Apple is making some changes to how passwords work with the release of iOS 12, offering new capabilities that make it easier to create and use strong passwords, help you make sure that your passwords are unique, and even giving a helping hand that will make third-party password managers like 1Password and LastPass better able to integrate with the system.
The changes coming to how passwords are handled in iOS are meant to make your digital life more secure and more convenient. Here's a rundown of what you can expect.
Apple occasionally offers updates to iOS, iPadOS, watchOS, tvOS, and macOS as closed developer previews or public betas (opens in new tab). While the betas contain new features, they also contain pre-release bugs that can prevent the normal use of your iPhone, iPad, Apple Watch, Apple TV, or Mac, and are not intended for everyday use on a primary device. That's why we strongly recommend staying away from developer previews unless you need them for software development, and using the public betas with caution. If you depend on your devices, wait for the final release.
- Automatic strong passwords
- Password reuse auditing
- Security code AutoFill
- Password sharing
- Password Manager API
Automatic strong passwords
Apple has offered strong, automatic password suggestions in iOS for some time now, generating suggestions when users created new login credentials in Safari. iOS 12 takes it a step further. Instead of just suggesting a strong password, iOS will create a password, then present you with two options: use Apple's password or create your own. If you choose to use Apple's, the password created by iOS is automatically stored securely in iCloud Keychain and synced across your devices without you ever having to see it. These passwords will be filled automatically when logging into the corresponding service. The goal is to make strong password creation simple and secure.
What's more, iOS will be able to do this outside of Safari, too. When you sign up for an account within an app in iOS 12, the same password creation process will present itself there, as well. Developers will be able to customize this process to an extent. If their app or service has certain password requirements (excluding particular symbols, including both a number and a capital letter, etc.), developers can tell iOS, and those requirements will be taken into account when the system generates the strong password.
If you ever need to get to one of these passwords, you can always ask Siri. But don't worry, Siri won't go blurting your password out. You'll need to authenticate with your device, and then you'll be taken to your password list, which you would normally find under Settings > Passwords & Accounts > Website & App Passwords.
Password reuse auditing
Building on the theme of better user security, iOS will also warn you if you reuse a password across multiple websites and apps. You can find and edit the offending login credentials like this:
- Open Settings on your iPhone or iPad.
- Tap Passwords & Accounts.
- Scroll through your passwords and tap on one with a triangular warning symbol.
- Tap Change Password on Website to be taken to the relevant website to change your credentials.
Security code AutoFill
SMS is a popular way for companies to deliver one-time codes to users that have two-step verification turned on for logging into their accounts. While currently, you might need to flip between the Messages app and the app to which you're logging in in order to get that code, iOS 12 lets you stay where you are. When you receive an authentication code in a text message, iOS will find it automatically and place it in the QuickType bar of the keyboard, just as though you were getting a suggestion for a word to type.
With iOS 12, macOS Mojave, and tvOS 12, you'll be able to share passwords with you nearby Apple devices. This is especially useful with the Apple TV, which doesn't have access to iCloud Keychain like iPhones, iPads, and Macs do. When logging into an app, you'll receive a notification on your iPhone or iPad from your Apple TV, which you can tap to bring up a password entry field. Your iOS device's QuickType keyboard will then offer to let you AutoFill your login credentials on your Apple TV, for instance, with just a tap. It works like this:
- Open your app on Apple TV.
- Select the email address field on the login page.
- Tap the Keyboard and Password AutoFill notification on your iPhone or iPad.
- Tap the credentials that pop up on the QuickType keyboard bar.
- Tap the key icon on the QuickType keyboard bar if the credentials didn't pop up on their own.
- Search for the relevant login information.
- Tap the login information that you want to use. Your username/email address and password will then populate the correct fields on your Apple TV app.
- Select the Login or equivalent button on your Apple TV.
This is made possible by one of the coolest little tricks I've seen from Apple in recent memory. With tvOS 12, the Siri Remote that comes with the 4th-generation Apple TV and the Apple TV 4K can act as a locator, finding nearby iOS devices on which to offer an AutoFill request. Because it's proximity-based, you shouldn't get these requests on all of you devices, just those that are closest to your remote.
Password Manager API
This is pretty cool. While iCloud Keychain is great for many, some people, myself included, prefer third-party password managers like 1Password and LastPass. And with iOS 12, Apple is making it easier to use those apps by providing a new Password AutoFill extension. With this extension, developers will be able to offer their stored login credentials in the QuickType bar on the iOS keyboard in both Safari and third-party apps, just like Apple does now with iCloud keychain when you're logging in somewhere.
So instead of having to tap the share button, tap the 1Password extension button, authenticate, and tap on or find the relevant login credentials in order to use 1Password, I should just be able to tap once on my credentials that appear right above the keyboard, just as though they were a part of the system on my iPhone or iPad.
If you have more questions about what's new with passwords in iOS 12, let us know in the comments.
Joseph Keller is the former Editor in Chief of iMore. An Apple user for almost 20 years, he spends his time learning the ins and outs of iOS and macOS, always finding ways of getting the most out of his iPhone, iPad, Apple Watch, and Mac.
I wonder when Safari will implement the Web Authentication API, then we can talk about the future of passwords (or lack of). The next version of Chrome, Edge and the current version of Firefox all support it.
With regard to password managers: is Dashlane one of the ones that will work with the new security environment?
I would assume so considering they have an iOS app, however for a concrete answer you would need to contact Dashlane yourself.
This is one more reason to push people with multiple devices away from Apple. Microsoft and Google will never support (they still don't support CalDAV or CardDAV) this and it is probably tied up with a myriad of patents making it totally non-portable. As it is right now, Apple generates useless passwords that cannot be typed nor remembered and it will just mean more people with a little book of passwords, post-it notes on their computers, or (shudder) a text file on their desktop. This might work if you are all Apple, all the time, but you will never be able to check your email from away from home or access the emergency documents in your Dropbox because you lost all of your possessions on a flooded cruise ship and are stuck in a foreign country. In a more common scenario, if you have an iPhone and a PC, or a Mac and an Android phone and also use a PC, you are screwed.
Hence the reason for the Password Manager API, which lets you use cross-platorm solutions such as 1Password
If you have a PC, you are already screwed regardless of what phone you have. Passwords are the least of your worries. "This might work if you are all Apple, all the time". As many people here are. If you are all Microsoft, all the time then feel free to use their solution. "This is one more reason to push people with multiple devices away from Apple. " Actually it is one more reason to dump the other devices and go all in with Apple. Personally, I don't use any of these password managers. Storing passwords in the cloud strikes me as remarkably stupid. Oh sure, "but it is safe!". Those are famous last words. Everything is safe online until there is a data break in.
Get the best of iMore in in your inbox, every day!
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.