Apple Launches Open Source Project to Let Password Management Apps Create Strong Passwords

by

Apple today informed developers that it has launched a new open source project that's designed to let those who develop password management apps create strong passwords compatible with popular websites.

1passwordgenerate
The new Password Manager Resources open source project allows password management apps to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords.

Many password managers generate strong, unique passwords for people, so that they aren't tempted to create their own passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.

The project also features a collection of websites known to share a sign-in system, links to website pages where users can change passwords, and more, with full details available on GitHub.

Apple says that having password managers collaborate on resources like password rules and change password URLs allows all password management apps to improve their quality with less work, plus it encourages websites to use standards or emerging standards to improve their compatibility with password managers.

Tag: Apple Developer Program

Popular Stories

15 New Things Your iPhone Can Do in iOS 18

18 New Things Your iPhone Can Do in iOS 18.1

Monday October 21, 2024 1:44 am PDT by
Apple is expected to release iOS 18.1 on Monday, October 28, bringing the first set of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update marks the first significant step forward in Apple's AI integration, offering a new Siri contextually-aware experience and a range of additional capabilities powered by on-device machine learning and large language models. There are a ...
Read Full Article44 comments
airpods pro 2 pink

Apple Releases New AirPods Pro, AirPods, and AirPods Max Firmware

Tuesday October 22, 2024 11:39 am PDT by
Apple today released a new firmware update for the original AirPods Pro, the AirPods 2, the AirPods 3, and the Lightning version of the AirPods Max headphones. The new firmware is version 6F21, up from the prior 6A326 firmware that these devices were previously running. There is no word on what's included in the firmware, but given that these are all older models, it is likely that the new...
Read Full Article65 comments
Tim Cook Vision Pro

Tim Cook Admits Truth About Vision Pro Following Lackluster Sales

Monday October 21, 2024 8:21 am PDT by
The Wall Street Journal's Ben Cohen this summer interviewed Apple CEO Tim Cook about the Vision Pro, innovation, Apple Intelligence, and more. Image Credit: Vanity Fair Cook admitted that the Vision Pro headset is not a mass-market product due to its high price. "At $3,500, it's not a mass-market product," said Cook. "Right now, it's an early-adopter product. People who want to have...
Read Full Article221 comments
M4 Mac mini Silver Perspective

5 Reasons to Get Excited About the New Mac Mini

Wednesday October 23, 2024 6:55 am PDT by
Apple's Mac mini has long been a powerhouse in a compact form, offering impressive performance in a small package. With rumors swirling about a completely overhauled new model that is likely just days away from being announced, anticipation is building for what Apple has in store. From enhanced connectivity to major hardware upgrades, the upcoming Mac mini promises to bring significant...
Read Full Article222 comments
iPhone SE 4 Thumb 1

iPhone SE 4 Mass Production Timeframe Revealed as Launch Gets Closer

Wednesday October 23, 2024 9:38 am PDT by
Apple suppliers will begin mass production of the fourth-generation iPhone SE in December, supply chain analyst Ming-Chi Kuo said today in a blog post. The fourth-generation iPhone SE is expected to have a similar design as the base iPhone 14, with rumored features including a 6.1-inch OLED display, Face ID, a newer A-series chip, a USB-C port, a single 48-megapixel rear camera, 8GB of RAM...
Read Full Article28 comments
apple vision pro orange

Report: Apple May Stop Producing Vision Pro by the End of 2024

Wednesday October 23, 2024 6:11 am PDT by
Apple has abruptly reduced production of the Vision Pro headset and could stop making the current version of the device completely by the end of 2024, The Information reports. Citing multiple people "directly involved" in making components for the headset, the report says that the scaling back of production began in the early summer. This indicates that Apple now has a sufficient number of...
Read Full Article310 comments
M4 Mac mini Ortho Black Cooler

Gurman: 'M4 Mac Launch' is 'Next Week'

Tuesday October 22, 2024 10:29 am PDT by
Just a few hours after claiming that the first Macs with M4 chips are launching "very soon," Bloomberg's Mark Gurman has followed up with a slightly more specific timeframe. In his latest social media post today, he said an "M4 Mac launch" is on Apple's schedule for next week, but he did not mention a specific day. A concept of a smaller Mac mini with front-facing USB-C ports "Busy week for...
Read Full Article123 comments
m3 mbp space black

Gurman: New MacBook Pro, iMac, and Mac Mini Models With M4 Chips Launching 'Very Soon'

Tuesday October 22, 2024 7:11 am PDT by
Apple is planning to launch its first Macs with the M4 series of chips "very soon," according to Bloomberg's Mark Gurman. In a social media post today, Gurman said these Macs will include new MacBook Pro, iMac, and Mac mini models specifically. He continues to expect the next Mac mini to feature a "revamped" design, in line with his previous reporting that said the new model will be nearly...
Read Full Article71 comments
mac magic keyboard

Apple Working on New Magic Mouse 2, Magic Trackpad 2 and Magic Keyboard

Monday October 21, 2024 10:59 am PDT by
Apple may soon release new versions of the Magic Mouse, Magic Keyboard, and Magic Trackpad, according to code found in the iOS 18.1 release candidate by MacRumors contributor Aaron Perris. There are references to a new Magic Mouse 2, Magic Trackpad 2, and several Magic Keyboards, which would include versions with Touch ID and number pads, as well as models without. While there is no...
Read Full Article228 comments

Top Rated Comments

kop48 Avatar
kop48
57 months ago
Any reason why the article shows the password generator from 1Password without references? :)
Score: 21 Votes (Like | Disagree)
mnsportsgeek Avatar
mnsportsgeek
57 months ago
The thing I’d really like to see is password generation in safari for 3rd party apps.

It’s a bit of a pain to create new accounts in 1Password with the proper url. You have to go back and forth between the app and 1Password a time or two. It’d be nice if it was more streamlined for 3rd party apps kind of like it is for keychain.
Score: 14 Votes (Like | Disagree)
TriBruin Avatar
TriBruin
57 months ago

there's still going to be (and are) plenty of websites that create their own stupid password rules that no password manager that generates strong passwords will be able to comply. People are still going to have to roll their own- kinda taking away the spark of this project. - But at least it's a step in the right direction.
From the way I read it, that is the goal of this project. Once enough password managers add this feature, it should not matter (from a password generation POV), what the requirements are. The password manager will know BEFORE it generates a password.

Take an example from one of the existing websites in the password-rules.json:

According to the JSON, bhphotovideo.com has a requirement of a password max length of 15 characters. Pretend you go to that website and attempt to create an account. You use the Password Generator in Safari (or any password manager), BEFORE the password generator attempts to create a complex password, it reads the JSON and finds the bhphotovideo.com URL. It then reads the requirements (Max length 15). It immediate creates a password that fits that requirement, regardless of what your defaults are. No action needed on your part to manually change the requirements (which may not be obvious on the webpage.)

The key is (a) the list of password requirements is kept up to date. Since this is published on GitHub, anyone can make a PULL request to update. I wonder what Apple's merge requirements are going to be.

(b) Password managers integrate this in to there workflow.
Score: 14 Votes (Like | Disagree)
NightFox Avatar
NightFox
57 months ago

Any reason why the article shows the password generator from 1Password without references? :)
I'd guess that if they did reference it, people on here would be asking why they'd singled out 1Password to feature over other PWMs
Score: 13 Votes (Like | Disagree)
Stanfield Avatar
Stanfield
57 months ago

Sure. Give hackers the open source code to help people generate passwords. What can go wrong? :rolleyes:
Openness enables collaboration. Black boxes maintained by a single company aren't usually the best method for strong security. I want security that shows you exactly what its doing, has been vetted by a community of security experts, and dares the hackers to break it.
Score: 9 Votes (Like | Disagree)
bookofxero Avatar
bookofxero
57 months ago
It would be great if websites would have some consistency in their input validation and database schemas. I know one company that allows almost every special character but a comma - and the error message doesn't tell you which special character is the disallowed one. I used 1password and had to go through the generated password and remove each special character 1-by-1 to figure out which one was problematic.
"Hrm, octothorp? Nope. Modulus? Nope. Pipe? Nope. Asterisk? Nope. Greater than symbol? Nope. That just leaves the comma. What?! Seriously?"
It really is an awful experience and I can see why other users would resort to weak and/or reused passwords.
I've see other sites with very specific character length guidelines and other weird combinations. One site, which has since updated to something more secure, even once required 8-15 characters, letters and numbers only. If I were trying to brute force or guess a potentially weak password, wouldn't that make the dictionary size much smaller and thus easier to crack?
Score: 7 Votes (Like | Disagree)
Read All Comments