Monday, August 22, 2022

Too Secure

Manton Reece:

I continue to think that my devices are now too secure. Face ID shouldn’t freak out multiple times a day, requiring a pin. Safari shouldn’t scrap cookies every week, requiring needless extra web sign-ins. Any security beyond unlocking my Mac is usually unnecessary friction.

I think there’s something to this. There is often a tradeoff between security and convenience, so it’s important to find the right balance and to limit the annoying stuff to where it actually helps a lot.

Face ID requires my passcode multiple times per day, which tempts me to choose one that’s less secure. Safari is more annoying than other browsers because the “Remember me” checkbox on so many sites doesn’t work. Apple’s sites seemingly always require logging in. My old iMessages are nearly impossible to access, and cannot be directly downloaded, ostensibly because they are end-to-end encrypted. Yet, in practice, that’s a mirage, so it feels like Apple has more access to them than I do. Transparency Consent and Control (TCC) seemed like a reasonable idea but remains failure-prone and confusing—as if the thinking was that making it smoother would be less secure. And, of course, the App Store provides—at great cost—arguably much more the appearance of security than actual security.


Update (2022-08-29): Nick Heer:

I agree with Reece’s diagnosis of the problem, but not its cause. If someone is logged into a user account on a Mac, everything in the keychain is probably unlocked and available to them as well. And if they have text message forwarding enabled on their iPhone, an SMS-based two-factor code will appear in Message. Despite what is basically security theatre, I need to reauthenticate several times weekly on websites and in applications I use all the time.

5 Comments RSS · Twitter

TouchID on my original iPhone SE, which I've kept on iOS 12, and refuse to allow to use iCloud Message sync... it asks for the phone unlock pin, maybe once every week or two. Message sync between all my devices works pretty much flawlessly, and my High Sierra Safari holds onto logins just fine.

So beyond scare stories of the security boogyman, what's my incentive to upgrade?

I am so annoyed by websites that have refresh tokens that last only 7 days or less. I don't always visit them that frequently, and so I'm constantly logging back into sites that don't require that level of security, and it's just extra annoyance and inconvenience for me.

The fact that I can't stay logged into anything Apple related, and that it requires me to do 2FA almost every time, is even worse. And I *do* log into those sites daily from the same device, so there's no reason for it.

Your point about annoyances causing people to choose less secure, less annoying options is spot on. Software and web designers never seem to remember this. There is so much security theater in the world of computers now, and very little of it matters, at least for the average user.

And no one has been worse about this lately than Apple. Every major release of macOS and every hardware upgrade introduces new security features that accomplish nothing other than hampering developers and annoying users, often with no recourse. And then we still hear of regular exploits that give malicious software root or kernel level access, meaning the security didn't even protect us.

I long for the days of 2010 and earlier. At the time I didn't realize how good we had it. And I had no idea how much worse and how quickly everything was going to get.

Touch ID was such a dream. It almost always worked. I would go weeks without it failing. I go maybe a day without Face ID failing. And from a security perspective, Face ID is worse than Touch ID, because the former is passive while the later is active.

I also hate having to sign in so often, especially with 2FA on. I keep them on, and 1P makes it easier, unless its an email 2FA, which is REAL annoying. Still, it makes it so much harder to us sites.

The amount of security only matters once you are attacked. (By bots or people) that’s why it appears useless and if it successfully defended your identity, continues to do so.

I wonder if Nick Heer has it wrong about the Keychain. While it's true that the (default user's) keychain is unlocked once a user is logged in, it still restricts access - i.e. a visitor to the unlocked computer still can't simply open the Keychain Access app and look at the passwords, and neither can other apps that were not previous either authorized by the user with the "Allow Always" button, or because those apps created the entry themselves - i.e. one still needs to know the user's password to get to those keychain items.

BTW, I use a separate keychain for extra-secure passwords, with a setting that automatically locks that keychain soon after an unlock again.

Leave a Comment