Apple Launches Open Source Project to Let Password Management Apps Create Strong Passwords

by

Apple today informed developers that it has launched a new open source project that's designed to let those who develop password management apps create strong passwords compatible with popular websites.

1passwordgenerate
The new Password Manager Resources open source project allows password management apps to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords.

Many password managers generate strong, unique passwords for people, so that they aren't tempted to create their own passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.

The project also features a collection of websites known to share a sign-in system, links to website pages where users can change passwords, and more, with full details available on GitHub.

Apple says that having password managers collaborate on resources like password rules and change password URLs allows all password management apps to improve their quality with less work, plus it encourages websites to use standards or emerging standards to improve their compatibility with password managers.

Tag: Apple Developer Program

Popular Stories

iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching in Three Months With These 12 New Features

Saturday June 21, 2025 2:45 pm PDT by
The iPhone 17 Pro and iPhone 17 Pro Max are around three months away, and there are plenty of rumors about the devices from credible sources. Below, we recap key changes rumored for the iPhone 17 Pro models as of June 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X...
Read Full Article
iPhone 16 Battery Life Feature

iOS 26's New Battery Life Mode Available Only on These iPhone Models

Saturday June 21, 2025 9:02 am PDT by
Last week, we reported that iOS 26 introduces an opt-in Adaptive Power Mode on the iPhone, alongside the existing Low Power Mode. Apple says that Adaptive Power Mode can make "small performance adjustments" when necessary to extend an iPhone's battery life, including slightly lowering the display brightness or allowing some activities to "take a little longer." The full description of...
Read Full Article65 comments
All Screen iPhone 2027 Feature 1

iPhone Reportedly Moving to All-Screen Design in Two Stages

Sunday June 22, 2025 3:58 pm PDT by
Apple has long been working towards an iPhone with an all-screen design, and it might finally achieve the feat in a few more years from now. In his Power On newsletter today, Bloomberg's Mark Gurman said that Apple will shrink the size of the Dynamic Island on new iPhone models released next year. A year after that, he expects Apple to release a redesigned 20th-anniversary iPhone model....
Read Full Article86 comments
ios 26 control center b2

Everything New in iOS 26 Beta 2

Monday June 23, 2025 2:57 pm PDT by
Apple provided developers with the second beta of iOS 26, introducing the first changes and refinements to the new operating system since it debuted after the WWDC keynote. Because we're early in the beta testing process, there are quite a few tweaks to iOS 26, which we've rounded up below. Subscribe to the MacRumors YouTube channel for more videos. Control Center The background behind the...
Read Full Article45 comments
apple watch ultra 2 new black

Apple Watch Ultra 3 Finally Coming After Two-Year Hiatus

Tuesday June 24, 2025 3:40 am PDT by
Apple will finally deliver the Apple Watch Ultra 3 sometime this year, according to analyst Jeff Pu of GF Securities Hong Kong (via @jukanlosreve). The analyst expects both the Apple Watch Series 11 and Apple Watch Ultra 3 to arrive this year (likely alongside the new iPhone 17 lineup, if previous launches are anything to go by), according to his latest product roadmap shared with...
Read Full Article125 comments
ios 26 control center b2

iOS 26 Beta 2 Fixes Control Center Design

Monday June 23, 2025 10:58 am PDT by
With the second beta of iOS 26 that Apple provided to developers today, Apple addressed one of the major complaints that people have had with Liquid Glass. iOS 26 beta 1 on left, iOS 26 beta 2 on right The Control Center buttons are now slightly more opaque, making it easier to see the different control options even on a multicolored background. The new, more opaque look is apparent with the ...
Read Full Article113 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro's Alleged Vapor Chamber Cooling System Partly Revealed

Sunday June 22, 2025 6:37 am PDT by
Apple's upcoming iPhone 17 Pro and iPhone 17 Pro Max models are rumored to be equipped with a vapor chamber cooling system, and a leaker known as Majin Bu today shared a photo of an alleged copper thermal plate for the system. Many high-end Android smartphones like Samsung's Galaxy S25 Ultra are equipped with a vapor chamber cooling system, which can manage heat dissipation inside the...
Read Full Article77 comments
Apple Watch Ultra 2 Complications

watchOS 26 Adding a Smaller Yet Useful New Watch Face Setting

Monday June 23, 2025 9:39 am PDT by
watchOS 26 is adding a new "Show Data When Locked" setting to the Apple Watch. MacRumors contributor Steve Moser discovered the new setting within the code for the first watchOS 26 beta, and a Reddit user has seemingly found it in action, but we have yet to figure out where it is exactly. Leave a comment if you know. The new privacy setting allows you to toggle on or off the ability to...
Read Full Article14 comments
Apple CarPlay Ultra cluster Now Playing

These Apple CarPlay Ultra Partners Now Say They Won't Support It

Wednesday June 25, 2025 5:03 am PDT by
Apple is facing mounting resistance from automakers over CarPlay Ultra, the next-generation version of its CarPlay software system for vehicles that was announced last month. A new (paywalled) Financial Times report claims several major brands are walking back their earlier commitments to support the upgraded dashboard software. German luxury manufacturers Mercedes-Benz and Audi have both...
Read Full Article185 comments

Top Rated Comments

kop48 Avatar
kop48
66 months ago
Any reason why the article shows the password generator from 1Password without references? :)
Score: 21 Votes (Like | Disagree)
mnsportsgeek Avatar
mnsportsgeek
66 months ago
The thing I’d really like to see is password generation in safari for 3rd party apps.

It’s a bit of a pain to create new accounts in 1Password with the proper url. You have to go back and forth between the app and 1Password a time or two. It’d be nice if it was more streamlined for 3rd party apps kind of like it is for keychain.
Score: 14 Votes (Like | Disagree)
TriBruin Avatar
TriBruin
66 months ago

there's still going to be (and are) plenty of websites that create their own stupid password rules that no password manager that generates strong passwords will be able to comply. People are still going to have to roll their own- kinda taking away the spark of this project. - But at least it's a step in the right direction.
From the way I read it, that is the goal of this project. Once enough password managers add this feature, it should not matter (from a password generation POV), what the requirements are. The password manager will know BEFORE it generates a password.

Take an example from one of the existing websites in the password-rules.json:

According to the JSON, bhphotovideo.com has a requirement of a password max length of 15 characters. Pretend you go to that website and attempt to create an account. You use the Password Generator in Safari (or any password manager), BEFORE the password generator attempts to create a complex password, it reads the JSON and finds the bhphotovideo.com URL. It then reads the requirements (Max length 15). It immediate creates a password that fits that requirement, regardless of what your defaults are. No action needed on your part to manually change the requirements (which may not be obvious on the webpage.)

The key is (a) the list of password requirements is kept up to date. Since this is published on GitHub, anyone can make a PULL request to update. I wonder what Apple's merge requirements are going to be.

(b) Password managers integrate this in to there workflow.
Score: 14 Votes (Like | Disagree)
NightFox Avatar
NightFox
66 months ago

Any reason why the article shows the password generator from 1Password without references? :)
I'd guess that if they did reference it, people on here would be asking why they'd singled out 1Password to feature over other PWMs
Score: 13 Votes (Like | Disagree)
Stanfield Avatar
Stanfield
66 months ago

Sure. Give hackers the open source code to help people generate passwords. What can go wrong? :rolleyes:
Openness enables collaboration. Black boxes maintained by a single company aren't usually the best method for strong security. I want security that shows you exactly what its doing, has been vetted by a community of security experts, and dares the hackers to break it.
Score: 9 Votes (Like | Disagree)
bookofxero Avatar
bookofxero
66 months ago
It would be great if websites would have some consistency in their input validation and database schemas. I know one company that allows almost every special character but a comma - and the error message doesn't tell you which special character is the disallowed one. I used 1password and had to go through the generated password and remove each special character 1-by-1 to figure out which one was problematic.
"Hrm, octothorp? Nope. Modulus? Nope. Pipe? Nope. Asterisk? Nope. Greater than symbol? Nope. That just leaves the comma. What?! Seriously?"
It really is an awful experience and I can see why other users would resort to weak and/or reused passwords.
I've see other sites with very specific character length guidelines and other weird combinations. One site, which has since updated to something more secure, even once required 8-15 characters, letters and numbers only. If I were trying to brute force or guess a potentially weak password, wouldn't that make the dictionary size much smaller and thus easier to crack?
Score: 7 Votes (Like | Disagree)
Read All Comments