Yep. I would expect better from Apple.*
*Maybe naively.
Indeed, and unless it is an emergency, e.g., food or gas let’s say, why not just wait and save up the money, why go into debt? And, waiting may cause one to pause and think, do I really need this? More often than not, the answer is no. BNPL and credit card payments foster impulse buying. I’m as susceptible as anyone to the impulse buy. I’ve learned, mostly 
, to add something I’m interested in to an Apple Note and then come back to it a few days later. Nine times out of 10, I delete it and never purchase.
1 Like
Great idea.
(Removes M2 Macbook Air from Apple Store basket)
BNPL would be much less of an issue if that was built in - place your order, but it won’t be actioned for 7 days and you can cancel at any point before then.
1 Like
So how much did I save you? 
1 Like
I might be wrong about this:
Also see this tweet from Ricky Mondello from Apple:
What happens if I’m heavy into Passkeys, and I die? How does my estate access my accounts? At least with passwords, I leave my 1Password account info behind and that problem doesn’t exist.
Katie
Cuz I want it NOW!
PS I agree with you.
4 Likes
With passkeys there is still an underlying password for every account you have, it’s just insanely long and complicated and you never, ever see it.
It’s also only stored on your device, the company you are logging into never sees it either.
It sounds odd that you can log into a website without ever telling the website your password, but it is possible. This is basically how banks operate now for sending money.
So, and beware I’m not 100% certain with this, if your family know your single password to get into your phone, it is then possible to access (and transfer) the passkeys. How companies like Apple will actually handle the process is unknown (to me).
@KVZ
It’s actually a private key; not a password. A password you can type (= reveal) to log in (a shared secret that can leak). A private key you should never share with a service; only the public key related to the private key (one of the reasons passkeys are more secure than passwords). But indeed, such keys can be presented as text, looking like a very complicated password.
Apple is planning to safely share these passkeys amongst all devices of a user using the iCloud Keychain, so maybe it will be sufficient to be a Legacy Contact?
2 Likes
If pass keys are digital can they not be used by someone who hacked a computer or stole a phone?
If I’m the only one who knows a password then access can only be granted if I divulge it. Fingerprint, face ID and digital pass keys could be used without permission?
No more so than anything else secured on your Apple computer or device. Please see the Apple Platform Security document from May of this year.
So a password secured in my head is still more secure?
Computer and device security is not that simple. There are many ways to attack and circumvent a “password in your head” that don’t involve your cooperation.
My understanding of this sort of system is that it’s not too different from a lot of server stuff I use in web development: each login has a public key, which is the address of your device. That’s step 1.
Step 2 is the private key, which is only known to the device. If the public key and private key aren’t known to one another, you’re locked out. So logging in to a service would require physical access to your device, as well as your biometric security to use your device.
I haven’t read the white paper on this, so I’m definitely not knowledgeable on the implementation. But from what John has said on ATP and what Apple said on stage, it sounds like a private/public key pairing. That is much more secure than any password in your head because it requires a handshake at some point, and only works between very specific devices.
The servers I’ve configured to be this way are, to my limited understanding, basically hack-proof (please, fellow nerds, don’t take this as a challenge).
I look forward to everybody’s corrections!
1 Like
I haven’t tried it, but I don’t get Stage Manager. From the videos I’ve seen, it looks like it displays one app, and gives you icons along one side of the screen to access the others.
Isn’t that what the Dock was for? I mean, I get that people’s Docks get cluttered and become less useful. But isn’t that an argument for improving the dock, or adding options to it (show only running apps in Stage Manager mode for example, or hide non-running apps u t you indicate you want to see them) rather than recreating it?
Presumably I’m missing something.
No, the whole point is that it allows for multiple apps, up to 4 windows at a time. That could be 4 of the same app or 4 different apps.Edit to add that if you’re attached to an external display you get 4 apps/windows there as well.
If you’re someone that tends to work in groups of apps/windows you could then view each of the groupings on the left side as a workspace. I’d likely have Textastic, Mail and Messages when I’m updating a client website while referring to an email or text they’ve sent. Maybe another grouping for Numbers spreadsheet with another window, again, from Mail, Messages or some other app for reference. And then another grouping of communications focused windows: Mail, Slack, Messages, Discord. And likely, a grouping with Safari and an RSS reader. The second display would host it’s own app groupings.
1 Like
A difference between passkeys and passwords is that in order for a password to be useful it has to be known by two entities, the user of a service and the provider of that service, but a passkey is known to (held by) only one entity, the user of a service.
Passkeys mitigate two serious problems with passwords: poor password handling by service providers, and password reuse by users. They introduce other problems such as loss of authenticator device and authenticator lock in, but mitigations for those exist as well. I think it remains to be seen how those will be implemented.
In theory a password stored in your head and disclosed perfectly securely to a single service provider who manages it with perfect security is “more secure” than a passkey. For all practical purposes, this never happens. Generally speaking, anything that reduces your reliance on someone else doing the right thing is better.
(I put quotes around “more secure” because information security is (more or less) a measure of resilience against a set of undesirable outcomes (that affect the confidentiality, integrity, and (the almost always overlooked) availability of information) under a set of conditions. Without specifying the outcomes and conditions, the phrase “more secure” has very little meaning.)
6 Likes
Additionally people might type the password in their head on a phishing site, instead of the real site.
Apparently with passkeys this cannot happen.
2 Likes
Yup. I should have said “poor password handling by both parties” to cover that 
2 Likes
Password/passcode/passkey/private key…
They are all just different words for a chunk of data.
Traditionally passwords were short, like 8 characters, and people often used words.
Passkeys will be 256 characters long or something, and unique for every website/account etc.
For someone to steal your traditional password and access your account, they can either phish it from you, hack the website, or hack your device if you save it in a password manager.
For someone to steal your modern passkey and access your account, they can only hack your device. There’s no other way.
So, whilst there are scenarios where passkeys are inferior, for the vast, vast majority of people this is a massive improvement, a revolution I’d say.
If you can protect your single, long password (isn’t passcode a better name?) to access your device then you are surprisingly secure.
Note: I am not certain of the implementation, you may need to be remembering your device and/or iCloud. Plus Android and Windows if you are in that realm . Still, it is a huge reduction.