sargent [00:08:40]:
And here once it loads I will see the Apple accounts that it is tied to the Hide My Email that it's created and if I want to, I can go ahead and remove it there in order to access this Sign in with Apple screen. You can do so also from the main page of your Apple account instead of going to icloud, you'll just scroll down and there's Sign in with Apple. You tap on that and it shows you the apps and websites that are signed up with your Sign in with Apple. Now from this page you are able to see every app you've ever used Sign in with Apple to create an account on. And so you know, you may be surprised when you get here how many you have. You can tap into them, see where the account was created, which email is used, and you can stop using Sign in with Apple for a specific app. When you do that, it signs you out and severs the link between that app and your Apple account. The next time you visit, you'll have to create a new account or you'll have to sign back in fresh.
Mikah Sargent [00:09:39]:
But here's something that's important to understand. Stopping Sign in with Apple for an app doesn't necessarily delete your account on that service. The account exists on the third party developer servers. All you did was remove Apple as the way to access it. So if you actually want to delete your account on a service, you need to do that through the service itself. Some apps make this easy because actually Apple's App Store guidelines require account deletion to be available in app, but others bury it. So here's my recommendation to you. Please go to the app first and delete the account there before you make any adjustments from that Sign in with Apple screen.
Mikah Sargent [00:10:25]:
That way you are following the steps of the part you wouldn't have control over because you've removed your Sign in with Apple. Stuff your credentials by deleting it with Apple. Go to the third party first, get rid of the account there, then get rid of it from Sign in with Apple. I also think it's a good housekeeping habit to every six months or so kind of scroll through your Sign in with Apple list. You may find apps that you haven't used in a really long time but still have access via Sign in with Apple. Might as well get rid of them. So yeah, that's the process of using Sign in with Apple. And I should mention too, in the episode I did on the passwords app, we talked about sharing your credentials.
Mikah Sargent [00:11:12]:
You can actually share your Sign in with Apple logins with other people. So you can use that shared feature, the shared syncing and passwords to actually make sure that other people can use that to log into the services that have it. So we've talked about Sign in with Apple, we've talked about managing Sign in with Apple, we've talked about what you can do with Sign in with Apple, we've talked about the benefits of Sign in with Apple. Let's talk about about the one concern that might come up or the biggest concern that might come up. And it's something that I have heard, you know, people talk about when it comes and comes to these Sign in with features. You are giving Apple some level of control in the sense that if the company were to go away or something were to happen and Apple's not there to give the thumbs up, then you may not be able to have access to these services. So you are putting your eggs in one basket. This basket is a big old basket with lots of reinforcement and may be okay for a long time, may outlast you perhaps.
Mikah Sargent [00:12:24]:
But just be aware that that's the case and it is a reason why the convenience may not be worth it for you over the risk of Apple going away and you not being able to log in. Every Sign in with Apple account is fundamentally a trust relationship between you, the third party app and Apple. The app trusts Apple to vouch for who you are and without Apple in that loop, well, the connection breaks. So this is true of any federated login system. Sign in with Google, same dynamic Facebook login. Yeah, but Sign in with Apple, it's much more private and so people do use it and it is easy and it is prompted and so a lot of people will use it for dozens of accounts. And it's not just if Apple goes away. Right.
Mikah Sargent [00:13:12]:
It's also if you get locked out of your Apple account temporarily, or if your Apple account gets disabled or compromised, those could be reasons. It could also be that it becomes unavailable in your region. Let's say you get locked out of your Apple account. Most common scenario, Apple's account recovery process can take days or even weeks if you don't have a trusted device or recovery contact set up. During that time, every app you sign into with Apple is inaccessible. The Apple support pages on account recovery say, and I quote, it might take several days or longer before you can use your account again. And quote, contacting Apple support can't help you shorten this time. So for most people it is a temporary inconvenience.
Mikah Sargent [00:13:50]:
But if one of those locked accounts is something time sensitive, you may want to make sure that you're using another login besides that Apple account login. What about if your Apple account gets fully disabled or is compromised by security concerns? Well, same thing applies here. Some of those services do have account recovery flows that don't require having Apple involved. You know you can prove ownership. But if you use Sign in with Apple, a lot of times these services, they don't have any other information on you because there's no password that you can confirm to them. There's no email that is you know, your true email that like has your name in it. It's only this random email. And if you can't even see the random email because you don't have access to your Apple account, then it can be difficult for you to prove ownership.
Mikah Sargent [00:14:48]:
So all of these are reasons why it could be a bit of a risk to use Sign in with Apple. How do you balance things? Well, set up account recovery contacts for your Apple account. We'll do an episode on that. In fact, we may have done an episode on that. If we haven't, we'll do an episode on that. You can set up a legacy contact too which handles worst case scenario, you know, if your data is needs a place to go after your death. And then I think the most important thing that you can do is be thoughtful about which accounts you use. Sign in with Apple for those critical accounts.
Mikah Sargent [00:15:24]:
Let's do traditional password managed in your password manager, your own two factor authentication setup. That's the way to protect yourself from having your data lost because you've lost access to your account. So sign in with Apple. Honestly, one of the better authentication tools that we've had on platforms, it's fast, private, secure by default, increasingly broadly supported. Hide my email alone I think is worth the cost of admission. And the management tools are pretty straightforward once you know where to find them, minus that little caveat about needing to delete the account with the service first and then delete it from Apple. But like any system that puts a single company in the middle of dozens of your accounts, it's honestly worth being intentional about how you use it. For the casual stuff, lean in because the convenience and the privacy benefits are real.
Mikah Sargent [00:16:15]:
But for your most critical accounts, please consider whether you want a single point of failure between you and access to those services. Set up your recovery contacts, take a few minutes to scroll through your Sign in with Apple list and clean it up. And in that way you'll get the best of both worlds convenience without quite as much fragility. Thanks so much for tuning in to this episode of Hands on Apple. I have been and will continue to be Micah Sargent. Always a pleasure to bring you this show every week. I look forward to the next one. Bye bye.
