Despite the rise of two-factor authentication, password security remains a top priority. Unless your password is unique, relatively long, and wasn’t found in a plain-text database breach, you should probably change it. For some sites, you may not have changed the password for years, if ever. (Conversely, if a password for a given site you use is unique, long, and intact, there’s no good reason to change it.)
Apple offers a tool to help you fix your worst passwords. Security recommendations can be found in iOS/iPadOS in Settings > Passwords. In macOS, find it in System Parameters > Passwords (Ventura); Or System Preferences > Passwords (Monterey); Or Safari > Preferences/Settings > Passwords (all versions of macOS). It’s easier to manage on macOS, so the examples below are from Ventura.
The recommendations are divided into high priority recommendations and other recommendations. For me, I had 18 in the first category and 68 in the other. (If you don’t have any high-priority recommendations, this might just show a list.) Why Apple promotes certain entries to the high-priority category isn’t clear. With my account, items listed as high priority include a financial site, a government site (.gov), and several Apple sites. The other sites included don’t necessarily have anything in common – perhaps password shortness or how often a word is used in the password.
Warnings listed by Apple
Here’s what you’ll see as warnings in the high priority and standard priority entries:
Commonly used password: The passwords identified as commonly used are the result of years of password leaks. Passwords used by many people can now be easily found on the Internet by anyone, let alone criminals or other attackers. Apple notes, “A lot of people use this password, which makes it easy to guess.” I found a number of test accounts in this category, accounts that I set up and either never used or were set up temporarily for me. Passwords have been as poor as the letter a and the word password. (These matches are made through Apple store information on your computer.)
Hackers who gain access to an account database that lacks proper modern protections that make passwords identical as unique cryptographically obscure entries will first run a list of the most commonly breached passwords. This allows them to find fruit close at hand.
Commonly used word. Apple warns you if you use a common, short, and frequently used word in your language. Password crackers used to scan common words to crack passwords; which may be outdated due to changes in the way passwords are stored. But it’s still not a good idea to have a password that is all or most of a common word.
Database leaks. Passwords specifically found in leaked databases, whether common or not. Apple’s explanation is that “this password appeared in a data leak, which puts this account at high risk of compromise”. These matches are performed remotely by Apple with data from breaches compiled by reputable security sources that Apple has authorized, acquired, and stored using a clever cryptographic approach that prevents them from transmitting your exact password. . Their list contains 1.5 billion passwords. However, you can opt out by disabling Detect leaked passwords.
People trying to break into accounts will also use less common passwords depending on the compute resources they have. If a password you use (alone or also by other people in the world) has already been leaked in plain text, you can’t be sure that someone can’t attack your account with it.
Reused passwords. Apple notes this for passwords you use on multiple sites. The text reads: “You reuse this password on “domain“, which increases the risk for this account if your “domain“The account is compromised.
It used to be common sense to choose a strong password – back then a random sequence of 8 characters, then 12 – and use it everywhere. The advice was to change it from time to time. This advice is long expired. Now you need to use a password manager, like the one built into Apple’s operating systems, to create and store a unique, long password for every site and service you sign up for.
How to improve the quality of your password
Apple has a shortcut that lets you quickly change a weak or compromised password. For priority entries, click Change password on website; for other entries, first click on the entry, then on Change password on website.
This may take you to the change password or account management page on the site. Apple has developed a specification that allows a website operator to place a specially formatted file (or use a script to do the same) on https://example.com/.well-known/change-password which redirects to the correct page. If this location exists, click the Change password on website the button takes you to the right place; otherwise, it takes you to the home page of the site. (If you’re managing a website of any size, it’s very easy to set up.)
If you change the password on the website using Safari, you will be prompted to update your password stored in the keychain.
You can also edit the password directly in place, then copy and paste it into a website. you can click Edit then click Create a strong password, and the password manager generates a new, better one. However, you might need the old password to log in – so write down the old password before updating it.
This Mac 911 article is in response to a question submitted by igamesnews reader François.
Ask for Mac 911
We’ve compiled a list of our most frequently asked questions, along with answers and column links: read our awesome FAQ to see if your question is covered. Otherwise, we are always looking for new problems to solve! Email yours to [email protected], including screenshots if available and if you want your full name used. Not all questions will be answered, we don’t respond to emails, and we can’t provide direct troubleshooting advice.
