How to Use Automatic Strong Passwords and Password Auditing in iOS 12

by

In iOS 12, Apple has introduced new password-related features that are designed to make it easier for iPhone and iPad users to create strong, secure, and unique passwords for app and website logins. In this guide, we'll show you how to use two of those features: automatic strong passwords and password auditing.


Automatic strong passwords ensures that if you're prompted by a website or app to make up a password on the spot, Apple will automatically offer to generate a secure one for you. Password auditing meanwhile flags weak passwords and tells you if a password has been reused for different account login credentials. Here's how to use the two features.

How to Use Automatic Strong Passwords in iOS 12

  1. Launch Safari and navigate to the site asking you to create new login credentials, or launch a third-party app asking you to sign up for a new account.
  2. Enter a username or email address in the first field.
  3. Tap on the Password field – iOS will generate a strong password.

  4. Tap Use Strong Password to accept the password suggestion and save it to your iCloud Keychain.

Pro tip: Next time you need one of your passwords, you can ask Siri. For example, you could say: "Siri, show me my BBC password." Siri will then open up your iCloud Keychain with the relevant entry, but only after you authenticate your identity with a fingerprint, a Face ID scan, or a passcode.

How to Identify Reused Passwords in iOS 12

  1. Launch the Settings app on your iPhone or iPad.
  2. Tap Passwords & Accounts.

  3. Authenticate via Touch ID, Face ID, or your passcode.
  4. Scroll down the list of passwords and tap on any entries with a triangular warning symbol.

  5. Tap Change Password on Website to open the associated website and make the change.

Note that the last screen shows you on which other websites you've used the same password.

Pro tip: You can share passwords with other people directly from the iOS Password Manager via AirDrop. Simply tap the password field and an option to AirDrop the login will appear. The login can be AirDropped to any device running iOS 12 or macOS Mojave.

Top Rated Comments

(View all)
Avatar
28 months ago
The old version using 4 groups of 3 characters has a possible max of (62^3)^4 or 3.22x10^21 combinations.

The new version using 3 groups of 6 characters has a possible max of (62^6)^3 or 1.83x10^32 combinations.

This assumes that the groups are made up of any of the 26 lower case letters, 26 upper case letters and the 10 digits. If we eliminate i,I,l,L,o,O,1,0 that reduces to 54 possible characters and values of 6.14x10^20 and 1.52x10^31 respectively.

I'm reasonably assured they're not going to get guessed by knowing that the dash is in a particular place.
Score: 7 Votes (Like | Disagree)
Avatar
28 months ago
Personally I'm not a big fan of this type of thing for a number of reasons…

1) At no time do you, or will you, know your password. So what do you do when you need to use that auto-generated password outside of Safari or something that has access into the Keychain?

2) There is no means to access the saved passwords outside of fully connecting to your iCloud account on an Apple device. So if you lose/damage your iPhone (or iPad or Mac) and don't have another Apple device available you that you are able to connect to iCloud as a primary account you are completely locked out of EVERYTHING until you replace that Apple device with another Apple device. Clever on Apple's part but infuriating the moment the customer realises it.

3) Each time you want to access a password you need to use a credential that protects ALL of your other credentials. This means that primary credential is used more often making it more susceptible to "breach". Credentials are typical most at risk at the point/time of entry so the more you need to use it the more at risk it is.

4) It is all highly presumptive that everything is working right.
Score: 7 Votes (Like | Disagree)
Avatar
28 months ago

I prefer not to use automatically generated passwords because they eventually are reversed engineered.

Really? There are plenty of easier and more likely vectors than “reverse engineering” the password generation mechanism.

As long as it doesn't force me to use excessively long and confusing passwords, I'm ok with this. I know many sites, institute insanely long and complex passwords so this may be helpful

This is the world we’re heading to. Away from simple passwords that can be memorized and on to machine-generated passwords which are complex enough to thwart brute-force hacking. Look at SSL/TLS. Sure, these use certificates, but it’s a similar idea. Machine-generated, machine-stored, machine-entered authentication. Personally, I welcome it, as I would argue no one can reasonably generate and remember secure, unique passwords for all of the services they use.

Can you edit that strong password? There are a lot of stupid websites that don’t take passwords longer than 10 characters or accept the dashes.

If it doesn’t exist already, this will be a feature of future password managers. It would be trivial to screen-scrape and/or keep a database of password requirements, and generate a compliant password based on that knowledge.
Score: 6 Votes (Like | Disagree)
Avatar
26 months ago

As long as it doesn't force me to use excessively long and confusing passwords, I'm ok with this. I know many sites, institute insanely long and complex passwords so this may be helpful

Passwords only feel "excessively long and confusing" if you're trying to remember them. If you're using a password manager you trust and have on you all the time, you can ditch memorability as a factor and make them as hack-resistant as possible.
Score: 5 Votes (Like | Disagree)
Avatar
28 months ago

If it doesn’t exist already, this will be a feature of future password managers. It would be trivial to screen-scrape and/or keep a database of password requirements, and generate a compliant password based on that knowledge.

Apple already does this ('https://twitter.com/_inside/status/959549503920660480').
Score: 5 Votes (Like | Disagree)
Avatar
26 months ago

I prefer not to use automatically generated passwords because they eventually are reversed engineered.

This has to be the dumbest excuse ever not using this. Really?
Score: 5 Votes (Like | Disagree)

Top Stories

iPhone 12 Lineup Rumored to Be Named 'iPhone 12 mini,' 'iPhone 12,' 'iPhone 12 Pro,' and 'iPhone 12 Pro Max'

Monday September 21, 2020 5:24 am PDT by
Leaker known as "L0vetodream" has today shared the alleged naming for the upcoming iPhone 12 lineup on Twitter. The tweet proposes that the upcoming iPhone 12 models will be titled "iPhone 12 mini," "iPhone 12," "iPhone 12 Pro," and "iPhone 12 Pro Max." The names likely correspond to the three expected sizes of iPhone 12, with the 5.4-inch model being the iPhone 12 mini, the 6.7-inch model ...

iOS 14 Widgets Offer iPhone Users Creative Home Screen Ideas

Sunday September 20, 2020 8:43 pm PDT by
Updated on September 22nd with hands on video. In iOS 14, Apple introduced ‌the concept of Home Screen‌ widgets, which provide information from apps at a glance. Widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. Despite the relative lack of...

Hands-On With iOS 14 Widgets, Custom Icons, and Home Screen Setup

Tuesday September 22, 2020 3:25 pm PDT by
Apple with iOS 14 introduced widgets on the Home Screen, leading to unprecedented levels of customization for the iPhone. Combined with Shortcuts that let you change an app's icon, iOS 14 lets you create a whole new look for your Home Screen. Subscribe to the MacRumors YouTube channel for more videos. We've been following along with some of the creative alternative Home Screen designs that M...

PSA: New Apple Watch Owners Have to Return Entire Device for Ill-Fitting Solo Loop or Braided Solo Loop

Monday September 21, 2020 3:26 pm PDT by
With the Apple Watch Series 6, Apple introduced two new band options, the Solo Loop and the Braided Solo Loop. These new bands are unique because they have no clasps, buckles, or other fasteners, and instead use a stretch design to allow them to pull onto the wrist over the hand. Because these bands are not adjustable, Apple sells each one in nine different sizes to make sure each person...

Apple's iPhone 12 Event Could Happen on October 13 Based on Rumors From Mobile Operators

Wednesday September 23, 2020 11:51 am PDT by
Apple's upcoming iPhone-centric event could perhaps be held on Tuesday, October 13, according to information shared with MacRumors by an employee at a UK cellular carrier. There's no way for us to confirm the dates at this point in time nor are we sure on the credibility of the source, but even without a rumor, Tuesday, October 13 is a good guess based on Apple's historic launch timelines, ...

New Images Leak of iPhone 12 Braided USB-C to Lightning Cable

Thursday September 24, 2020 2:37 am PDT by
Rumors suggest Apple's upcoming iPhone 12 models will ship with a new Lightning to USB-C cable that includes a braided fabric design. Images of the purported cables were leaked in July, and today leaker Mr White has shared new images that give us a closer look at what we might get included in the iPhone 12 box. The photos show a USB-C to Lightning cable with a clearly braided design rather...

Interest in iOS 14 Home Screen Ideas Helps Pinterest Break Daily Download Record

Wednesday September 23, 2020 4:37 am PDT by
Apple's introduction of widgets on the Home Screen in iOS 14 has driven a surge in interest among users looking to customize their iPhone, and that has reportedly had a knock-on effect for Pinterest, whose iOS app has seen record downloads as users flock to its content seeking design inspiration. As reported by TechCrunch, App Store intelligence firm Apptopia was first to note the impact of ...

Apple Releases First Public Betas of iOS 14.2 and iPadOS 14.2 With New Shazam Control Center Options

Monday September 21, 2020 10:34 am PDT by
Apple today seeded the first public betas of upcoming iOS 14.2 and iPadOS 14.2 updates to its public beta testing group, a few days after seeding the first betas to developers and a little less than a week after releasing the iOS 14 and iPadOS 14 updates. Public beta testers who have signed up for Apple's beta testing program can download the iOS and iPadOS‌ 14.2 updates over the air after ...

Apple Emphasizes That Solo Loop May Increase in Length Over Time, Updates Sizing Guide With More Specific Instructions

Wednesday September 23, 2020 8:26 am PDT by
Apple on Tuesday updated one of its support documents to emphasize that the new silicone rubber Solo Loop for the Apple Watch may increase in length over time, as mentioned in fine print at the bottom of the Solo Loop product page. Apple has also updated its printable Solo Loop sizing guide with more specific instructions, as noted by 9to5Mac's Michael Steeber. The guide now advises users to ...

Microsoft Announces Outlook for Mac Redesign, Improvements to iOS and watchOS Apps

Tuesday September 22, 2020 8:56 am PDT by
Microsoft has today announced plans to bring a new design to its Outlook for Mac app along with several other improvements and features for Outlook on iOS and watchOS. In preparation for the public release of macOS Big Sur, Microsoft has been testing a new design for Outlook on Mac. The design includes Microsoft's Fluent icons and several design cues from Big Sur such as rounded corners....