How iOS 8 and OS X 10.10 need to fix iCloud Keychain
iCloud Keychain lets you generate, store, and manage strong, unique passwords between your iPhone, iPad, and/or Mac. In theory, that's an amazing win for both convenience and security. Unfortunately, it's only in theory. Sadly there are two big problems with iCloud Keychain, one conceptual, one architectural, that make it so that I — and anyone concerned with security — can't use it. Luckily, it's something that can and hopefully will be fixed with iOS 8 and OS X 10.10.
The first problem with iCloud Keychain is that it doesn't demand re-authentication before it works. That means, as long as your iPhone, iPad, or Mac is unlocked, anyone using it has access to your stored passwords and credit cards. That also means, if iCloud Keychain is enabled, I can't hand my iPhone, iPad, or Mac over to a friend, colleague, acquaintance, family member, or anyone else, at all, ever, without having to worry about my passwords and credit cards being accessed.
If someone needs to make an emergency call, or look something up on the web, or try out one of my games, or do any of a hundred other things other people typically do when you hand them your device, there's a gaping security hole in the form of iCloud Keychain.
That's why third party password managers require a "master password".
The idea is, even if you unlock and hand your iPhone, iPad, or Mac over to a third party, they'd be required to re-authenticate with your passcode, password, or Touch ID before iCloud Keychain could auto-fill a password or credit card.
Yes, the idea behind iCloud Keychain is to be so convenient that people using weak, repetitive passwords find it enticingly easy to stop doing that.
Apple's well aware of that because it's exactly how the App Store and iTunes Store work right now. After a certain, fairly short, length of time, you're required to re-authenticate in order to buy something. It's less convenient but way more secure. And, thanks to the App Store and iTunes Store, we're used to things working that way already.
With Touch ID, which should make it's way into the next generation iPad and mid-tier iPhones this fall, the loss of convenience would be minimal as well. Touch the sensor and the password or credit card fills. Simple as that.
Either way, iOS and OS X shouldn't treat web passwords and credit cards with any less protection than they treat iTunes accounts.
Apple uses amazingly good, privacy and security-centric cryptography in almost every aspect of the iOS architecture. The big, glaring exception appears to be iCloud Keychain. Here's Security Now!'s Steve Gibson on the problem:
I'm not smart enough to understand the details to the level Gibson does, but none of that sounds good to me. Here's how our security editor, Nick Arnott puts it:
If Apple can use rock-solid crypto throughout the rest of the system, it'd be great if they could use it for something as important as iCloud Keychain in iOS 8 and OS X 10.10 as well.
Because, again, there are few things as critical to keep safe as web passwords and credit card information.
iCloud Keychain: The bottom line
I should make clear that I don't think Apple has intentionally made iCloud Keychain weak, flawed, or otherwise compromised. Secure sync is incredibly hard. Balancing security and convenience is incredibly hard. Getting betas and releases out given Apple's deadlines is incredibly hard. Inevitably features get pushed back and things go missing.
But iCloud Keychain is incredibly important and these two things — re-authentication and better cryptography — simply need to be in place before I can use it and before I can recommend anyone else use it.
Hopefully iOS 8 and OS X 10.10 will do just that.
Meanwhile, let me know — are you're using iCloud Keychain, and what you think of the feature?
Get the best of iMore in your inbox, every day!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.
Alternatively... GUEST LOGIN for iOS !!!
... with access to the apps already installed by the owner, without the owner's app-data/credentials, obviously, then delete the cache/cookies/etc after exiting that session of guest login.
Might as well throw in TRUE multitasking (split-screen) for iPads.
Let this Lamborghini get past 25!
All that being said, with the latest "HeartBurn", changing all my passwords was not as easy as I hoped with Keychain was not as easy as I had hoped it would be. So if they fix it with IOS8 and 10.10, I'll stay with it. Otherwise, I'll start learning to jump through the hoops and learn how to use one of the other password managers.
And install iOS 8 Beta 1 as soon as it drops.