Apple May Add Secure Password Suggestions to Safari with OS X Mountain Lion

1Password is a popular password service which offers apps and browser plug-ins for a number of platforms, including Mac, Windows, iOS and Android. The service automatically generates strong, unique passwords whenever a login is needed, keeping them in a keychain under a master password. Once authorized, 1Password can then automatically fill in user names and passwords when needed without the user having to know the often complex passwords created for maximum security.

But with Apple continuing to push out developer betas of OS X Mountain Lion and Safari 5.2, it is now becoming apparent that the company is looking to bake similar functionality directly into Safari.

safari 5 2 password pane
"Passwords" preference pane in Safari 5.2

One of the more visible changes in the Safari 5.2 developer builds has been a new "Passwords" pane in the application's preferences, offering a way for users to access stored user names and passwords for various sites and services. As currently deployed, the pane is essentially a more convenient way to view passwords already stored and accessible through the dedicated Keychain Access application.

safari 5 2 password suggest string
Text string addressing unique password suggestions in Safari 5.2

But text strings associated with the last several builds of Safari 5.2 point to more extensive password functionality for Safari, including an ability to suggest unique passwords rather than simply storing user-created ones. Specifically, one of those strings which is present in Safari 5.2 but not currently used in a public-facing context reads:

Safari can automatically suggest and remember unique, secure passwords for websites you choose.

With Mountain Lion's focus on taking greater advantage of iCloud services to keep data synced across devices, it seems reasonable to speculate that Apple has plans to roll this password functionality out to iCloud and iOS as well. The move would allow "unique, secure passwords" created on one device to be automatically available for use on another device without having to manually record or insecurely copy and paste password information for transfer.

Apple has already revealed its plans to use iCloud to integrate browser activity across devices, as evidenced by Safari tab syncing making its way into test builds. And interestingly, Apple previously offered keychain syncing across devices with .Mac and MobileMe, but discontinued the feature with the transition to iCloud. It now appears that the functionality was removed while Apple worked to revamp and expand it to increase its functionality.

icloud safari syncing lion mountain lion
iCloud's Safari syncing entry in System Preferences in Lion (left) and Mountain Lion (right)

Apple has also signaled its intention to broaden the browser syncing features of Safari with the iCloud preference pane in System Preferences under Mountain Lion. While the Safari section has been titled "Bookmarks" under Lion, with the addition of browser tab syncing and perhaps new user name and password syncing the section has now simply been retitled "Safari".

But while Apple certainly seems to have all of the pieces in place for higher security unique password generation and syncing across platforms via iCloud, the feature has not yet been introduced for testing in developer builds of OS X Mountain Lion. The feature has also not been seen in iOS builds, although the company has yet to begin developer testing on either iOS 6 or an interim iOS 5.2 update.

Top Rated Comments

Small White Car Avatar
121 months ago
I think I'm the only person in the world who tried and didn't like 1Password, so I'll be interested to see if Apple somehow does it differently.
Score: 9 Votes (Like | Disagree)
manu chao Avatar
121 months ago
I really am not liking the way Apple has "upgraded" the password thing for my apple account. It used to be just a password. Now if someone answers five questions about me that can probably easily be phished through casual conversation (what school did you go to?) they defeat my password.

My only alternative is to use false answers for those questions. Which means I need to keep track of my answers, which means I need something like 1password and if the password for that gets cracked, the keys to the kingdom are truly compromised.
.
You could use your existing password as answer to all questions. That way you are back to one password only.
Score: 5 Votes (Like | Disagree)
AdeFowler Avatar
121 months ago
As the Keychain App already has the ability to suggest and create secure passwords I guess this is a logical move. However, until they can be synced between devices, 1Password have nothing to fear.
Score: 4 Votes (Like | Disagree)
3282868 Avatar
121 months ago
And interestingly, Apple previously offered keychain syncing across devices with .Mac and MobileMe, but discontinued the feature with the transition to iCloud. It now appears that the functionality was removed while Apple worked to revamp and expand it to increase its functionality.
If this is true, I'd be ecstatic. I was disappointed when keychain syncing was removed, but if this was done to improve it, I'm game. Now if Apple works on Documents as a possible replacement for iDisk (using Dropbox now which is great), I'd be a happy camper with iCloud.
Score: 3 Votes (Like | Disagree)
DavidLeblond Avatar
121 months ago
I love 1password. I'll probably stick with them since they sync to my work Windows machine as well.
Score: 3 Votes (Like | Disagree)
leukotriene Avatar
121 months ago
That’s where they are now if you’re using DropBox. The encryption is good though.

I'm a 1password user and I use Dropbox for syncing, but here's a serious security risk:

Any app that you grant Dropbox permission to has access to your 1password database. A malicious app developer could, for example, put an app on the App Store that masquerades as a text editor that syncs with Dropbox. At a given time interval months from now (so as to evade App Store rejection), it uploads your 1password database to their server. At that point the developer can brute force the 1password database (could take days to years depending on your password strength) and have access I all your passwords. Even if 80% of 1password users use a strong enough password to make brute forcing a non-worthwhile endeavor, it's the unfortunate 20% who would get their password exposed by this sort of attack, and thus make this attack a profitable venture for a black hat. It's a very feasible scenario.

On the other hand, with Apple's hypothetical solution, it sounds like your master password would be sandboxed away from app developers whose apps access iCloud. My understanding of the iCloud APIs is that an app can only access data inside its own sandbox. Personally, if Apple comes up with a password syncing solution, I'll certainly switch.
Score: 2 Votes (Like | Disagree)

Top Stories

REC ASA CODE2016 20160601 205816 2745

Elon Musk Reportedly Demanded to Become Apple CEO as Part of Potential Tesla Acquisition [Update: Musk Denies]

Friday July 30, 2021 9:04 am PDT by
Tesla CEO Elon Musk reportedly once demanded that he be made Apple CEO in a brief discussion of a potential acquisition with Apple's current CEO, Tim Cook. The claim comes in a new book titled "Power Play: Tesla, Elon Musk and the Bet of the Century," as reviewed by The Los Angeles Times. According to the book, during a 2016 phone call between Musk and Cook that touched on the possibility of ...
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...
iPhone 13 Always On Feature

iPhone 13 to Bring Over a Major Feature From the Apple Watch

Wednesday July 28, 2021 2:21 am PDT by
Apple's upcoming iPhone 13 lineup will feature an always-on display akin to the Apple Watch Series 5 and Series 6, according to recent reports. In his weekly Power On newsletter, Bloomberg journalist Mark Gurman, who often reveals accurate insights into Apple's plans, said that the iPhone 13 may feature an Apple Watch-inspired always-on mode. The Apple Watch Series 5 and Apple Watch...
duracell battery bitter coating

Apple Says Don't Buy AirTag Replacement Batteries With Bitter Coating

Wednesday July 28, 2021 11:08 am PDT by
Since AirTags were just released earlier this year and are expected to have a year-long battery life, it may be some time yet before AirTag users need a replacement battery, but when the time comes for a refresh, Apple is warning customers not to buy batteries with a bitter coating. AirTags use coin-shaped CR2032 batteries, which happen to be a size that's easy to swallow. Some battery...
a15 chip

iPhone 13 and Redesigned MacBook Pro Chip Production Hit With Gas Contamination

Friday July 30, 2021 5:44 am PDT by
The most important TSMC factory that manufactures Apple's chips destined for next-generation iPhone and Mac models has been hit by a gas contamination, according to Nikkei Asia. The factory, known as "Fab 18," is TSMC's most advanced chipmaking facility. TSMC is Apple's sole chip supplier, making all of the processors used in every Apple device with a custom silicon chip. Industry...
apple rtp land

Apple Preparing to Occupy 200,000 Square Feet of Temporary Space Ahead of New $1 Billion North Carolina Campus

Thursday July 29, 2021 9:14 am PDT by
Back in April, Apple announced a $430 billion investment over the next five years to create more than 20,000 new jobs as the company continues to expand. One significant piece of that plan is a new engineering and research center in North Carolina where Apple will be investing over $1 billion and hiring at least 3,000 employees. Assemblage of seven properties in Research Triangle Park owned by ...
Apple Leak Feature

Apple Demands Leaker Reveals Sources Under Threat of Being Reported to Police

Wednesday July 28, 2021 6:53 am PDT by
Apple has sent a cease and desist letter to a leaker based in China as part of its continuing attempts to curtail leaks of unreleased products, according to Vice. A Chinese citizen who shared images of stolen Apple prototypes on social media was sent a warning letter from Fangda Partners, Apple's law firm in China, on June 18, 2021. An extract from the letter read:You have disclosed without ...
macos monterey tidbits feature copy

Apple Releases New macOS 12 Monterey Public Beta

Wednesday July 28, 2021 10:19 am PDT by
Apple today seeded the third public beta of the macOS 12 Monterey beta to public beta testers, allowing non-developers to test the new macOS Monterey software ahead of its public release. The third beta comes two weeks after Apple released the second macOS Monterey public beta. Public beta testers can download the macOS 12 Monterey update from the Software Update section of the System...
iOS 15 General Feature Purple

Apple Releases New Public Betas of iOS 15, iPadOS 15, watchOS 8, and tvOS 15

Wednesday July 28, 2021 10:16 am PDT by
Apple today seeded the third betas of iOS and iPadOS 15 to public beta testers, allowing non-developers to download and test the new updates ahead of their fall release. The third public betas come two weeks after Apple released the second public betas. Public beta testers who have signed up for Apple's beta testing program can download the iOS and iPadOS 15 updates over the air after...
nothing ear 1 buds 1

Nothing 'Ear (1)' True Wireless Earbuds Launch to Take on AirPods Pro With ANC and Unusual Design for $99

Tuesday July 27, 2021 7:57 am PDT by
Nothing, a new brand from OnePlus founder Carl Pei, has today officially launched the "Ear (1)" true wireless earbuds after months of anticipation around the company's AirPods Pro rival. The Ear (1) features an in-ear design, Active Noise Cancelation, Bluetooth 5.2, IPX4 water resistance, and a charging case with Qi-compatible wireless charging and a USB-C port. Fast pairing is supported on...