Ordinarily I'd agree with small companies not being informed enough on security best practices and agree with your point. Small companies shouldn't invent security on their own.
But there's something bigger here that stood out and that kind of makes me angry: Apple, a multi-trillion dollar company, is influencing people to stop using products by small companies and small teams.
It's stuff like this, stuff like requirements to "sign in / pay with Apple", and stuff like the green text boxes that make you have to fit everything to Apple and give them their dues.
I really wish we'd regulate or break up the big tech companies. Innovation has barriers to entry because of them.
Apple shouldn't be making their own password standard. They should work in an industry consortium to agree across the board, and they should put in the extra effort to tell users when websites may not comply with their new rules. It's not the website's fault that they didn't get the new and unannounced memo.
Add a new HTML password form property to indicate compliance with the standard before you go generating uncompliant passwords. Do a graceful migration. Stop beating up the little players.
I'm starting to think that neither Google nor Apple should be allowed to have their own web browsers. They're only using them as a means to deepen their platform reach and hobble up more control.
Pretty soon Apple and Google won't generate passwords at all. They'll deprecate the password field and mark it dangerous. Then it'll be an Apple passkey where companies will have to negotiate payment rates and won't be privileged to know their own customer.
If Apple’s password manager required websites to indicate compliance before generating passwords for them, it would defeat the goal of a password manager to work with existing sites. It’s not like Apple invented the idea of a password manager.
Reasonable sites should already allow passwords of the sort Apple generates, because they tick the usual boxes (length, entropy, and the pointless at-least-one-uppercase/digit/punctuation requirement). Now, many websites are not reasonable and enforce even-more-pointless requirements. Apple tries to mitigate this with a hardcoded list of popular websites’ password policies [1], which is used to tailor password generation for those websites. To be fair, this approach doesn’t scale for smaller websites. But there’s not much more Apple could do. In any case, at this point websites have had many years to adapt to Apple’s password manager and its password style (which has not changed recently).
Accepting passkeys doesn’t cost money, and they’re based on a web standard. There are valid objections to passkeys but this ain’t it.
But there's something bigger here that stood out and that kind of makes me angry: Apple, a multi-trillion dollar company, is influencing people to stop using products by small companies and small teams.
It's stuff like this, stuff like requirements to "sign in / pay with Apple", and stuff like the green text boxes that make you have to fit everything to Apple and give them their dues.
I really wish we'd regulate or break up the big tech companies. Innovation has barriers to entry because of them.
Apple shouldn't be making their own password standard. They should work in an industry consortium to agree across the board, and they should put in the extra effort to tell users when websites may not comply with their new rules. It's not the website's fault that they didn't get the new and unannounced memo.
Add a new HTML password form property to indicate compliance with the standard before you go generating uncompliant passwords. Do a graceful migration. Stop beating up the little players.
I'm starting to think that neither Google nor Apple should be allowed to have their own web browsers. They're only using them as a means to deepen their platform reach and hobble up more control.
Pretty soon Apple and Google won't generate passwords at all. They'll deprecate the password field and mark it dangerous. Then it'll be an Apple passkey where companies will have to negotiate payment rates and won't be privileged to know their own customer.