From a book chapter on managing Explorer passwords (credentials):
—
Every Explorer digital identity involves, at the least, a “name” for the Explorer and a password. Almost all involve an email address for communication, password resets and (alas) marketing. Most now require a mobile number.
Sometimes these things are called “credentials” but for simplicity I’ll refer to managing passwords. Just remember that there are “names” and other things that often go along with passwords.
These are the practices that I’ve followed for Explorer passwords used by iPhone Apps:
1. Every important digital identity needs a unique good-enough password. Reusing passwords is risky[1]. It should be something you can tap in by hand[2].
2. Use as few services as possible. Does your Explorer truly need yet another service and unique password? If an account is needed and the vendor offers “Sign in with Apple[3]” use that instead of creating a new password to store.
3. Explorers don’t need to know most passwords. You can’t be tricked into revealing a secret you don’t know, and iPhone apps will store the passwords most Explorer’s need.
4. Guides need a good way to manage passwords and other things associated with secure accounts.
That covers apps, but what about passwords for web sites? The good news is that these can mostly be avoided. Almost all web services worth having a password for also have an iOS app. If an Explorer does need web site credentials I recommend letting the iPhone take care of it. If iCloud Keychain is enabled (the default), then iOS includes an almost invisible password manager[4]. It records usernames and passwords entered for web sites and it will recall them as needed. If a new web site password is needed iOS will generate one and save it in the iOS password manager. You can read more about the iPhone’s built-in password manager in the security chapter of the iOS User Guide.
I think most Explorers will need less than a dozen important credentials stored for the services they personally use. In the next chapter I’ll talk about how a Guide can manage these.
- fn –
[1] For example, if you lose control of your iCloud password, and you reused that password with your bank, then you may lose your savings.
[2] I use StrongPassword.app on my Mac in “word” mode. You can also pick “randomly” from a dictionary and throw in some symbols and numbers. The strongest passwords are long random strings that are nearly impossible to type or tap.
[3] I don’t recommend using “Sign in with Facebook”, they are not a good partner for privacy or security. Sign in with Google is acceptable but of course it does require creating a Google account.
[4] The easiest way to see the interface is to say: “Hey Siri, show me my passwords”.