Have you ever wanted to quickly pull up some information on your iPhone only to be stopped in your tracks by the dreaded login screen? Yeah, me too.
The iOS “login loop” creates lots of problems for me because instead of being logged in and quickly get what I need from an installed app, I suddenly find myself logged out. Then I have to:
1. Touch the Home button 2. Find 1Password 3. Open 1Password 4. Login to 1Password 5. Search for the needed credentials 6. Remember the email address 7. Copy the password 8. Open the offending app 9. Use a keyboard shortcut for the email address (Settings > General > Keyboard) 10. Paste the password 11. Pray that I got it all right
The constant “find-and-reenter-my-password” dance (a.k.a. the “login loop”) is an black hole of time and patience. Especially when I have to do it multiple times per day for multiple apps. Not to mention the inconvenience for the dozen or so people waiting in line behind me at the bank (or Starbucks), while I try to find my login credentials.
Constantly being logged out of apps (and having to log back in) decreases data security because it breeds laziness. Rather than using a unique password for every website, some people recycle their “usual” password on every website because it’s more convenient than the login loop. (PSA: Please don’t use recycle passwords as it puts your identity and data at risk. Use a unique password on every website.)
The iOS login loop began in iOS 7 when Apple instituted a much-needed feature: automatic app updates (above), but as more people turned it on, developers seemed to increase the frequency of app updates – while logging users out in the process. While automatic updates solved one nagging iOS problem (the need to manually update apps), it created more problems in its wake: specifically, bad updates (a topic for another day) and the login loop.
Sure, you could simply leave App Store updates switched off (Settings > iTunes & App Store > Automatic Downloads), but then you’ll have to manually update your apps and your App Store badge might look like this:
The unannounced iOS 8 feature works by letting native iOS apps access Safari’s AutoFill & Passwords feature, replacing the login loop with a simple touch. For example, if your Evernote username and password are stored in Safari’s AutoFill feature, launching a newly installed (or freshly updated) Evernote iOS app will present the option to “Select a Safari Saved Password” as pictured below for a sample app called “Shiny.”
One hitch is that your credentials will need to be stored in Safari and synced across devices using iCloud. A minor inconvenience, considering you’ll only have to do it one time. Once it’s stored in Safari and synced, it’ll be accessible to all iOS devices and Macs on an iCloud account.
The new feature will first require developers to support it by associating their apps with their websites. The process involves developers adding one file to their website and one new entitlement to their iOS app in order to verify the services are associated. They will then be able to take advantage of a couple easy to use APIs that let them request credentials stored in Safari and present them to the user at log-in. For apps that don’t have associated login data stored in Safari yet, apps using the feature will be able to save and/or update to Safari AutoFill and iCloud Keychain directly from within the app
Instead of being tucked away in Safari (Settings > Safari > Passwords & AutoFill) I’d like to see a native, first-party Keychain app that gives me the ability to view, create and modify my Passwords and AutoFill information. Having the Apple Keychain available via Safari is an elegant first step and may ultimately be one of a new generation of “headless” or “invisible” iOS apps.
While not a perfect solution (like Keychain.app) using Safari passwords is world’s better than doing the login loop on a daily basis – and its much safer for users too. Anything that encourages people to use unique logins for each website they visit is great for data security and can’t come soon enough.