Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption Software

Signal Developer Explains Why Early Encrypted Messaging Tools Flopped 98

Signal developer Moxie Marlinspike criticized early encryption software's user-unfriendly design at Black Hat 2024, admitting he and others initially failed to consider non-technical users' needs. Speaking with Black Hat founder Jeff Moss, Marlinspike said developers of tools like Pretty Good Privacy (PGP) wrongly assumed users would adopt complex practices like running keyservers and signing keys over dinner. "We were just wrong," Marlinspike said, describing this as "software snobbery" that undermined wider adoption. "You take on the complexity instead of making the user deal with it," Marlinspike contrasted PGP's arcane interface with Signal's more accessible design.
This discussion has been archived. No new comments can be posted.

Signal Developer Explains Why Early Encrypted Messaging Tools Flopped

Comments Filter:
  • At least he gets (Score:5, Insightful)

    by nashv ( 1479253 ) on Friday August 09, 2024 @09:16AM (#64692496) Homepage

    A lot of people do not understand that security and privacy are not the same thing. They are not even the most important criterion across the board. They are 2 of several criteria that depend on how the software is being used, who is using it and what is the information that is being put in the software.

    1. My mom wants to tell me that she needs a plumber over a message - security is not the paramount feature. Privacy is somewhat important. Convenience is the MOST important thing here.

    2. The spy wanting to send the coordinates of the rogue nations nuclear facility....well, you get the picture.

    This is common sense and yet we have expectations that PGP will become standard.

    • This is common sense and yet we have expectations that PGP will become standard.

      This is why I use Telegram and why I've prodded my family to adopt it as well. There are obviously things about it that are somewhat alarming to me (closed-source and non-federated server software, a creator who is becoming more of a diva every day, an increasing promotion of crypto scammery, etc), but it is by far the most user-friendly messaging platform available that isn't owned by a tech megacorp.

      If I have something secret to send, I can use PGP to encrypt the message and then send it over literally a

      • Signal FTW! (Score:5, Informative)

        by echo123 ( 1266692 ) on Friday August 09, 2024 @09:36AM (#64692534)

        Signal is end-to-end encrypted for all functions across the board [tomsguide.com], (text, audio, video). Telegram is not. It's easy to search for other citations as well.

        disclaimer: I'm a Signal fanboi and I tell everyone about it.

        I figure if Signal is good enough for Mark Meadows [businessinsider.com], it's good enough for me. /s ...and by all means do not even consider using Whatsapp! Whatsapp can get you killed! [cnn.com]

        • by AmiMoJo ( 196126 )

          The main features I need from Signal are open source clients and federation.

        • Re:Signal FTW! (Score:5, Informative)

          by kwelch007 ( 197081 ) on Friday August 09, 2024 @03:49PM (#64693388) Homepage

          Signal is great. I use it. What people fail to realize is that while the Signal protocol is secure (currently anyway,) and fairly private since they stopped requiring use of your cell number as an ID, the phone itself is not. That is not doubt how the "Signal hacks" happened...malware took screenshots of the SIgnal app rather than intercepting and decrypting the messages themselves.

        • by trawg ( 308495 )

          I don't know enough about the details of that case (I doubt anyone really does except the perpetrators of that foul act) but afaik whatsapp uses the same encryption model as Signal and has done since about 2016.

          In that case it sounds like a phone was compromised at the phone level, which would probably expose Signal messages just as easily as Whatsapp messages.

          (I also am a Signal fan and recommend it incessantly and annoyingly but short of that I advise people to use whatsapp over Telegram any day of the we

          • I don't know enough about the details of that case (I doubt anyone really does except the perpetrators of that foul act) but afaik whatsapp uses the same encryption model as Signal and has done since about 2016.

            In that case it sounds like a phone was compromised at the phone level, which would probably expose Signal messages just as easily as Whatsapp messages.

            My understanding of the hack that lead to Jamal Khashoggi's brutal death is that Whatsapp had a zero-day flaw that Pegasus from Isreal's NSO group was able to use to 'own the phone'. The phone was infected using a crafted SMS message that in all liklihood was completely silent. Also it wasn't Jamal Khashoggi's phone that was hacked, but Omar Abdulaziz', Jamal's trusted associate's who Jamal Khashoggi was communicating with supposedly in private. Jamal Khashoggi's wife's phone was also targeted several month

        • I have been using Signal since the RedPhone/TextSecure days, when TextSecure replaced the SMS app on Android with one that handled SMS, as well as Signal messages, and stored both encrypted on the device.

          I consider it good enough for most communication, and it has been solid, as solid as a secure messaging app can be. However, nothing beats a properly set up GPG web of trust. However, getting people to actually use a GPG web of trust is next to impossible, because most people want a padlock icon to look a

        • I love the security of Signal. But I don't love the practicality . Messages and content do not sync between devices. In particular nor between Signal desktop and Signal on my phone.
          I find small touch screens very tedious to type on, especially now that I suffer from macular degeneration.

          When I need to type a long message, it's the desktop with full size keyboard and 32" monitor I want to use, not the phone.

          There is no option to do this sync with Signal at all, unfortunately, as far as I know.

          Obviously, ther

          • I love the security of Signal. But I don't love the practicality . Messages and content do not sync between devices. In particular nor between Signal desktop and Signal on my phone.
            I find small touch screens very tedious to type on, especially now that I suffer from macular degeneration.

            When I need to type a long message, it's the desktop with full size keyboard and 32" monitor I want to use, not the phone.

            There is no option to do this sync with Signal at all, unfortunately, as far as I know.

            At this moment I do not know what to tell you other than to offer you encouragement to try harder. Signal works for me the way you describe how you would like it to work. I have two devices that automatically, instantly sync with each other: an Android phone and an Ubuntu workstation with Signal Desktop. Android must work well with Signal first, than the Desktop is linked using a QR-code generated from the Desktop as I recall.

            In fact I find it convenient when an incoming call comes in to be able to choose w

            • by madbrain ( 11432 )

              All I can say is that my Signal messenger on Android is showing many conversations from 2022, 2023 and 2024, and Signal desktop for Windows is showing no conversations at all.

              I just tried to send a "Note to self" on Signal desktop, and it did sync immediately to Android. Perhaps it's only syncing things in one direction.

            • by madbrain ( 11432 )

              Seems that it is indeed a limitation of Signal desktop . After being installed, it will not sync old conversations automatically, only new conversations.
              There is unfortunately also no way to import these old conversations manually either. This is documented. This is a showstopper for me. I reinstall my OS periodically, as the Windows registry tends to make the system explode after a few years. And at that point, Signal would be reinstalled also, and old conversations would fail to sync as well. This is a re

              • I didn't read the link but I can still offer this comment. As I understand things, Signal works this way by design because messages are sent to a secure device with a key, period. This is a security feature. And if someone captures your latest device, they still cannot access old messages.

                I think I understand where you are coming from too and I feel the same way. I have people in my life whose messages I don't want to lose because if I'm lucky I'll outlive them.

                For some people in my life and group chats dis

                • by madbrain ( 11432 )

                  Preventing access to old messages on a lost/compromised device is all well and good, but that is not good for everybody in 100% of use cases. One can make a case that the current behavior is the most secure, and should be the default. And I would buy that if Signal had any way to deal with the other cases at all. I'm confident that there ways to deal with it with explicit manual steps, and without compromising the security in this case.

                  I have been using Linux since 1997 in various forms. I have written a lo

                  • Preventing access to old messages on a lost/compromised device is all well and good, but that is not good for everybody in 100% of use cases. One can make a case that the current behavior is the most secure, and should be the default.

                    ...if the machine is saved as a snapshot, and the snapshot still works, there's your backup right there. Backups are for the old archived messages you don't want to lose, right? And that's just one backup technique.

                    Aside from that, going forward, everything sync'd between devi

                    • by madbrain ( 11432 )

                      Signal still supports migrating old messages from one Android device to another, or from one iOS device to another, as I understand from the page I linked and which you said you didn't read. Perhaps you should reconsider using Signal, since that capability is actually there on some platforms, just not the ones I care about.

                      Unless I'm missing something, your suggestion to use a VM as backup only helps with backing up messages going forward - it does not help with the problem of syncing older Signal messages

        • Signal also works with iMessage without any extra steps. The only bad thing is it just starts working with it. So I was texting my neighbor and he said he stopped getting my messages. It turns out it was because he bought a new iPad that came with iMessage installed so all my texts started arriving there instead of on his phone which did not have iMessage and he didn't use his tablet every day.
    • by Sique ( 173459 )
      Yes and no. Security is the umbrella above three different aspects of messaging.
      1. Privacy: No one outside the targeted group can read the message.
      2. Authenticity: The message arrives unchanged at all intended recipients.
      3. Non-Reputability: No one can send a message in your name without your permission.

      A system which does not assure all three aspects is not secure.

      • by Anonymous Coward

        When Microsoft talks about "security" they aren't using the same definition of the word as you are.

        In Microsoft's mind, security means:

        The untrusted end-user is unable to run any software without owning an appropriate software license.
        The untrusted end-user is unable to pirate any content without owning an appropriate license to the content.

      • by jd ( 1658 )

        I would agree, and virtually all of that can be transparent. The only bit that isn't is the bit where you show the machine that you are indeed the authorised recipient/sender.

        Everything else can be automagic.

      • by Entrope ( 68843 )

        Usually security people talk in terms of the (somewhat ironically named) CIA triad [wustl.edu]:
        Confidentiality is a superset of privacy: don't disclose information when it should not be disclosed.
        Integrity is a superset of your authenticity and non-repudiability: it does what it says it did.
        Availability is whether the system or service is available at all. DoS attacks violate availability.

      • Oftentimes, I see "security" as in "non-jailbreakability", as in DRM. A lot of companies don't care if the bad guys can compromise a device and turn it into a privacy nightmare, provided the person who owns the device can't do anything about the software running on it.

        Guarding against a local user from getting a root prompt is a completely different version of security than guarding against remote root attacks, guarding against privilege escalation attacks, or guarding against an app that needs root for on

      • Instead of "non-reputability,", I think the correct concept is "non-repudiation". It means you cannot pretend to not have sent (or repudiate) a message that you actually did send out.

    • by jd ( 1658 )

      PGP could have been standard, if it had been transparent.

      When we log into SSH servers using certs, we don't care about the picky details. Even less so when we log into websites over HTTPS connections, whether the certs used are client-side, server-side, of both.

      If I'm connecting to an extranet at work, the router handles the IPSec connection, not me.

      I remember saying much the same when PGP came out - it'll be used if it's transparent and users don't have to do anything.

      Get your email client to look up the r

      • With HTTPS you blindly trust some third parties: the browser and a bunch of certificate authorities. And some certificate authorities proved to not be trustworthy. And a lot of "security" software and devices try to MITM attack you. That assumed trust make it easy to use.

      • There are lots of tools which do that. I remember a browser extension that added PGP to Gmail. But still nobody uses encryption

        • Gmail broke S/MIME for the longest time. And I'm not talking about the "hosted S/MIME" but the proper client-side S/MIME over IMAPS/SMTPS where you manage your certs and keys yourself. Which is a PITA to do with multiple devices.

      • by unrtst ( 777550 )

        I remember saying much the same when PGP came out - it'll be used if it's transparent and users don't have to do anything.
        Get your email client to look up the recipient's encryption key ...

        For email, I think S/MIME is a better analogy to HTTPS and it's ease of adoption. Once a user certificate is issued and installed, S/MIME is very transparent in use, but we're back to trusting CA's, rather than a ring of trust as in GPG/PGP.

        To suggest having your email client look up recipients key suggests there would be a single authority for the keys, and we might as well go back to the S/MIME certificate model at that point, IMO.

    • by Z00L00K ( 682162 )

      Any security that the user don't have to think about or recognize it's there because it's just there doing its job is the good security.

      Same thing with privacy features.

    • I think a lot of people have to deal with situations where there's disagreement over which criteria are the most important. Your mom wants you to tell the plumber to show up right now, and you're hiding from a fatwa calling for the removal of your thumbs. You want to be anonymous and secure. The plumber wants convenient communication, your mom's address, and payment. So the communication product creators need to be beyond the limits of human needs in privacy, security and convenience, and put such a friend
  • Grandma Test (Score:5, Insightful)

    by dbialac ( 320955 ) on Friday August 09, 2024 @09:27AM (#64692514)

    admitting he and others initially failed to consider non-technical users' needs

    This is a part of why Linux is a marginal OS on the desktop but thrives under Andriod. Android targets grandma while Linux targets technical users. Linux (Gnome and KDE, really) has made significant progress towards fixing that and has the benefit that it has a large community of developers behind it, so it's not going anywhere. But Grandma has a lot more of a chance of getting things to work on a Mac or Windows than she does on a Linux-based desktop OS. Grandma has always been the benchmark. Techies know how to modify a configuration file, Grandma probably doesn't have a clue, though as we age, some grandmas are familiar with technology.

    • Comment removed based on user account deletion
    • Re:Grandma Test (Score:5, Informative)

      by Quantum gravity ( 2576857 ) on Friday August 09, 2024 @10:01AM (#64692586)
      Of the Desktop Operating System Market Share Worldwide, Linux has 4.45% July 2024 according to StatCounter. It has gone up from 3.12% in July 2023. See https://gs.statcounter.com/os-... [statcounter.com]

      Did you know that desktop Linux has 15.23% market share in India?

      And an installed Linux distro is pretty easy to use, even for non-technical and older people, in my experience.
      • Comment removed based on user account deletion
      • by HiThere ( 15173 )

        FWIW, I use debian mate. I consider most current windowing systems clunky, obscure, and ugly (by default). I truly despise dark mode. As my eyes have gotten weaker, I've despised it increasingly strongly.

        OTOH, my tastes may be unusual. MSWind95 would be easy to read. (I don't know at all about modern versions of MSWindows.) That said KDE3 was pretty, and KDE4 had lots of good points. But at some point it got too much and I switched to Gnome2. Then Gnome3 came out and I had to switch to Mate.

        • I prefer MATE as well. It strikes the right balance for me in terms of a pleasant aesthetic, low resource footprint and the ability to customize. My hardware these days is beefy enough that resource footprint isn't a major concern of mine, but I still don't like feeling that my DE is doing more than it should. It should look nice, give me everything I need to interact with the machine and then otherwise get out of the way.

          The last time I tried KDE as workstation DE was admittedly a very long time ago now, b

      • I realized that Linux won the usability war when I learned that my brother and his wife (>65 yo real estate agents) are using Ubuntu laptops and they never asked me single question.
      • Linux still has things to fix. Mind, I'm a fan, and use nothinvcelse, but still. Just two examples on my current Ubuntu installation: (1) every few weeks, one of my two monitors us no longer recognized, fixabke by uninstalling cane reinstalling the nvidia video driver. Starting about six months ago, I have no audio volume control until I restart PulseAudio from the command line. Small irritations for me, but catastrophic for a nontechnical user.
      • by 0xG ( 712423 )

        As long as thet can use vi to edit the Makefiles to compile drivers for the peripherals...

    • The Windows desktop every since Windows 8 has been an unintuitive mess particularly when added with "Modern" UI (which actually looks like an escapee from the 1980s to me) where the demarcation between controls and data seems to have been deliberately obscured for [reasons].

    • The other thing to remember that even if someone has the capability does not mean they have the will. I have built servers from spare parts when needed at work. When I go home, the last thing I want to do is administer a home server.
    • This is false. Grandma doesn't need to do sysadmin stuff, she is a simple desktop user doing a limited set of tasks. For simple desktop stuff, Linux is there for over 20 years already: you see icons on a desktop, click on them and launch apps.

    • Except "Grandma" is to be applied to everyone. Not just the enfeebled old lady who's descendants have absolutely no desire to help her with technology the government mandated she use as yet another hoop for means-testing and "government efficiency."

      Personally, I'm fine with PGP and Linux being too "techie" for dimwits to use. In the case of PGP, others using it without a care in the world would dilute the web of trust it's built upon to the point of being worthless. (Try validating anything PGP signed whe
  • PGP wasn't made for the non-technical user. Back in the day it was quite easy to use compared to many other tools you had to use.

    While I applaud efforts to make non-techies access technologies that were used by techies way back, there is more to it.

    For example, how do you know that your messages on signal are encrypted so that no-one else than the people involved in the conversation can read them? How do you know that the person you are talking to are the person they are claiming to be?

    Tools like PGP/GPG sh

    • by HiThere ( 15173 )

      Yes, but email programs should at least support signing messages with a private key. Kmail could support that over a decade ago. (Too bad it had other problems.)

      • by mysidia ( 191772 )

        Signing is easy. In fact; your mail server can do that - DKIM signing can sign everyone's emails.
        Thus in theory the message verifiably comes from someone with access to your account or with control of your mail server.

        Exchanging keys in a manner where you can actually verify the signing key belongs to you think it does is harder.

  • Moxie can jabber all he wants, but you never hear about people using GPG on a linux getting all their communication broken, meanwhile it seems like the NSA has every last signal message before you even finish typing it.

    Signal traffic from Sam Bankman Fried, The Proud boys, The Oathkeepers, and countless others have been on open display as if it is a matter of course that the government has access to all signal messages.

    Maybe he should rethink the philosophy of making something so easy that anyone can use it

    • I respectfully disagree the Feds managed to hack into Signal. In almost all cases where evidence is coughed up, it's because there's evidence On The Device, and the Feds, (somehow), got access to the device. Someone's device from the group chat. Possibly with cooperation from the device owner.

      Please do not confuse document retention with actually being hacked. If anyone on a group chat gets their device imaged before a private message goes poof, well you get the picture.

      The Feds found documents on Mark Mead

      • The Hatch Act requires government employees to retain all communications, which excludes the use of Signal outright because the government can't access the records. This is similar to how prior to the Sarbannes Oxley Act corporate types would bypass corporate document retention systems, (including email).

        Oops. When I wrote The Hatch Act, that was my error. I meant The Presidential Records Act.

        Excuse me for having Hatch Act on the brain, because it gets drilled into my brain.

      • Comment removed based on user account deletion
        • In almost all cases where evidence is coughed up, it's because there's evidence On The Device, and the Feds, (somehow), got access to the device

          and they very rarely intercept traffic anyway, so im not sure what the point of signal really is

          One can easily make the argument that Signal sucks. But then it still sucks less than everything else.

      • > Please do not confuse document retention with actually being hacked.

        You are missing the point, utterly.

        In a secure system, documents stored either sit behind high entropy or do not get stored at all. Signal defaults to storing all messages sent, and doesn't require anything more than trivial entropy protecting them. To be secure, it should either default to deleting old messages, or else require a high entropy local password. It does neither, so most people have zero privacy with signal.

        And, you blithe

        • You are missing the point, utterly.

          My point was, if you've still got documents on the phone when someone with a $5 wrench hits you hard enough, your documents will become exposed. If they didn't exist, they would not have been.

      • ...another thing I imagine the DOJ takes into consideration once they've captured a Signal user's phone, (and imaged it), is this:

        Still using Mark Meadows phone as an example, for the sake of argument let's say all the war room participants at the Willard Hotel in Washington DC on January 6, 2021 [rollingstone.com] were involved in a conspiracy and a Signal group chat linked everyone together. And the FBI somehow, possibly with a warrant captured and imaged 1 or 2 member's phones, and there's no messages in the group chat whi

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Friday August 09, 2024 @09:38AM (#64692540)
    Comment removed based on user account deletion
    • Comment removed (Score:4, Insightful)

      by account_deleted ( 4530225 ) on Friday August 09, 2024 @10:11AM (#64692606)
      Comment removed based on user account deletion
      • Comment removed based on user account deletion
      • I have a minor quibble with the ease of use of GPG in modern Thunderbird. Pre-v. 78 Thunderbird with Enigmail was the bees' knees. It was flexible, usable, secure, and worked quite happily with my Yubikey. In v. 115, the new built-in stuff is incredibly limited. As I keep my GPG keys on a Yubikey, I had to flip a bit in about:config to even try to use it. Once I flipped it, I STILL couldn't get it to work. I finally gave up and imported my keys directly into the Thunderbird keystore (which exists comp

    • by jd ( 1658 )

      Then PGP is in the wrong place in the email clients, or is improperly integrated.

      It should be no harder to read a PGP-encrypted email than it is to access an HTTPS-encrypted website or a signed APT repository.

      You should be able to install the key in exactly the same way as you'd install a new cert, and it should then Just Work.

      This is a problem I've been arguing needs solving since the mid 1990s. Whilst I'm glad there's now at least a few others on the planet who understand the problem, I do want to know wh

      • The folks doing PGP wanted a system that was distributed. That's the real difference. The reason that https works seamlessly is that you have decided to trust someone else to issue certificates and distribute certificates. Back when SSL certs were expensive I maintained my own CA both for work and for some individual projects that I had, and that was definitely clunky. It worked, and it was extra secure, because I actually trusted machines with certificates that I signed, but there was no really good wa

      • It should be no harder to read a PGP-encrypted email than it is to access an HTTPS-encrypted website or a signed APT repository.

        Someone else should hold your encryption keys in escrow for you? Because that's what you're asking for here: Do all of the work for me, because I can't be bothered with it. FYI: HTTPS is fundamentally broken with the existing CA system. It's been rendered completely useless for one of it's original goals, trust. To the point of all indications of it being removed from modern OSes and browsers. Sure you can use it to place keying material on end-users devices, but all of that is easily compromised by anyone

  • Signal removed a trivial PIN password at app launch and told me, "just use the android login" when that doesn't really serve my needs in all situations. I gave up on Signal being hard-core useful and secure a long time ago. He's right about the design mindset of course, but he's guilty of taking useful features away as well. But then he's made his money by selling out, hasn't he? I'm waiting for something better, like the complete dumping of phone numbers and options for a trivial server instance we can

  • This software snobbery is inflicting the world of Crypto as well. And shut up, don't tell me it's easy enough. Shut the hell up and get out of here. Fix the damn thing. Make it EASY. It should get to the point where an idiot who did not finish school can use the damn thing.

    • Out of curiosity, what school are you referring to? People need to know, because the standards are vastly different depending on what school you go to.
  • by Impy the Impiuos Imp ( 442658 ) on Friday August 09, 2024 @11:08AM (#64692730) Journal

    Keep programmers well away from product design [amazon.com].

    You don't know what you're doing. You just throw wrappers around your own harsh, internal APIs, and call it a day and think yourselves great.

    The book even dives into the tremendous usefulness of these "dancing bears", programs that do things complex and novel, which is why people even put up with clumsy integration into products. But keep the programmers well away from product design itself.

    And now, back to the movie.

    Ya know, Darcy, the thing about dancing bears is not how well they dance, but that they dance at all.

    • Would like to defend the (dubious) honour of programmers.
      I think you'd want to finger UX designers for the bullshit that passes for ... user interfaces.
      They took over from "programmers" as far as what you see when you use a program... close to 20 years ago.
      • I think you'd want to finger UX designers for the bullshit that passes for ... user interfaces.

        Those people are fine if the software maker actually wants you to use the product. Most UX design these days is about using psychological tricks to manipulate engagement. Whether that's for ads or to gain traction on a new product you want to push.

  • In what has to be the shortest blurb ever, Reuters is reporting [reuters.com] that Signal is being blocked all across Russia:

    MOSCOW, Aug 9 (Reuters) - Russia's state communications watchdog Roskomnadzor said that Signal, an encrypted messaging app, had been blocked in the country for violating local laws, Interfax news agency reported on Friday.

    The reason for this blockage is obvious. With Ukraine's attack on Russia and seizing 160 square miles of territory, despite Moscow saying six times the attack has been repelled, destroying a warehouse full of glide bombs, blasting a convoy of Russian vehicles and troops [bbc.com], and in general giving the bully a bloody nose, there is no way Putin wants the public to know how badly things are going for him.

    • In what has to be the shortest blurb ever, Reuters is reporting [reuters.com] that Signal is being blocked all across Russia:

      MOSCOW, Aug 9 (Reuters) - Russia's state communications watchdog Roskomnadzor said that Signal, an encrypted messaging app, had been blocked in the country for violating local laws, Interfax news agency reported on Friday.

      That's all the endorsement for using Signal anyone needs right there!

  • It should be tattooed on their foreheads backwards.

  • One checkbox that can be turned off or on. On by default. Plus three levels of âoeare you really sureâ every day if you turn it off.
    • One checkbox that can be turned off or on. On by default. Clearly made available in the Tools -> Settings -> Encryption Settings -> Global sub-menu.
  • Still happens, Most requested signal feature by a very long margin for years has been IOS backup and restore. Tens of thousands of feature votes, largely ignored. Great product, but sad when they ignore basic user needs.
    • Implementing backup and restore on an iPhone is very easy to implement. You just set a property on any files you want restored. Encryption keys are transferred through the keychain. For more security, keychain entries are marked whether they can be used on another device or not.

      Note that FaceID cannot handle older keys, so if the user used faceID they will have to set that up again.

You know you've landed gear-up when it takes full power to taxi.

Working...