Apple Launches Open Source Project to Let Password Management Apps Create Strong Passwords

by

Apple today informed developers that it has launched a new open source project that's designed to let those who develop password management apps create strong passwords compatible with popular websites.

1passwordgenerate
The new Password Manager Resources open source project allows password management apps to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords.

Many password managers generate strong, unique passwords for people, so that they aren't tempted to create their own passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.

The project also features a collection of websites known to share a sign-in system, links to website pages where users can change passwords, and more, with full details available on GitHub.

Apple says that having password managers collaborate on resources like password rules and change password URLs allows all password management apps to improve their quality with less work, plus it encourages websites to use standards or emerging standards to improve their compatibility with password managers.

Tag: Apple Developer Program

Popular Stories

iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro's alleged design via Front Page Tech Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone...
Read Full Article236 comments
iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive a New Perk

Thursday March 20, 2025 12:01 am PDT by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. The new perk is the ability to create invitations in the Apple Invites app for the iPhone, which launched in the App Store last month. In the Apple Invites app, iCloud+ subscribers can create invitations for any occasion, such as birthday parties, graduations, baby showers, and more. Anyone ...
Read Full Article30 comments
Generic iOS 18

Apple Seeds iOS 18.4 and iPadOS 18.4 Release Candidate With Priority Notifications, Ambient Music and More

Monday March 24, 2025 10:07 am PDT by
Apple today seeded the release candidate versions of upcoming iOS 18.4 and iPadOS 18.4 updates to developers for testing purposes, with the software coming a week after Apple released the fourth betas. iOS 18.4 and iPadOS 18.4 can be downloaded from the Settings app on a compatible device by going to General > Software Update. With iOS 18.4, Apple is adding the Priority Notifications...
Read Full Article52 comments
airpods max 2024 colors

Don't Buy Into Apple's Hype About AirPods Max Gaining Lossless Audio

Monday March 24, 2025 4:24 pm PDT by
Apple today announced that AirPods Max with a USB-C port will be gaining support for lossless audio and ultra-low latency audio with a firmware update next month, alongside the release of iOS 18.4, iPadOS 18.4, and macOS 15.4. For context, audio files are typically compressed to keep file sizes smaller. There are lossy compression standards like MP3 and AAC (Advanced Audio Codec), which...
Read Full Article266 comments
Generic iOS 18

iOS 18.4 Coming Soon With These New Features for Your iPhone

Tuesday March 25, 2025 6:45 am PDT by
Apple is expected to release iOS 18.4 to the general public as soon as next week, following more than a month of beta testing. Apple's website says some iOS 18.4 features will be released in "early April," so the update should be out as early as Tuesday, April 1. Apple this week seeded the iOS 18.4 Release Candidate, which is typically the final beta version, barring the discovery of any...
Read Full Article14 comments
iOS 18

Top 5 New Features Coming in iOS 18.4

Friday March 21, 2025 3:26 pm PDT by
We're not getting new Siri Apple Intelligence features in iOS 18.4 as expected, but the upcoming update does have quite a few new additions that will be worth upgrading for. We've rounded up the five best features to look forward to, and if you're not running the beta, you can expect to get access to these in early April. Priority Notifications If you have an iPhone or iPad that supports...
Read Full Article93 comments
Foldable iPhone 2023 Feature Iridescent Search

Foldable iPhone Expected to Launch Next Year, Costing Around $2,000

Monday March 24, 2025 3:43 am PDT by
Apple will launch its long-rumored foldable iPhone next year with a ~$2,000 premium price tag attached, expects well-connected Bloomberg reporter Mark Gurman. Gurman's comments on Apple's launch plans for its first foldable device appeared in the Q&A section of his latest Power On newsletter. Earlier this month, the reporter said Apple's foldable iPhone could be arriving "as early as 2026,"...
Read Full Article155 comments
ios 19 messages app

Here's What Apple's iOS 19 Messages App Might Look Like

Tuesday March 25, 2025 11:52 am PDT by
Leaker Jon Prosser today shared a mockup of what he says the Messages app will look like in iOS 19, demoing an interface with rounded, translucent bubble-shaped navigation buttons at the top and softer, rounder corners for the keyboard and word suggestions. Jon Prosser's Messages app mockup The return button, a button for going back to the Messages list, and the FaceTime button have a deeper...
Read Full Article93 comments

Top Rated Comments

kop48 Avatar
kop48
63 months ago
Any reason why the article shows the password generator from 1Password without references? :)
Score: 21 Votes (Like | Disagree)
mnsportsgeek Avatar
mnsportsgeek
63 months ago
The thing I’d really like to see is password generation in safari for 3rd party apps.

It’s a bit of a pain to create new accounts in 1Password with the proper url. You have to go back and forth between the app and 1Password a time or two. It’d be nice if it was more streamlined for 3rd party apps kind of like it is for keychain.
Score: 14 Votes (Like | Disagree)
TriBruin Avatar
TriBruin
63 months ago

there's still going to be (and are) plenty of websites that create their own stupid password rules that no password manager that generates strong passwords will be able to comply. People are still going to have to roll their own- kinda taking away the spark of this project. - But at least it's a step in the right direction.
From the way I read it, that is the goal of this project. Once enough password managers add this feature, it should not matter (from a password generation POV), what the requirements are. The password manager will know BEFORE it generates a password.

Take an example from one of the existing websites in the password-rules.json:

According to the JSON, bhphotovideo.com has a requirement of a password max length of 15 characters. Pretend you go to that website and attempt to create an account. You use the Password Generator in Safari (or any password manager), BEFORE the password generator attempts to create a complex password, it reads the JSON and finds the bhphotovideo.com URL. It then reads the requirements (Max length 15). It immediate creates a password that fits that requirement, regardless of what your defaults are. No action needed on your part to manually change the requirements (which may not be obvious on the webpage.)

The key is (a) the list of password requirements is kept up to date. Since this is published on GitHub, anyone can make a PULL request to update. I wonder what Apple's merge requirements are going to be.

(b) Password managers integrate this in to there workflow.
Score: 14 Votes (Like | Disagree)
NightFox Avatar
NightFox
63 months ago

Any reason why the article shows the password generator from 1Password without references? :)
I'd guess that if they did reference it, people on here would be asking why they'd singled out 1Password to feature over other PWMs
Score: 13 Votes (Like | Disagree)
Stanfield Avatar
Stanfield
63 months ago

Sure. Give hackers the open source code to help people generate passwords. What can go wrong? :rolleyes:
Openness enables collaboration. Black boxes maintained by a single company aren't usually the best method for strong security. I want security that shows you exactly what its doing, has been vetted by a community of security experts, and dares the hackers to break it.
Score: 9 Votes (Like | Disagree)
bookofxero Avatar
bookofxero
63 months ago
It would be great if websites would have some consistency in their input validation and database schemas. I know one company that allows almost every special character but a comma - and the error message doesn't tell you which special character is the disallowed one. I used 1password and had to go through the generated password and remove each special character 1-by-1 to figure out which one was problematic.
"Hrm, octothorp? Nope. Modulus? Nope. Pipe? Nope. Asterisk? Nope. Greater than symbol? Nope. That just leaves the comma. What?! Seriously?"
It really is an awful experience and I can see why other users would resort to weak and/or reused passwords.
I've see other sites with very specific character length guidelines and other weird combinations. One site, which has since updated to something more secure, even once required 8-15 characters, letters and numbers only. If I were trying to brute force or guess a potentially weak password, wouldn't that make the dictionary size much smaller and thus easier to crack?
Score: 7 Votes (Like | Disagree)
Read All Comments