iPhones can only do what Apple allows developers to do, which isn’t much.
A random payment provider can’t use NFC on the iPhone, but they can use the camera. So here we are. QR payments are super popular all over Asia (and yes they suck, but you can blame Apple)
Maybe I'm misunderstanding the feature, but I've been auto-filling login forms since I was using IE7 with RoboForm. Other than using Touch ID to trigger the auto-fill instead of 1 click, I don't see any improvements in iOS/macOS Safari.
You leave all your password on the iCloud, accessible by AppleID but that AppleID password is so powerful and covers many more sensitive things (AppleWallet, ApplePay, ...)
Whereas, using a separate PIN/passcode at application-level provides a separate (master) password which would be used for all your passwords (in case your AppleID password gets compromised).
I do not use touchID nor FaceID because it violates the Principle of 3 Factors of Authentication: AppleID merges two of three factors:
> using a separate PIN/passcode at application-level provides a separate (master) password which would be used for all your passwords (in case your AppleID password gets compromised).
That already happens exactly as you mentioned.
You need a secondary encryption password for encrypted iCloud data as well. Having access to your Apple account isn't enough.
Apple finally provides a modicum variant of Zero Knowledge password.
But that is only available in next iOS version 16.2. [1]
But, but ... BUT the Apple macOS/iOS issue of Three Form of Authentication being still being reduced into Two-Form with their merge (OR-logic) of what you have (FaceID/TouchID) and what you know (PIN/passcode) ... remains.
That reduction of authentication is still the greatest weakest link to individual security (whether ADP is used after v16.2 or not).
A random payment provider can’t use NFC on the iPhone, but they can use the camera. So here we are. QR payments are super popular all over Asia (and yes they suck, but you can blame Apple)