[EnragedParrot]

Apple makes this experience as seamless as I think it possibly can be. (As long as you use Safari...). All my passwords synced across all devices all the time, instantly available with faceID or or my fingerprint. Apply pay makes checking out of most online retailers as fast as using my fingerprint or double-clicking the side button on my phone. Passkeys generally starting to replace passwords on many major sites, making the process even faster.

[wharvle]

That whole process in the top level comment is much faster, in practice, on my phone. Everything auto-fills (unless a site manages to fuck up their forms). I don’t typically have to type or manually copy anything, including 2fa tokens. Wait for the notification to ping, “fill from message” option, done.

I can often go through an entire sign-up, entering shipping, and payment, at a new site, without typing a single thing.

[szundi]

This is slower than Apple Pay on the iPhone, I can assure you.

[wharvle]

Well, yes (I also use Apple Pay when it’s available—best overall experience by a long shot) but it’s still quite fast and often involves no typing or copy-pasting.

[hcurtiss]

How are you populating non-SMS 2FA codes automatically?

[InitialBP]

1Password can do this for you, and I assume many other password managers as well.

https://support.1password.com/one-time-passwords/

[sgarman]

I use 1password but opt out of this feature. Just as described in the article masterpassword creates a single source of failure so I don't personally want to put more eggs in that basket.

[jorvi]

I keep my unimportant 2FA in 1Password and the really important one’s (e-mail, domains, etc) in a separate 2FA app.

If someone has pwned my 1Password I don’t really care if they log on to my Discord or order a limited amount of crap on Amazon because I am in much deeper shit at that point.

[Encrypt-Keeper]

It depends on the set of credentials. Your primary email address, your access to 1Password, things of that nature can and should be stored in a 2FA app on another device. But the majority of 2FA codes for most websites are fine to be stored in your password manager. This way you can enable 2FA on every site you use, without the inconvenience, but you can reserve the extra security of a second device for services that would be critical failure points for you.

[DHPersonal]

Apple hardware can auto-fill 2FA codes if the codes are set up in the Passwords tool on iOS/iPadOS/macOS, which are synchronized through iCloud.

[sage92]

If you use BitWarden paid version ($10/yr) then after an autofill of username/password, the totp is automatically added to the clipboard.

[Aerbil313]

iOS’s built in password manager iCloud Keychain does this automatically (at least on Safari).

[alwayslikethis]

KeepassXC can act as a TOTP client and can fill it just like it can do passwords.

[wharvle]

That, I don’t, but I only have those on work accounts anyway. None of my work stuff is set up to be as nice as my personal stuff, but that’s mostly outside my control.

Oh, wait: Steam has them I guess. Every so often (once every few months?) I have to type in one of their codes.

I did just check and I guess I could be doing this with non-sms codes if I added them to my password manager. If I had more than just Steam that used them, I’d do that.

[dgellow]

How does that work if you want to get an android phone or Samsung tablet or windows laptop at some point?

[efitz]

I love the Apple ecosystem, however I always have a low level of dread that someday I will somehow offend them and be permanently blacklisted. This is the main reason I've drawn the line at using their password manager or email - I use separate email and separate password manager so that in a worst case situation I don't get locked out of everything.

[swozey]

Don't worry, Google actually did lock me out of everything a few years ago and when you have the pleasure of using their wonderful services you're literally given no information and have to google (hehe) around for a form to send in a picture of your drivers license to which you will never receive a reply, your google account will remain "fraud blocked" and in 4 days you will have switched your entire life over to Apple/IOS to never deal with no customer service google again.

Then 1 yr later a hn thread will remind you to try to log into your google SSO and.. bam it works. And you still have no idea why ALL of your g servces (domains, email, gphone, etc) were disconnected a year ago.

[midasz]

This is why I don't mind paying the 5 euros a month for a Fastmail account. I don't send many emails but it's pretty much the key to the kingdom.

[swozey]

Yup, that's where I'm at now for email.

[Aerbil313]

I used to think the same - custom email domain, passwords managed by myself, but:

1) I’ve never ever heard Apple lock someone out of their Apple ID. Maybe they are obligated to do it for law enforcement in US but even none of that. Meanwhile I’ve heard a ton of stories of Google locking people out of their accounts.

2) The convenience of using Safari, with 2FA and passkeys set via iCloud Keychain is too good to ignore. Literally 1 click (passkeys) or 2 clicks at most, authenticated with Face ID.

So I’m using this setup rn. You can set custom domains with your iCloud email too.

[MDWolinski]

Not to be argumentative, just wondering, has there been a case related to iCloud access that Apple has ever blacklisted someone? Certainly, I've heard of Meta and other companies doing not, but don't recall Apple outside of security confirmation issues people are having.

[al_borland]

If you have 2FA and lose all your 2FA methods, and didn’t preplan by making a recovery key and storing it in a safe place you can find again… you can be screwed. It’s not a blacklist, but the net result is the same.

I’m terrified of losing access to all my stuff because of forced 2FA I never signed up for. I get that it’s more secure, but it can be secure to the point of having unrecoverable data. All it would take is someone carelessly deciding to get a new phone number. I have a friend who recently talked about wanting to get a new number with his new phone. I asked about 2FA and he seemed to have no knowledge of it and said he didn’t have anything like that. He kept his number, but if he didn’t, I could see him easily getting locked out of his Apple account (which he has), and his bank.

[Aerbil313]

Setting up a recovery key for an Apple ID is optional. You can still recover your Apple ID. Apple will ask for information that can identify you, like previous iPhone passwords etc. If you have hit your head to a wall and can’t remember literally anything afair you are asked to wait some <1 week amount of time before being able to access, to prevent account fraud. The process is so complex and evolving I’m probably wrong on many things, but the idea is: Apple ID isn’t a footgun for the user.

If you have recovery keys enabled, it’s a different story. Enabling screen clearly states that you can get locked out of your account without your recovery key. You can set up recovery accounts too, like those of your family members.

[efitz]

Apple blacklisted Parler in January 2020. Of course, they were an app store app, not a user, but they established the precedent that they ban for political views they don't like.

[gryn]

you don't, that's the whole apple strategy lock-in your average younger, non technical person so much that they find it 'an ick' to have to interact with an android user.

[rootusrootus]

If you go all-in on an ecosystem there's going to be pain if you decide to jump to another ecosystem. You can avoid some of that by using 1Password (I'm sure there are others as well). It integrates just fine with iOS.

[appplication]

I used to feel this way and used LastPass, which did not end well.

[EnragedParrot]

It doesn't, but I've used Apple stuff for going on 25 years now and it is doubtful I will care to move to something different any time soon, so it works for me.

Always the tradeoff with Apple is choice and flexibility versus a seamless and pleasant user experience.

[nobrains]

Anyone else feels that the double clicking of the side button doesn't feel ergonomic? It doesn't feel right to me when doing it. I end up holding it like a gun, and then double clicking it, as in the default pose of holding a phone, my thumb is unable to double click.

[jetpks]

agreed, but i almost feel like it's supposed to feel a little weird to avoid accidentally buying things. either way, if you want to make it easier, there's an option under settings > accessibility > side button. You can adjust the speed required to register a double or triple click.

[illiac786]

It's a habit to take I guess. Moving the mouse around feels very weird for people who have never used it before (yes, those exist).

[DavideNL]

Agree, it's somehow unwieldy... not sure what it is exactly.

[bradley13]

I have a similar experience without Apple.

But.

Those synced passwords are a huge, juicy target. Someday, someone is going to get them. This process is a vulnerable mess.