[zuprau]

> relatively new security feature

Maybe I'm misunderstanding the feature, but I've been auto-filling login forms since I was using IE7 with RoboForm. Other than using Touch ID to trigger the auto-fill instead of 1 click, I don't see any improvements in iOS/macOS Safari.

[egberts1]

You leave all your password on the iCloud, accessible by AppleID but that AppleID password is so powerful and covers many more sensitive things (AppleWallet, ApplePay, ...)

Whereas, using a separate PIN/passcode at application-level provides a separate (master) password which would be used for all your passwords (in case your AppleID password gets compromised).

I do not use touchID nor FaceID because it violates the Principle of 3 Factors of Authentication: AppleID merges two of three factors:

1. "what you know (memory rote)" with

2. "what you have (biometric)".

https://www.cs.cornell.edu/courses/cs513/2005fa/NNLauthPeopl...

[zuprau]

> using a separate PIN/passcode at application-level provides a separate (master) password which would be used for all your passwords (in case your AppleID password gets compromised).

That already happens exactly as you mentioned.

You need a secondary encryption password for encrypted iCloud data as well. Having access to your Apple account isn't enough.

https://support.apple.com/en-ph/HT202303#:~:text=Apple%20wil...

[egberts1]

THIS!

Apple finally provides a modicum variant of Zero Knowledge password.

But that is only available in next iOS version 16.2. [1]

But, but ... BUT the Apple macOS/iOS issue of Three Form of Authentication being still being reduced into Two-Form with their merge (OR-logic) of what you have (FaceID/TouchID) and what you know (PIN/passcode) ... remains.

That reduction of authentication is still the greatest weakest link to individual security (whether ADP is used after v16.2 or not).

https://support.apple.com/en-ph/HT202303#:~:text=Apple%20wil...