How to Use Automatic Strong Passwords and Password Auditing in iOS 12

by

In iOS 12, Apple has introduced new password-related features that are designed to make it easier for iPhone and iPad users to create strong, secure, and unique passwords for app and website logins. In this guide, we'll show you how to use two of those features: automatic strong passwords and password auditing.

icloud keychain
Automatic strong passwords ensures that if you're prompted by a website or app to make up a password on the spot, Apple will automatically offer to generate a secure one for you. Password auditing meanwhile flags weak passwords and tells you if a password has been reused for different account login credentials. Here's how to use the two features.

How to Use Automatic Strong Passwords in iOS 12

  1. Launch Safari and navigate to the site asking you to create new login credentials, or launch a third-party app asking you to sign up for a new account.
  2. Enter a username or email address in the first field.
  3. Tap on the Password field – iOS will generate a strong password.
    ios 12 automatic strong passwords

  4. Tap Use Strong Password to accept the password suggestion and save it to your iCloud Keychain.

Pro tip: Next time you need one of your passwords, you can ask Siri. For example, you could say: "Siri, show me my BBC password." Siri will then open up your iCloud Keychain with the relevant entry, but only after you authenticate your identity with a fingerprint, a Face ID scan, or a passcode.

How to Identify Reused Passwords in iOS 12

  1. Launch the Settings app on your iPhone or iPad.
  2. Tap Passwords & Accounts.
    ios 12 password auditing 1

  3. Authenticate via Touch ID, Face ID, or your passcode.
  4. Scroll down the list of passwords and tap on any entries with a triangular warning symbol.
    ios 12 password auditing 2

  5. Tap Change Password on Website to open the associated website and make the change.

Note that the last screen shows you on which other websites you've used the same password.

Pro tip: You can share passwords with other people directly from the iOS Password Manager via AirDrop. Simply tap the password field and an option to AirDrop the login will appear. The login can be AirDropped to any device running iOS 12 or macOS Mojave.

Top Rated Comments

Kip_ Avatar
32 months ago
The old version using 4 groups of 3 characters has a possible max of (62^3)^4 or 3.22x10^21 combinations.

The new version using 3 groups of 6 characters has a possible max of (62^6)^3 or 1.83x10^32 combinations.

This assumes that the groups are made up of any of the 26 lower case letters, 26 upper case letters and the 10 digits. If we eliminate i,I,l,L,o,O,1,0 that reduces to 54 possible characters and values of 6.14x10^20 and 1.52x10^31 respectively.

I'm reasonably assured they're not going to get guessed by knowing that the dash is in a particular place.
Score: 7 Votes (Like | Disagree)
Infinite Vortex Avatar
32 months ago
Personally I'm not a big fan of this type of thing for a number of reasons…

1) At no time do you, or will you, know your password. So what do you do when you need to use that auto-generated password outside of Safari or something that has access into the Keychain?

2) There is no means to access the saved passwords outside of fully connecting to your iCloud account on an Apple device. So if you lose/damage your iPhone (or iPad or Mac) and don't have another Apple device available you that you are able to connect to iCloud as a primary account you are completely locked out of EVERYTHING until you replace that Apple device with another Apple device. Clever on Apple's part but infuriating the moment the customer realises it.

3) Each time you want to access a password you need to use a credential that protects ALL of your other credentials. This means that primary credential is used more often making it more susceptible to "breach". Credentials are typical most at risk at the point/time of entry so the more you need to use it the more at risk it is.

4) It is all highly presumptive that everything is working right.
Score: 7 Votes (Like | Disagree)
Fall Under Cerulean Kites Avatar
32 months ago

I prefer not to use automatically generated passwords because they eventually are reversed engineered.

Really? There are plenty of easier and more likely vectors than “reverse engineering” the password generation mechanism.

As long as it doesn't force me to use excessively long and confusing passwords, I'm ok with this. I know many sites, institute insanely long and complex passwords so this may be helpful

This is the world we’re heading to. Away from simple passwords that can be memorized and on to machine-generated passwords which are complex enough to thwart brute-force hacking. Look at SSL/TLS. Sure, these use certificates, but it’s a similar idea. Machine-generated, machine-stored, machine-entered authentication. Personally, I welcome it, as I would argue no one can reasonably generate and remember secure, unique passwords for all of the services they use.

Can you edit that strong password? There are a lot of stupid websites that don’t take passwords longer than 10 characters or accept the dashes.

If it doesn’t exist already, this will be a feature of future password managers. It would be trivial to screen-scrape and/or keep a database of password requirements, and generate a compliant password based on that knowledge.
Score: 6 Votes (Like | Disagree)
ignatius345 Avatar
30 months ago

As long as it doesn't force me to use excessively long and confusing passwords, I'm ok with this. I know many sites, institute insanely long and complex passwords so this may be helpful

Passwords only feel "excessively long and confusing" if you're trying to remember them. If you're using a password manager you trust and have on you all the time, you can ditch memorability as a factor and make them as hack-resistant as possible.
Score: 5 Votes (Like | Disagree)
jonblatho Avatar
32 months ago

If it doesn’t exist already, this will be a feature of future password managers. It would be trivial to screen-scrape and/or keep a database of password requirements, and generate a compliant password based on that knowledge.

Apple already does this ('https://twitter.com/_inside/status/959549503920660480').
Score: 5 Votes (Like | Disagree)
Mr. Heckles Avatar
30 months ago

I prefer not to use automatically generated passwords because they eventually are reversed engineered.

This has to be the dumbest excuse ever not using this. Really?
Score: 5 Votes (Like | Disagree)

Top Stories

cook cbs this morning

CBS This Morning: Apple to Make 'Big Announcement' Tomorrow Morning

Tuesday January 12, 2021 8:46 am PST by
CBS This Morning today shared a short clip of an upcoming interview with Apple CEO Tim Cook in which addressing last week's events at the U.S. Capitol, with Cook saying "it's key that people be held accountable for it." Following the clip, Gayle King of CBS noted that the interview with Cook was not specifically arranged to address the current controversy over Parler and other repercussions, ...
ipad pro 2021 mysmartprice cad

Allegedly Leaked 2021 iPad Pro CAD Images Suggest Few Design Changes

Tuesday January 12, 2021 3:38 am PST by
Tech blogs 91mobile and MySmartPrice on Tuesday posted a series of allegedly leaked factory CAD images of Apple's upcoming fifth-generation 11-inch iPad Pro. Rumors suggest Apple plans to announce two new iPad Pro models in both 11-inch and 12.9-inch versions, and today's images offer perhaps the clearest indication yet that Apple's next-generation iPad Pros will have minimal, if any,...
prototype iphone 12 pro

Prototype iPhone 12 Pro Shown Off in Photos

Wednesday January 13, 2021 3:39 pm PST by
Developer Giulio Zompetti, who often shows off prototype versions of Apple devices, today highlighted a prototype version of the iPhone 12 Pro. The iPhone 12 Pro is running an operating system called SwitchBoard, a nonUI version of the iOS 14 update that Apple uses internally. We've seen SwitchBoard on prototype devices before, as Apple uses it to test new features. Zompetti's prototype...
find my app safari post

Safari Allows Users to Enable Hidden 'Items' Tab in 'Find My' App Ahead of AirTags Launch

Wednesday January 13, 2021 5:45 am PST by
As seen in screenshots obtained by MacRumors in 2019, Apple's long-rumored AirTags items trackers are expected to be managed through the Find My app on iPhone, iPad, and Mac. Now, any user can get an early look at this tab. MacRumors reader David Chu today alerted us that the hidden "Items" tab in the Find My app can be enabled on an iPhone or iPad by typing in the link findmy://items in...
iphone x camera close

iOS 14.4 Will Introduce Warning on iPhones With Non-Genuine Cameras

Thursday January 14, 2021 8:07 am PST by
In the second beta of iOS 14.4 seeded to developers and public testers this week, MacRumors contributor Steve Moser has discovered code indicating that Apple will be introducing a new warning on iPhones that have had their camera repaired or replaced with aftermarket components rather than genuine Apple components. "Unable to verify this iPhone has a genuine Apple camera," the message will...
mac anti reflective coating issue

Apple's Anti-Reflective Coating Repair Program Still in Effect for Some MacBooks With New Mail-In Policy

Tuesday January 12, 2021 10:07 am PST by
In an internal memo obtained by MacRumors, Apple recently informed its network of Apple Authorized Service Providers that mail-in repair is now required for Mac notebooks with anti-reflective coating issues in the United States. The new policy went into effect January 4, 2021 and means that customers who take an eligible 12-inch MacBook or MacBook Pro exhibiting this issue to an Apple...
pioneer carplay wc5700nex

The Best Apple-Related Accessories at CES 2021

Wednesday January 13, 2021 1:16 pm PST by
CES 2021 is taking place digitally this year, and it hasn't been as exciting as in past years because many vendors have opted out. That said, some companies are still showing off some interesting Apple-related accessories that are coming out this year and that will be of interest to Mac, iPad, and iPhone users. Subscribe to the MacRumors YouTube channel for more videos. Pioneer Wireless...
Hue module dimmer switch

Philips Hue Announces New Wall Switch Module, Dimmer Switch, and Outdoor Light Bar

Thursday January 14, 2021 3:11 am PST by
Philips Hue has announced a new wireless dimmer switch module that lets Hue bridge owners directly control the smart lighting from their standard wall switches. The new Philips Hue wall switch module is the ideal addition to any Philips Hue set up. Installed behind existing light switches, it allows users to turn their existing switch into a smart switch and ensures their smart lighting is...
whatsapp wallpapers 1

WhatsApp Affirms User Privacy Following Backlash Over Data Sharing With Facebook

Tuesday January 12, 2021 6:39 am PST by
Following backlash after changing its terms and privacy policy to consolidate a significant amount of data sharing with Facebook, WhatsApp is now assuring users about the privacy measures built into its app. Last week, WhatsApp began informing users of updates to the app's terms of service and privacy policy. The updated agreements, which users must consent to in order to continue using...
apple racial equity justice initiative propel center render 01132021

Apple Launches New Nationwide Racial Equity and Justice Initiative Projects

Wednesday January 13, 2021 4:08 am PST by
Apple today announced a set of new projects as part of its $100 million Racial Equity and Justice Initiative (REJI) to help dismantle systemic barriers to opportunity and combat injustices faced by communities of color. Rendering of the Propel Center The projects include the Propel Center, a global innovation and learning hub for Historically Black Colleges and Universities (HBCUs), an Apple ...