Apple is making some changes to how passwords work with the release of iOS 12, offering new capabilities that make it easier to create and use strong passwords, help you make sure that your passwords are unique, and even giving a helping hand that will make third-party password managers like 1Password and LastPass better able to integrate with the system.
The changes coming to how passwords are handled in iOS are meant to make your digital life more secure and more convenient. Here’s a rundown of what you can expect.
Apple occasionally offers updates to iOS, watchOS, tvOS, and macOS as closed developer previews or public betas for iPhone, iPad, Apple TV and Mac (sadly, no public beta for the Apple Watch). While the betas contain new features, they also contain pre-release bugs that can prevent the normal use of your iPhone, iPad, Apple Watch, Apple TV, or Mac, and are not intended for everyday use on a primary device. That’s why we strongly recommend staying away from developer previews unless you need them for software development, and using the public betas with caution. If you depend on your devices, wait for the final release.
- Automatic strong passwords
- Password reuse auditing
- Security code AutoFill
- Password sharing
- Password Manager API
Automatic strong passwords
Apple has offered strong, automatic password suggestions in iOS for some time now, generating suggestions when users created new login credentials in Safari. iOS 12 takes it a step further. Instead of just suggesting a strong password, iOS will create a password, then present you with two options: use Apple’s password or create your own. If you choose to use Apple’s, the password created by iOS is automatically stored securely in iCloud Keychain and synced across your devices without you ever having to see it. These passwords will be filled automatically when logging into the corresponding service. The goal is to make strong password creation simple and secure.
What’s more, iOS will be able to do this outside of Safari, too. When you sign up for an account within an app in iOS 12, the same password creation process will present itself there, as well. Developers will be able to customize this process to an extent. If their app or service has certain password requirements (excluding particular symbols, including both a number and a capital letter, etc.), developers can tell iOS, and those requirements will be taken into account when the system generates the strong password.
If you ever need to get to one of these passwords, you can always ask Siri. But don’t worry, Siri won’t go blurting your password out. You’ll need to authenticate with your device, and then you’ll be taken to your password list, which you would normally find under Settings > Passwords & Accounts > Website & App Passwords.
Password reuse auditing
Building on the theme of better user security, iOS will also warn you if you reuse a password across multiple websites and apps. You can find and edit the offending login credentials like this:
- Open Settings on your iPhone or iPad.
- Tap Passwords & Accounts.
- Scroll through your passwords and tap on one with a triangular warning symbol.
- Tap Change Password on Website to be taken to the relevant website to change your credentials.
Security code AutoFill
SMS is a popular way for companies to deliver one-time codes to users that have two-step verification turned on for logging into their accounts. While currently, you might need to flip between the Messages app and the app to which you’re logging in in order to get that code, iOS 12 lets you stay where you are. When you receive an authentication code in a text message, iOS will find it automatically and place it in the QuickType bar of the keyboard, just as though you were getting a suggestion for a word to type.
With iOS 12, macOS Mojave, and tvOS 12, you’ll be able to share passwords with you nearby Apple devices. This is especially useful with the Apple TV, which doesn’t have access to iCloud Keychain like iPhones, iPads, and Macs do. When logging into an app, you’ll receive a notification on your iPhone or iPad from your Apple TV, which you can tap to bring up a password entry field. Your iOS device’s QuickType keyboard will then offer to let you AutoFill your login credentials on your Apple TV, for instance, with just a tap. It works like this:
- Open your app on Apple TV.
- Select the email address field on the login page.
- Tap the Keyboard and Password AutoFill notification on your iPhone or iPad.
- Tap the credentials that pop up on the QuickType keyboard bar.
- Tap the key icon on the QuickType keyboard bar if the credentials didn’t pop up on their own.
- Search for the relevant login information.
- Tap the login information that you want to use. Your username/email address and password will then populate the correct fields on your Apple TV app.
- Select the Login or equivalent button on your Apple TV.
This is made possible by one of the coolest little tricks I’ve seen from Apple in recent memory. With tvOS 12, the Siri Remote that comes with the 4th-generation Apple TV and the Apple TV 4K can act as a locator, finding nearby iOS devices on which to offer an AutoFill request. Because it’s proximity-based, you shouldn’t get these requests on all of you devices, just those that are closest to your remote.
Password Manager API
This is pretty cool. While iCloud Keychain is great for many, some people, myself included, prefer third-party password managers like 1Password and LastPass. And with iOS 12, Apple is making it easier to use those apps by providing a new Password AutoFill extension. With this extension, developers will be able to offer their stored login credentials in the QuickType bar on the iOS keyboard in both Safari and third-party apps, just like Apple does now with iCloud keychain when you’re logging in somewhere.
So instead of having to tap the share button, tap the 1Password extension button, authenticate, and tap on or find the relevant login credentials in order to use 1Password, I should just be able to tap once on my credentials that appear right above the keyboard, just as though they were a part of the system on my iPhone or iPad.