Apple has made a striking password security move that will impact all users, for the better.
Apple has made a striking password security move that will impact all users, for the better.
Passwords as a form of security are flawed. People forget them, they reuse them multiple times, and they are often exposed in breaches. It is with this in mind that Apple has made the striking move to launch an open source project to make passwords stronger for users of all services.
In an update yesterday, Apple detailed how its new Password Manager Resources open source project would help password manager developers collaborate to “create strong passwords that are compatible with popular websites.”
Apple is hoping that by integrating website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords, the project will make passwords stronger for everyone—not just iPhone users.
Other resources include collections of websites known to share a sign-in system and links to websites’ pages where users change passwords, Apple said.
Apple’s iCloud Keychain password manager—which will be beefed up in this year’s iOS 14—has brought password managers to the masses. As is the way with most Apple products, an iPhone user who probably wouldn’t use a separate password manager such as 1Password or LastPass often ends up using the Keychain by default.
“The key to the success of a password manager is to make them integrate well, easy to use and secure,” says ESET cybersecurity specialist Jake Moore. He points out that by making this new project open source, Apple is aiming to collaborate with other password managers.
The new move comes as Apple continues to make contributions to the security community. Apple also advocates the use of security keys having last year joined the FIDO Alliance—an organization dedicated to reducing reliance on passwords by using biometrics and security keys such as the Yubico YubiKey.
Password security isn’t easy. You need a unique password for each site, and some sites don’t accept certain characters, so password manager generated credentials don’t always work. This can sometimes leave people deciding passwords themselves—not really a good idea.
Apple’s new project is aiming to improve this for the better. It’s a great move that will hopefully improve password security for everyone. Bravo, Apple.
