Marco.org

I’m : a programmer, writer, podcaster, geek, and coffee enthusiast.

Not Cloudy Enough

Will Hains on the clunky experience of having to re-enter credentials in apps when setting up a new device, using Instapaper as an example:

That might not sound like a big deal, but I had to repeat this process, racking my brain to remember all those IDs and passwords, for every single app that has a cloud service. And these days, that’s nearly all of them.

As a counter example, take Instacast. When I opened the app after a fresh install, it prompted me to sync with iCloud. And when I did, all of my podcast subscriptions, played/unplayed status, and even track positions were synced instantly. I was listening to my favourite podcast, right from where I had left off, in seconds. It was a fantastic user experience.

So why don’t more apps do it like Instacast? My first thought was that Instapaper has a web-based component to its service, so it needs a user ID and password. But why not store that in iCloud?

I’ve thought about this before, and I really don’t know what the right solution is.

Apple tells developers not to store passwords in iCloud. (Presumably, they want us to use Keychain rather than storing them in plaintext in the iCloud key-value store, but Keychain doesn’t sync.)

But Instapaper doesn’t store passwords. It communicates with the server using OAuth, so it only stores a token. I don’t think Apple has been clear about whether it would be unacceptable or unwise to store and sync non-password authentication tokens with iCloud to make new-device setup easier for our customers.

Customer expectations might also be tricky to navigate. Assuming people are using iCloud as intended (one account per person, keeping the password private) and not storing extremely sensitive data in Instapaper, I don’t think anyone would have a problem with their Instapaper login being synced automatically to any new devices on their account.

I’d need to make it optional in the app so people could use separate Instapaper accounts on separate devices (I don’t know why, but I bet some people do), but I also would need to enable it by default for it to be useful to most customers.

Are there any great reasons not to do that? Get in touch.