Is there another place that passwords are saved in for iOS apps vs safari?

I log into Wells Fargo's app with Face ID. But when I try to log in via the web, the password I have saved in iOS does not work (an old password, apparently).

I'm assuming that to log into the app, my password must be saved somewhere and transmitted to Wells Fargo. If I changed my password and iOS no longer has it, shouldn't I be unable to log in to the app even if my Face ID recognizes my face?


Solution 1:

Your assumption is incorrect - it's not necessary for an app to know nor transmit your password to login to a service.

Usually authentication for these types of apps work by you logging with a password for the first login. The app is then issued a token, which you can think of as being a very long, single purpose password. For all future logins, the apps does not authenticate with your own password, but instead using that token.

This makes it possible for app developers to let you login using FaceID, TouchID and all sorts of other methods specifically without storing your own password on the device. In addition it allows them to give users the benefit that they can track which units are used to login, and to revoke the token (i.e. invalidate it) so that a specific device can no longer login (without further user authentication).