Hacker News new | ask | show | jobs
by egberts1 1120 days ago
You leave all your password on the iCloud, accessible by AppleID but that AppleID password is so powerful and covers many more sensitive things (AppleWallet, ApplePay, ...)

Whereas, using a separate PIN/passcode at application-level provides a separate (master) password which would be used for all your passwords (in case your AppleID password gets compromised).

I do not use touchID nor FaceID because it violates the Principle of 3 Factors of Authentication: AppleID merges two of three factors:

1. "what you know (memory rote)" with

2. "what you have (biometric)".

https://www.cs.cornell.edu/courses/cs513/2005fa/NNLauthPeopl...
1 comments
zuprau 1118 days ago
> using a separate PIN/passcode at application-level provides a separate (master) password which would be used for all your passwords (in case your AppleID password gets compromised).

That already happens exactly as you mentioned.

You need a secondary encryption password for encrypted iCloud data as well. Having access to your Apple account isn't enough.

https://support.apple.com/en-ph/HT202303#:~:text=Apple%20wil...

link
egberts1 1116 days ago
THIS!

Apple finally provides a modicum variant of Zero Knowledge password.

But that is only available in next iOS version 16.2. [1]

But, but ... BUT the Apple macOS/iOS issue of Three Form of Authentication being still being reduced into Two-Form with their merge (OR-logic) of what you have (FaceID/TouchID) and what you know (PIN/passcode) ... remains.

That reduction of authentication is still the greatest weakest link to individual security (whether ADP is used after v16.2 or not).

https://support.apple.com/en-ph/HT202303#:~:text=Apple%20wil...

link