Day: September 27, 2023

Warning: Geeky Stuff ahead.

Yesterday, I updated to the latest operating system offering from Apple.

There haven’t been a lot of issues yet.

But there has been one, and this issue is across iPad, iPhone, and the Mac OS. 

Some websites will completely fail to display user credentials stored in Apple’s Password Management System.

After you get over the initial panic that the IOS or OS upgrade has wiped the thousand or so passwords and IDs that you’ve become so dependent on…

Your head will clear and then you’ll go look at passwords. As your heart rate slows, you’ll notice a curious thing. Some websites still work. But other websites act brain dead. Instead of Safari offering to fill in your password and id from Apple’s password management system you’re presented with nothing.

Even typing the first few characters of the user ID will not give you the familiar prompt for face, touch, or master password verification.

Locating the entry containing the user ID and Password and telling your device to open the website, from the password entry itself will open the site BUT WILL NOT autofill the user ID and Password, so you’re on a site, but you’re not logged in.

It’s in Safari, and it’s not technically a bug.

Safari’s security protocols have been updated which is good. But if you log  into web sites that are not using HTTPS with the new versions of Safari, it will look like the upgrade has flushed the login credentials.

The issue is HTTPS versus HTTP. Since the entirety of the internet is supposed to be using HTTPS (For your comfort, safety, and protection,) Apple apparently decided that it’s unsafe to allow the password management system to serve up a user ID and Password to a lowly HTTP site.

On the one hand I can see it. On the other hand there are corporations where their internal HTML pages may require a user ID and Password, BUT where they are not using HTTPS inside the corporate defense ring. This may or may not be good security, but that’s not the issue. The issue is the confusion caused by the way Apple has implemented this change.

Since there’s absolutely NOTHING, no message, no reaction, no indication, no clue, whatsoever about what is going on, it could leave customers badmouthing Apple, and the new OS. 

Not because what’s been done is wrong, but because it’s inconvenient! Apple already has trouble in corporate environments due to IT departments inherent Pro Windows bias. They needn’t add any fuel to that fire.

I haven’t found the setting to turn this feature off yet. Instead, I just enabled HTTPS on my site. If I find more sites that give me issues, I’ll go digging around to see if there is a setting.

I’d been holding off because I DONT WANT TO PAY FOR THE SECURITY CREDENTIAL!

Oh yeah, it costs… which leads me to begin contemplation about continuing to maintain my own hosting site. Or should I park the unused domains and transfer the live domains to another hosting service.

Truthfully, I’m becoming less and less pleased with my current hosting provider. I’ll take a look at the contract and decide if I want to continue doing business with them.

They’re pretty inexpensive if you select longer contract terms, but their quality of service is becoming questionable. Talking to them and solving problems is getting to be just like every other business. You end up talking to someone outside the country who doesn’t really understand what your issue or question is.

For the moment this HTTP/HTTPS issue is solved. I’m sure there will be other interesting issues popping up soon enough.