New Apple iPhone app proves just how hard it is to kill the online password
Apple Intelligence was unveiled during Apple’s Worldwide Developers Conference in Cupertino, California, on June 10, 2024.
Source: Apple Inc.
For years, cybersecurity experts have been predicting the death of the online password as more advanced log-in features, from facial recognition to multi-factor authentication, become more common. But it seems like Apple has accepted that the password isn’t going away anytime soon. Its new Passwords app, introduced at Apple’s WWDC 2024 earlier this week, is one more solution to help protect online accounts and manage multiple logins. It doesn’t change the fact that putting all your logins in one place continues to come with risks.
“Passwords are really hard to kind of get rid of,” said Andras Cser, Forrester vice president, principal analyst.
The new Passwords app for iPhone, iPad, Vision Pro, Mac and Windows, lets users store all of their passwords, including verification codes, app passwords, Wi-Fi passwords, Passkeys and more. The offering is similar to other password managers on the market, including 1Password and LastPass.
“You can’t underestimate the power of having a default solution like this and having password security built in,” said Gadjo Sevilla, eMarketer senior analyst .”That’s probably going to entice the majority of of Apple customers to use the feature. It’s convenient. It’s there. It’s free.”
Passwords are a risky online security method
But that doesn’t change the basic concern about users relying on passwords as a default online security method.
“That’s the move: Obliterate the need for any password manager and just move to one-time passwords based on push notification-based authentication, biometrics or passkeys,” Cser said. “Moving away from passwords is probably the right message, not using free or upgraded password managers.”
Password hacking is on the rise, with IBM reporting a 71% increase in the number of attacks using valid passwords in 2023 compared to 2022. Apple, Google, and Microsoft have made moves to migrate more users to passkeys, which requires another device owned by the user to verify the login through face scans, fingerprints or other codes. This helps get rid of the biggest cybersecurity risk: people tend to have very poor password hygiene, including using the same password across accounts, which means if that password is stolen the hacker would have access to all of them.
Apple’s passkey system, Keychain, is only for products under its iOS operating system. This new Passwords app includes more systems compatibility, including Windows and different types of login verifications. The company did not say it will include any Google or Android passwords, which encompass a lot of accounts.
Password managers, like the Apple Password app, log different passwords, passcodes and logins securely under a safe account. And they do offer an added layer of protection: research from Security.org found those without password managers are three times more likely to be victims of identity theft. But whether free or paid versions of managers, none completely eliminates risk.
“They are a band-aid or wraparound,” Cser said. “Passwords are very vulnerable, and very much have run their course in protecting any kind of apps or resources and data. So then, it just puts all your eggs in one basket, regardless of who’s tool you pick, right?”
Apple did not respond to a request for comment by press time.
There are some concerns that if Apple holds all the digital keys to everyone’s password, then it could make people more vulnerable if the company is hacked. It’s not outside the realm of possibility: Apple’s iCloud was hacked back in 2014, leading to many leaks of private celebrity photos. LastPass was hacked in 2022, though customer data was not stolen.
“The one security issue ever is that anyone who gets your Apple ID and your password would get access to your iCloud Keychain or your Password app, because that is really the key authentication needed to safely access those stored passwords,” Sevilla said.
Apple, personal data, and privacy
Still, protecting large amounts of personal data is nothing new for Apple, and it has developed a relatively good track record of building its brand around privacy. It also has a hardline stance against sharing information with unauthorized third-party apps. Earlier changes starting with iOS 14.5 have asked users to opt into data sharing and blocked tracking applications, to the detriment of digital advertising companies reliant on that information for ad targeting like Facebook.
“Apple is a services company,” Sevilla said. “They have billions of credit card numbers. You can’t underestimate the amount of effort they will put into making sure that is locked down, and those are all tied into Apple IDs, Apple passwords. So I guess if you follow that example, they could probably be seen as far more secure than the standalone apps.”
Broader data sharing issues were raised at WWDC about Apple’s partnership with OpenAI, which it is using to allow Siri to access ChatGPT. Some, including Elon Musk, have raised concern that allowing OpenAI access to Apple user data could be a potential security violation. OpenAI uses user data and behavior to train its AI models.
While it may be highly unlikely, with users sharing their passwords with Apple, and Apple sharing data with OpenAI, cybersecurity experts say it presents at least the theoretical risk that OpenAI could use logins to look at personal data for its learning purposes.
Apple reiterated its commitment to data privacy at WWDC 24. Apple Intelligence, its entry into AI, will leverage cloud-based models on special servers using Apple Silicon to ensure that user data is private and secure. If a request needs to go to a cloud server, Apple says it will only send a limited selection of data in a “cryptographically” secure way.
“We’re not going to take that data and go send it to some cloud somewhere,” Apple senior vice president of Machine Learning and AI Strategy John Giannandrea said at the event. “Because we want everything to be very private, whether it’s running locally or on a cloud computing service, and that’s the way we want it so we can use your most personal data.”
A soldier walks next to a Tesla Cybertruck, which was donated to the National Guard, after powerful winds fueling devastating wildfires in the Los Angeles area forced people to evacuate, in the Pacific Palisades neighborhood on the west side of Los Angeles, California, U.S. Jan. 13, 2025.
Daniel Cole | Reuters
Tesla started offering discounts on new Cybertruck vehicles in its inventory this week, according to listings on the company’s website.
Discounts are as high as $1,600 off new Cybertrucks, with the reduced price depending on configuration, and up to around $2,600 for demo versions of the trucks in inventory, the listings show. Production of the angular, unpainted steel pickups has reportedly slowed in recent weeks at Tesla’s factory in Austin, Texas.
Deliveries of the unconventional pickup began reaching customers in 2023. CEO Elon Musk originally unveiled the Cybertruck in 2019 and said it would cost around $40,000, but its base price in the U.S. was closer to $80,000 over the course of 2024.
Wall Street previously viewed the Cybertruck as an important driver of growth for Tesla’s core automotive sales.
While the Cybertruck outsold the Ford Lightning F-150 last year in the U.S. and became the fifth best-selling EV domestically, according to data tracked by Cox Automotive, its high price, repeat recalls and production issues in Austin hampered growth. In November, Tesla initiated its sixth recall in a year to replace defective drive inverters.
As CNBC previously reported, Tesla’s deliveries declined slightly year-over-year in 2024, even as EV demand worldwide reached a record. A slew of new competitive models from a wide range of automakers eroded Tesla’s market share.
According to Cox data, full-year EV sales reached an estimated 1.3 million in 2024 in the U.S., an increase of 7.3% from the prior year. But Tesla’s sales for the year declined by about 37,000 vehicles.
The Tesla Model Y SUV and Model 3 sedan ranked as the top two best-selling EVs by a wide margin. But both older, more affordable Tesla models saw sales drop from the previous year. Cox estimated Tesla sold around 38,965 Cybertrucks in the U.S. last year.
In recent days, Musk apologized to customers in California for delays in delivering their Cybertrucks. He said the trucks are now being used to bring supplies and wireless internet service to people in Los Angeles impacted by devastating wildfires.
“Apologies to those expecting Cybertruck deliveries in California over the next few days,” Musk wrote on X. “We need to use those trucks as mobile base stations to provide power to Starlink Internet terminals in areas of LA without connectivity. A new truck will be delivered end of week.”
David Solomon, CEO of Goldman Sachs, speaks during the Reuters NEXT conference, in New York City, U.S., December 10, 2024.
Mike Segar | Reuters
Goldman Sachs CEO David Solomon says there’s an end in sight to the multi-year IPO drought.
“It’s going to pick up,” Solomon said on Wednesday, in an on-stage interview with Cisco CEO Chuck Robbins at a summit hosted by the computer networking company in Silicon Valley. “It’s been slow, it’s been turned off.”
Solomon, who flew to California for the event just after his Wall Street bank reported fourth-quarter results that blew past analysts’ estimates, said the capital markets broadly are showing signs of life ahead of President-elect Donald Trump’s inauguration next week.
The tech IPO market has largely been dormant since the end of 2021, when tech stocks started falling out of favor due to soaring inflation and rising interest rates. Mergers and acquisitions have been difficult in technology because of hefty regulation that’s restricted the ability for the biggest companies to grow through dealmaking.
Solomon said the mood is changing, and he expects momentum M&A as well as in IPOs.
“We have a more constructive kind of optimism, which always helps,” Solomon said. He later added that, “broadly speaking, I think it’s an improved business environment.”
Earlier in the day, Solomon said on his company’s earnings call that Trump’s election and a swing back to Republican power in Washington is already starting to make an impact in the business world. He noted on the call that “there is a significant backlog from sponsors and an overall increased appetite for dealmaking supported by an improved regulatory backdrop.”
Solomon’s comments on the call and at the Cisco event came on a day when the S&P 500 posted his biggest gain since November, helped by a tame inflation report and Goldman’s results. Goldman’s stock popped 6% on Wednesday.
While the stock market has had a strong two-year run and the S&P 500 and Nasdaq hit fresh records last month, IPOs have yet to see a resurgence. Cloud software vendor ServiceTitan debuted on the Nasdaq in December, marking the first significant venture-backed IPO in the U.S. since Rubrik in April.
“The values came down after 2021, people are growing back into those values,” Solomon said at the Cisco summit.
Some companies have said they’re ready. Chipmaker Cerebras filed to go public in September, but the process was slowed down due to a review by the Treasury Department’s Committee on Foreign Investment in the U.S., or CFIUS. In November, online lender Klarna said it had confidentially filed IPO paperwork with the SEC.
Though he’s bullish about what’s coming, Solomon said that there are structural reasons not to go public. He said 25 years ago there were roughly 13,000 public companies in the U.S., and today that number has come down to 3,800. There are higher standards around disclosure for being public, and there’s now tons of private capital available “at scale.”
“It’s not fun being a public company,” Solomon acknowledged. “Who would want to be a public company?”
WATCH: Goldman Sachs tops estimates
Dado Ruvic | Reuters
If TikTok does indeed go dark on Sunday for Americans, there may be a tool for them to continue accessing the popular social app: VPNs.
The Chinese-owned app is set to be removed from mobile app stores and the web for U.S. users on Sunday as a result of a law signed by President Joe Biden in April 2024 requiring that the app be sold to a qualified buyer before the deadline.
Barring a last-minute sale or reprieve from the Supreme Court, the app will almost certainly vanish from the app stores for iPhones and Android phones. It won’t be removed from people’s phones, but the app could stop working.
TikTok plans to shut its service for Americans on Sunday, meaning that even those who already have the app downloaded won’t be able to continue using it, according to reports this week from Reuters and The Information. Apple and Google didn’t comment on their plans for taking down the apps from their app stores on Sunday.
“Basically, an app or a website can check where users came from,” said Justas Palekas, a head of product at IProyal.com, a proxy service. “Based on that, then they can impose restrictions based on their location.”
Masking your physical internet access point
That may stop most users, but for the particularly driven Americans, using VPNs might allow them to continue using the app.
VPNs and a related business-to-business technology called proxies work by tunneling a user’s internet traffic through a server in another country, making it look like they are accessing the internet from a location different than the one they are physically in.
This works because every time a computer connects to the internet, it is identified through an IP number, which is a 12-digit number that is different for every single computer. The first six digits of the number identifies the network, which also includes information about the physical region the request came from.
In China, people have used VPNs for years to get around the country’s firewall, which blocks U.S. websites such as Google and Facebook. VPNs saw big spikes in traffic when India banned TikTok in 2020, and people often use VPNs to watch sporting events from countries where official broadcasts aren’t available.
As of 2022, the VPN market was worth nearly $38 billion, according to the VPN Trust Initiative, a lobbying group.
“We consistently see significant spikes in VPN demand when access to online platforms is restricted, and this situation is no different,” said Lauren Hendry Parsons, privacy advocate at ExpressVPN, a VPN provider that costs $5 per month to use.
“We’re not here to endorse TikTok, but the looming U.S. ban highlights why VPNs matter— millions rely on them for secure, private, and unrestricted access to the internet,” ProtonVPN posted on social media earlier this week. ProtonVPN offers its service for $10 a month.
The price of VPNs
Both ExpressVPN and ProtonVPN allow users to set their internet-access location.
Most VPN services charge a monthly fee to pay for their servers and traffic, but some use a business model where they collect user data or traffic trends, such as when Meta offered a free VPN so it could keep an eye on which competitors’ apps were growing quickly.
A key tradeoff for those who use VPN is speed due to requests having to flow through a middleman computer to mask a users’ physical location.
And although VPNs have worked in the past when governments have banned apps, that doesn’t ensure that VPNs will work if TikTok goes dark. It won’t be clear if ExpressVPN would be able to access TikTok until after the ban takes place, Parsons told CNBC in an email. It’s also possible that TikTok may be able to determine Americans who try to use VPNs to access the app.
(L-R) Sarah Baus of Charleston, S.C., holds a sign that reads “Keep TikTok” as she and other content creators Sallye Miley of Jackson, Mississippi, and Callie Goodwin of Columbia, S.C., stand outside the U.S. Supreme Court Building as the court hears oral arguments on whether to overturn or delay a law that could lead to a ban of TikTok in the U.S., on January 10, 2025 in Washington, DC.
Andrew Harnik | Getty Images
VPNs and proxies to evade regional restrictions have been part of the internet’s landscape for decades, but their use is increasing as governments seek to ban certain services or apps.
Apps are removed by government request all the time. Nearly 1500 apps were removed in regions due to government takedown demands in 2023, according to Apple, with over 1,000 of them in China. Most of them are fringe apps that break laws such as those against gambling, or Chinese video game rules, but increasingly, countries are banning apps for national security or economic development reasons.
Now, the U.S. is poised to ban one of the most popular apps in the country — with 115 million users, it was the second most downloaded app of 2024 across both iOS and Android, according to an estimate provided to CNBC from Sensor Tower, a market intelligence firm.
“As we witness increasing attempts to fragment and censor the internet, the role of VPNs in upholding internet freedom is becoming increasingly critical,” Parsons said.
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports9 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway