Apple’s latest update for iPhone, iOS 18, is available today and introduces a new app called Passwords. This marks the first time Apple has dedicated a standalone app for managing login credentials, aiming to enhance security for countless users with weak passwords.
For years, experts have advocated the use of unique, strong passwords for each online service. Users generally belong to one of two groups: those who have embraced password managers and those who continue to reuse simple passwords like “123456.”
The addition of the new Passwords app in iOS 18.
The secure, encrypted Passwords app now comes standard with iOS 18, representing an advance on Apple’s Keychain and password management tools. Keychain, which has been around for over ten years, is being integrated into this more prominent solution, with existing details transitioning to the new app.
The introduction of the new password manager app, which will be compatible with MacOS Sequoia and iPadOS 18, is poised to enhance user interactions with password management and could potentially impact the market of existing password managers.
“With this initiative, the app gains increased exposure among general users and promotes the secure practice of password storage and management,” state Talal Haj Bakry and Tommy Mysk from the security firm Mysk. “It comes pre-installed and integrates end-to-end encryption for syncing data across multiple devices.”
The user interface of the Passwords app is straightforward, with six sections accessible on its main screen on an iPhone: All, Passkeys, Codes, Wi-Fi, Security, and Deleted. These sections neatly categorize the data, facilitating efficient storage and retrieval. The Security section is particularly useful for identifying weak or compromised passwords.
“The installation of this app as a default option will significantly encourage its use and improve user security,” comment Bakry and Mysk. They note that the app displays saved information more clearly compared to the Settings app.
Apple states that its Passwords app uses end-to-end encryption to securely store your details, ensuring that nobody, including Apple, can access your saved information. The app allows you to search for login details, and it gives you the option to create groups for sharing passwords.
Your login information is synced across your Apple devices via iCloud. This means your encrypted data is stored on Apple’s cloud servers and is accessible from any of your Apple devices. You can also disable password syncing on specific devices through Apple’s settings, and the app is secured with FaceID.
When you start using the Passwords app, any existing details saved in Keychain or AutoFill are automatically transferred to this new app. This transition also applies to details associated with the Sign in with Apple login system used on various websites or apps. The reason behind Apple’s decision to develop its Keychain system into a full password manager is not clear, and Apple has not yet responded to inquiries regarding this development.
According to Siamak Shahandashti, a senior lecturer in cybersecurity and privacy at the University of York, this move by Apple could promote better password management practices among users. By making passwords more visible and manageable, Apple might be aiming to enhance overall security and user compliance.
“We need to design authentication systems for human beings,” Shahandashti says. “We cannot expect users to maintain a hundred accounts, for each of them use a strong password. It’s actually the fault of the designers because these systems have not been designed for users considering the capability of an average human being.”
Passwords are slowly dying. Enter the passkey. For the last couple of years, websites, apps, and phone manufacturers have been in the process of rolling out passkeys—a technology that replaces passwords, is more secure, and doesn’t require you to remember any complex login details. (Although passkeys still have some teething problems.)
Leona Lassak, a research assistant at Ruhr-University Bochum who has studied passkey adoption, says greater “visibility” of the Passwords app can help get the sign-in technology to a broader audience, one which might not use a password manager otherwise. Apple’s Passwords app could overall help with the perception and transition to passkeys, Lassak says. “There has been discussion about the need for passkey managers because once we actually use them on websites, there’s probably going to be multiple for each website,” she says.
The app is also, at least subtly, encouraging the adoption of passkeys. Within Passwords’ settings, accessed through Apple’s System preferences, there’s the option to turn on “automatic” passkey upgrades, which will allow existing accounts to use passkeys when they are available.
Password managers have been around for some time, offering various choices from open-source applications to browser-integrated solutions, each with unique advantages and disadvantages. Explore different password managers available.
Apple’s entry into the password management space with a new application on countless iPhones, Macs, and iPads could influence the broader market. Bakry and Mysk mentioned, “There’s no doubt that Apple’s Passwords app could ‘sherlock’ third-party password managers—or make them less appealing.” This system requires iCloud for synching passwords, a potential privacy concern for some users.
This could also mean users are locked into using Apple’s password system, as initially, it seems there might be no way to export this data for use with other commercial solutions. A competing password manager highlighted their product’s compatibility across various platforms, extending beyond the Apple ecosystem. For those on Windows, saved credentials can be managed via iCloud for Windows.
Choosing a password manager should depend on the type of software you prefer to support and the specific security challenges you might face. For many, using Apple’s new app might be preferable to not employing a password manager at all.