How to Use Automatic Strong Passwords and Password Auditing in iOS 12

by

In iOS 12, Apple has introduced new password-related features that are designed to make it easier for iPhone and iPad users to create strong, secure, and unique passwords for app and website logins. In this guide, we'll show you how to use two of those features: automatic strong passwords and password auditing.


Automatic strong passwords ensures that if you're prompted by a website or app to make up a password on the spot, Apple will automatically offer to generate a secure one for you. Password auditing meanwhile flags weak passwords and tells you if a password has been reused for different account login credentials. Here's how to use the two features.

How to Use Automatic Strong Passwords in iOS 12

  1. Launch Safari and navigate to the site asking you to create new login credentials, or launch a third-party app asking you to sign up for a new account.
  2. Enter a username or email address in the first field.
  3. Tap on the Password field – iOS will generate a strong password.

  4. Tap Use Strong Password to accept the password suggestion and save it to your iCloud Keychain.

Pro tip: Next time you need one of your passwords, you can ask Siri. For example, you could say: "Siri, show me my BBC password." Siri will then open up your iCloud Keychain with the relevant entry, but only after you authenticate your identity with a fingerprint, a Face ID scan, or a passcode.

How to Identify Reused Passwords in iOS 12

  1. Launch the Settings app on your iPhone or iPad.
  2. Tap Passwords & Accounts.

  3. Authenticate via Touch ID, Face ID, or your passcode.
  4. Scroll down the list of passwords and tap on any entries with a triangular warning symbol.

  5. Tap Change Password on Website to open the associated website and make the change.

Note that the last screen shows you on which other websites you've used the same password.

Pro tip: You can share passwords with other people directly from the iOS Password Manager via AirDrop. Simply tap the password field and an option to AirDrop the login will appear. The login can be AirDropped to any device running iOS 12 or macOS Mojave.

Top Rated Comments

(View all)
Avatar
24 months ago
Personally I'm not a big fan of this type of thing for a number of reasons…

1) At no time do you, or will you, know your password. So what do you do when you need to use that auto-generated password outside of Safari or something that has access into the Keychain?

2) There is no means to access the saved passwords outside of fully connecting to your iCloud account on an Apple device. So if you lose/damage your iPhone (or iPad or Mac) and don't have another Apple device available you that you are able to connect to iCloud as a primary account you are completely locked out of EVERYTHING until you replace that Apple device with another Apple device. Clever on Apple's part but infuriating the moment the customer realises it.

3) Each time you want to access a password you need to use a credential that protects ALL of your other credentials. This means that primary credential is used more often making it more susceptible to "breach". Credentials are typical most at risk at the point/time of entry so the more you need to use it the more at risk it is.

4) It is all highly presumptive that everything is working right.
Score: 8 Votes (Like | Disagree)
Avatar
24 months ago
The old version using 4 groups of 3 characters has a possible max of (62^3)^4 or 3.22x10^21 combinations.

The new version using 3 groups of 6 characters has a possible max of (62^6)^3 or 1.83x10^32 combinations.

This assumes that the groups are made up of any of the 26 lower case letters, 26 upper case letters and the 10 digits. If we eliminate i,I,l,L,o,O,1,0 that reduces to 54 possible characters and values of 6.14x10^20 and 1.52x10^31 respectively.

I'm reasonably assured they're not going to get guessed by knowing that the dash is in a particular place.
Score: 7 Votes (Like | Disagree)
Avatar
24 months ago

I prefer not to use automatically generated passwords because they eventually are reversed engineered.

Really? There are plenty of easier and more likely vectors than “reverse engineering” the password generation mechanism.

As long as it doesn't force me to use excessively long and confusing passwords, I'm ok with this. I know many sites, institute insanely long and complex passwords so this may be helpful

This is the world we’re heading to. Away from simple passwords that can be memorized and on to machine-generated passwords which are complex enough to thwart brute-force hacking. Look at SSL/TLS. Sure, these use certificates, but it’s a similar idea. Machine-generated, machine-stored, machine-entered authentication. Personally, I welcome it, as I would argue no one can reasonably generate and remember secure, unique passwords for all of the services they use.

Can you edit that strong password? There are a lot of stupid websites that don’t take passwords longer than 10 characters or accept the dashes.

If it doesn’t exist already, this will be a feature of future password managers. It would be trivial to screen-scrape and/or keep a database of password requirements, and generate a compliant password based on that knowledge.
Score: 6 Votes (Like | Disagree)
Avatar
22 months ago

As long as it doesn't force me to use excessively long and confusing passwords, I'm ok with this. I know many sites, institute insanely long and complex passwords so this may be helpful

Passwords only feel "excessively long and confusing" if you're trying to remember them. If you're using a password manager you trust and have on you all the time, you can ditch memorability as a factor and make them as hack-resistant as possible.
Score: 5 Votes (Like | Disagree)
Avatar
24 months ago

If it doesn’t exist already, this will be a feature of future password managers. It would be trivial to screen-scrape and/or keep a database of password requirements, and generate a compliant password based on that knowledge.

Apple already does this ('https://twitter.com/_inside/status/959549503920660480').
Score: 5 Votes (Like | Disagree)
Avatar
22 months ago

I prefer not to use automatically generated passwords because they eventually are reversed engineered.

This has to be the dumbest excuse ever not using this. Really?
Score: 5 Votes (Like | Disagree)

Top Stories

Apple Doubles the Price of RAM Upgrade on Entry-Level 13-Inch MacBook Pro

Saturday May 30, 2020 4:00 pm PDT by
Apple today doubled the price for upgrading the RAM on the entry-level 13-inch MacBook Pro, with customers in the United States now being charged $200 to move from 8GB to 16GB compared to the previous $100 upgrade price. Similar increases are seen in other countries, such as moving from €125 to €250 in Germany and from £100 to £200 in the United Kingdom. Current pricing on RAM upgrade for ...

Tim Cook Addresses George Floyd's Death and Ensuing Protests and Riots as Apple Temporarily Closes Some U.S. Stores

Sunday May 31, 2020 8:04 pm PDT by
Amid unrest in numerous U.S. cities following last week's killing of George Floyd by police in Minneapolis, Apple CEO Tim Cook has shared an internal memo with employees (via Bloomberg) addressing the pain that many are feeling and urging others to commit "to creating a better, more just world for everyone." Cook also announced that Apple is making donations to several groups challenging...

Apple's First MacBook Pro With a Retina Display Will Become 'Obsolete' in 30 Days

Monday June 1, 2020 7:50 am PDT by
If you are still hanging on to a Mid 2012 model of the 15-inch MacBook Pro with a Retina display, and require a new battery or other repairs, be sure to book an appointment with a service provider as soon as possible. In an internal memo today, obtained by MacRumors, Apple has indicated that this particular MacBook Pro model will be marked as "obsolete" worldwide on June 30, 2020, just over...

Top Stories: macOS 10.15.5, New Powerbeats Pro Colors, iPhone 12 and 13 Rumors, and More

Saturday May 30, 2020 6:00 am PDT by
This week saw an interesting mix of news and rumors on the Apple front, led by the release of macOS 10.15.5, which brings a new battery health feature to newer Mac notebooks, while we also saw the official announcement of new colors for the Powerbeats Pro earphones. On the rumor front, we heard a few tidbits about not just this year's iPhone 12 but also next year's iPhone, while we saw...

8 Mac Tips and Tricks You Might Not Know

Friday May 29, 2020 12:36 pm PDT by
There are tons of hidden features and shortcuts for Macs that Apple has built into macOS over the years, ranging from shortcuts to keyboard commands to other little hacks to make Mac usage just a bit simpler. In our latest YouTube video, we highlighted several of these tips and tricks, and some of them might just be new to you. Subscribe to the MacRumors YouTube channel for more videos. Tr...

6.1-inch 'iPhone 12' Production to Begin in July Ahead of Other 2020 Models

Monday June 1, 2020 2:36 am PDT by
Volume production of Apple's forthcoming 6.1-inch "iPhone 12" models will start in July-August ahead of the rest of the company's flagship iPhone lineup this year, according to a new report by DigiTimes. Apple is widely rumored to be launching four new ‌iPhone‌ models in the usual September or October timeframe, although supply constraints and delays in production ramp-up could cause a...

Apple Releases iOS and iPadOS 13.5.1 With Fixes for Recent 'unc0ver' Jailbreak Vulnerability

Monday June 1, 2020 9:58 am PDT by
Apple today released iOS and iPadOS 13.5.1, minor updates that come a little over a week after the release of iOS and iPadOS 13.5, major updates that brought the Exposure Notification API, FaceTime changes, mask-related unlocking updates and more. The iOS and iPadOS 13.5.1 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings >...

Apple Introducing New Internal USB-C Diagnostic Tool

Sunday May 31, 2020 7:26 pm PDT by
Apple is introducing a new internal USB-C Diagnostic Tool as a successor to its existing Serial Number Reader, which can be used to both collect a device's serial number directly from its logic board and test power on a device itself. Image via Giulio Zompetti With only a Lightning version previously available, images have surfaced of a new USB-C Diagnostic Tool (UDT) that appears to be known ...

Powerbeats Pro Debut in Four New Colors: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue

Friday May 29, 2020 10:00 am PDT by
Following a couple of leaks in recent weeks, Beats today is officially announcing four new colors for its Powerbeats Pro wireless earphones: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue. The new earphones will go on sale June 9 and sell for the same $249.95 price as the existing color options. Aside from the colors, the new Powerbeats Pro models are otherwise identical to the...

Apple Releases macOS Catalina 10.15.5 Supplemental Update With Security Fix

Monday June 1, 2020 10:56 am PDT by
Apple today released a supplemental update for macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. The supplemental update comes a week after the release of the macOS Catalina 10.15.5 update. ‌macOS Catalina‌ 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the System...