Apple May Add Secure Password Suggestions to Safari with OS X Mountain Lion

1Password is a popular password service which offers apps and browser plug-ins for a number of platforms, including Mac, Windows, iOS and Android. The service automatically generates strong, unique passwords whenever a login is needed, keeping them in a keychain under a master password. Once authorized, 1Password can then automatically fill in user names and passwords when needed without the user having to know the often complex passwords created for maximum security.

But with Apple continuing to push out developer betas of OS X Mountain Lion and Safari 5.2, it is now becoming apparent that the company is looking to bake similar functionality directly into Safari.

safari 5 2 password pane
"Passwords" preference pane in Safari 5.2

One of the more visible changes in the Safari 5.2 developer builds has been a new "Passwords" pane in the application's preferences, offering a way for users to access stored user names and passwords for various sites and services. As currently deployed, the pane is essentially a more convenient way to view passwords already stored and accessible through the dedicated Keychain Access application.

safari 5 2 password suggest string
Text string addressing unique password suggestions in Safari 5.2

But text strings associated with the last several builds of Safari 5.2 point to more extensive password functionality for Safari, including an ability to suggest unique passwords rather than simply storing user-created ones. Specifically, one of those strings which is present in Safari 5.2 but not currently used in a public-facing context reads:

Safari can automatically suggest and remember unique, secure passwords for websites you choose.

With Mountain Lion's focus on taking greater advantage of iCloud services to keep data synced across devices, it seems reasonable to speculate that Apple has plans to roll this password functionality out to iCloud and iOS as well. The move would allow "unique, secure passwords" created on one device to be automatically available for use on another device without having to manually record or insecurely copy and paste password information for transfer.

Apple has already revealed its plans to use iCloud to integrate browser activity across devices, as evidenced by Safari tab syncing making its way into test builds. And interestingly, Apple previously offered keychain syncing across devices with .Mac and MobileMe, but discontinued the feature with the transition to iCloud. It now appears that the functionality was removed while Apple worked to revamp and expand it to increase its functionality.

icloud safari syncing lion mountain lion
iCloud's Safari syncing entry in System Preferences in Lion (left) and Mountain Lion (right)

Apple has also signaled its intention to broaden the browser syncing features of Safari with the iCloud preference pane in System Preferences under Mountain Lion. While the Safari section has been titled "Bookmarks" under Lion, with the addition of browser tab syncing and perhaps new user name and password syncing the section has now simply been retitled "Safari".

But while Apple certainly seems to have all of the pieces in place for higher security unique password generation and syncing across platforms via iCloud, the feature has not yet been introduced for testing in developer builds of OS X Mountain Lion. The feature has also not been seen in iOS builds, although the company has yet to begin developer testing on either iOS 6 or an interim iOS 5.2 update.

Top Rated Comments

Small White Car Avatar
138 months ago
I think I'm the only person in the world who tried and didn't like 1Password, so I'll be interested to see if Apple somehow does it differently.
Score: 9 Votes (Like | Disagree)
manu chao Avatar
138 months ago
I really am not liking the way Apple has "upgraded" the password thing for my apple account. It used to be just a password. Now if someone answers five questions about me that can probably easily be phished through casual conversation (what school did you go to?) they defeat my password.

My only alternative is to use false answers for those questions. Which means I need to keep track of my answers, which means I need something like 1password and if the password for that gets cracked, the keys to the kingdom are truly compromised.
.
You could use your existing password as answer to all questions. That way you are back to one password only.
Score: 5 Votes (Like | Disagree)
AdeFowler Avatar
138 months ago
As the Keychain App already has the ability to suggest and create secure passwords I guess this is a logical move. However, until they can be synced between devices, 1Password have nothing to fear.
Score: 4 Votes (Like | Disagree)
3282868 Avatar
138 months ago
And interestingly, Apple previously offered keychain syncing across devices with .Mac and MobileMe, but discontinued the feature with the transition to iCloud. It now appears that the functionality was removed while Apple worked to revamp and expand it to increase its functionality.
If this is true, I'd be ecstatic. I was disappointed when keychain syncing was removed, but if this was done to improve it, I'm game. Now if Apple works on Documents as a possible replacement for iDisk (using Dropbox now which is great), I'd be a happy camper with iCloud.
Score: 3 Votes (Like | Disagree)
DavidLeblond Avatar
138 months ago
I love 1password. I'll probably stick with them since they sync to my work Windows machine as well.
Score: 3 Votes (Like | Disagree)
leukotriene Avatar
138 months ago
That’s where they are now if you’re using DropBox. The encryption is good though.

I'm a 1password user and I use Dropbox for syncing, but here's a serious security risk:

Any app that you grant Dropbox permission to has access to your 1password database. A malicious app developer could, for example, put an app on the App Store that masquerades as a text editor that syncs with Dropbox. At a given time interval months from now (so as to evade App Store rejection), it uploads your 1password database to their server. At that point the developer can brute force the 1password database (could take days to years depending on your password strength) and have access I all your passwords. Even if 80% of 1password users use a strong enough password to make brute forcing a non-worthwhile endeavor, it's the unfortunate 20% who would get their password exposed by this sort of attack, and thus make this attack a profitable venture for a black hat. It's a very feasible scenario.

On the other hand, with Apple's hypothetical solution, it sounds like your master password would be sandboxed away from app developers whose apps access iCloud. My understanding of the iCloud APIs is that an app can only access data inside its own sandbox. Personally, if Apple comes up with a password syncing solution, I'll certainly switch.
Score: 2 Votes (Like | Disagree)

Popular Stories

Cyber Monday Deals Feature 2022

Best Cyber Monday Apple Deals Still Available for AirPods, Apple TV, iPad, and More

Monday November 28, 2022 5:24 am PST by
The Black Friday and Cyber Monday holiday shopping rush is drawing to a close, but there are still some good deals to be had out there. For Apple products, many of the deals you've seen since last week are still available, though some have expired. So for anyone who missed out on Black Friday deals, there's still an opportunity to get some of the year's best prices on many Apple devices. Note: ...
iPhone 14 Pro Rear Camera

iPhone 15 to Use 'State-of-the-Art' Image Sensor From Sony for Better Low-Light Performance

Monday November 28, 2022 11:00 am PST by
Apple's upcoming iPhone 15 models will be equipped with Sony's newest "state of the art" image sensors, according to a report from Nikkei. Compared to standard sensors, Sony's image sensor doubles the saturation signal in each pixel, allowing it to capture more light to cut down on underexposure and overexposure. Nikkei says that it is able to better photograph a person's face even with...
Apple Watch Ultra Oceanic Plus App

Apple Announces Oceanic+ App Now Available for Apple Watch Ultra

Monday November 28, 2022 6:11 am PST by
Apple today announced that the Oceanic+ app is available for the Apple Watch Ultra starting today. Designed by Huish Outdoors in collaboration with Apple, the app serves as a dive computer for recreational scuba diving at depths up to 40 meters/130 feet. Apple already offers a basic Depth app on the Apple Watch Ultra for viewing your current depth, maximum depth reached, water temperature,...
app store awards 2021

Apple Announces 2022 App Store Award Winners, Highlighting Best Apps of the Year

Tuesday November 29, 2022 3:10 am PST by
Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple's global App Store editorial team. The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver "exceptional experiences." Apple CEO Tim Cook said: This year's App Store Award winners reimagined...
rapid security response

Apple Releases Another Rapid Security Response Update for iOS 16.2 Beta Users

Monday November 28, 2022 10:16 am PST by
Apple today released a Rapid Security Response update that is available for those running the iOS 16.2 beta, marking the launch of the second RSR update since the feature was released in iOS 16. The Rapid Security Response Update is designed to provide iOS 16.2 beta users with bug fixes without the need to install a full update. The initial RSR release for iOS 16.2 beta users was a test with ...
twitter elon musk

Elon Musk Claims Apple Has 'Mostly Stopped' Offering Ads on Twitter and Is Making Moderation Demands

Monday November 28, 2022 10:42 am PST by
Apple has cut back on its Twitter advertising, according to Twitter CEO Elon Musk. In a tweet, Musk said that Apple has "mostly stopped" its Twitter ads, asking if Apple hates "free speech." Musk went on to publish a poll asking if Apple should "publish all censorship actions" taken that impact customers and he began retweeting content from companies that Apple has had moderation discussions ...
iphone 11 tesla cybertruck close up

Elon Musk Pledges to Build iPhone Rival If Apple Ousts Twitter

Tuesday November 29, 2022 2:48 am PST by
Elon Musk has pledged to offer an "alternative phone" if Apple and Google remove Twitter from their app stores, adding to long-standing rumors about an iPhone rival from Tesla. Modified iPhone 11 Pro in the style of the Tesla Cybertruck, by Caviar. Musk's remark came after being asked about the potential scenario of Twitter being removed from app stores, which could conceivably happen if the...
General Black Friday Deals 2022 Green

All the Apple Black Friday Deals You Can Still Get

Friday November 25, 2022 4:40 am PST by
Although Black Friday is now technically over, many Apple products are still seeing major discounts through the weekend as we head into Cyber Monday. In this article, you'll find every Apple device with a notable Black Friday sale that's still available. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet. Note:...