Apple publishes free resources to improve password security
Apple has published today a set of free tools and resources to help developers of password managers — but also other apps — generate strong passwords.
The new tools, collectively called the Password Manager Resources, have been open-sourced on GitHub today. Apple says the new tools are primarily meant to help developers of password manager apps create better experiences for users.
Apple said it published these tools to address a long-standing issue with password manager applications that impacts users across all operating systems, and not just macOS and iOS.
The issue is that while password managers create unique and strong passwords, many times, these passwords aren’t compatible with the websites they are being created for.
Users encountering errors while generating a random password will often resort to choosing their own one instead, which many times is shorter and less secure than the one normally generated by the password manager app.
Apple’s tools include lists of password selection rules for many of today’s most popular websites.
Apple says that password managers that will use its list of rules will start generating passwords that are both strong and unique, but also compatible with the websites they are being used for, and, hence, reduce user experience (UX) errors and instances where users tend to choose their passwords — a situation Apple wants to avid
Furthermore, Apple also published a list of websites that share login credentials with one another, a list that Apple hopes “make[s] password filling suggestions more useful.”
In addition, Apple also shared a list of website URLs where users are currently redirected to change their passwords. Apple says this list will be useful for developers of password managers in case they detect a weak password and want to take users directly on the page where they could change the password, rather than let the user find that page on their own.
Apple said it open-sourced Password Manager Resources today because it wants password managers to integrate these rules, but also contribute back to the project with their own insight into this issue, for the overall benefit of user safety.