Apple’s sign-in insecure
 

You get that when you mess around with standards

An outfit behind the OpenID open standard and decentralised authentication protocol, has penned an open letter to Apple saying its "Sign In with Apple" feature is insecure.

The OpenID Foundation said that Apple has built Sign In with Apple on top of the OpenID Connect platform, but the Cupertino company's implementation is not fully compliant with the OpenID standard. As a result, it "exposes users to greater security and privacy risks".

OpenID Foundation Chairman Nat Sakimura said: "The differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks."

The OpenID Foundation published a list of differences between Sign In with Apple and the OpenID Connect platform, which Sakimura urged Apple to address.

The OpenID exec said these differences place an unnecessary burden on developers working with both OpenID Connect and Sign In with Apple, who now have to support two different authentication standards and deal with each one's quirks.

"By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software", Sakimura said.

https://fudzilla.com/news/48997-appl...gn-in-insecure