iOS 12 has a half a dozen new features that make password management on iPhone and iPad easy. The new password autofill option shows up at every login page. You can share passwords using AirDrop and Apple will automatically recognize one time passwords and present it as a button just above the keyboard. Automatic strong password generation is one such feature.
Whenever you sign up for a new service or an app on iOS, Apple will automatically autofill the password field for you. With a strong, random, long password. And the password will be saved in your iCloud Keychain by default. This way, you don’t have to worry about reusing the same password everywhere (which is one of the biggest security risks).
For the uninitiated, iCloud Keychain is Apple’s system for saving username and passwords. The login information is saved in an encrypted format on your iCloud account and is accessible on all your devices – iPhone, iPad, Mac, and iPod Touch. The logins are hidden until you authenticate with your passcode, Touch ID or Face ID.
Let’s dive in:
- How to Generate and Save Strong Passwords in iOS 12
- How to Find Passwords Generated By iOS 12
- How to Identify and Change Reused Password in iOS 12
If the Strong Passwords suggestion isn’t showing up, it means you don’t have iCloud Keychain enabled. Go to Settings -> Accounts & Passwords -> AutoFill Passwords and enable iCloud Keychain.
Step 1: Open Safari app and go to the sign-up page for the app or website you want to create an account for.
Step 2: Enter the details like your name, email address and more.
Step 3: Tap on the Password field. As soon as you do that, iOS 12 will automatically prefill both Password and Confirm Password fields for you. The keyboard will be replaced with options view.
Step 4: Here, if you choose to use the strong password, simply tap on the Use Strong Password option. If you don’t want to use iOS 12’s password, tap on Choose My Own Password button to create your own password.
Step 5: After you choose Use Strong Password, go ahead with sign up flow. Once you sign up, the login details for the page, including the username and the password will be saved to your iCloud Keychain.
Once you sign up using a strong password, there’s no mention of it again. How do you make sure that iOS 12 did save the password for you? And if you want to use it on your Mac, how can you access or share it? This is where the new Accounts & Passwords section in Settings comes in.
Step 1: Open Settings app and go to Accounts & Passwords -> Websites & App Passwords. Authenticate using Face ID or Touch ID.
Pro tip: You can just ask Siri “show me my passwords” to directly get to this screen. You can even get specific and say “show my Amazon password” to get to the list directly.
Step 2: Here you’ll find a list of all the website and app logins. Search for the login you just saved.
Step 3: Tap on the login to view details. You’ll find the password right there.
Step 4: Tap on the password field to either copy it or share it with another iOS or macOS device using AirDrop. For the feature to work, the other iOS device needs to be running iOS 12 and the Mac needs to be on macOS Mojave.
Apple has integrated one of the best features from tools like 1Password and LastPass right inside iCloud Keychain. You can do a password audit and see which passwords have been reused. It’s best not to use the same password more than once.
Step 1: Go to the Websites & App Passwords section.
Step 2: After authenticating, you’ll see a list of all your saved logins. If you’ve reused a password for a service, you’ll see a little triangle with an exclamation mark next to the website name. Tap on it.
Step 3: Here, Apple will tell you that reusing passwords across different websites is not safe. Plus, you’ll see a button called Change Password on Website. Tap on to directly go to the relevant page that will help you change the password for the website.
How Do You Manage Your Passwords?
Do you use iCloud Keychain across all your devices? Or do you use a third party service like LastPass or 1Password? Do you have 2-factor authentication enabled for important accounts like Google and Dropbox? Share your password management workflow with us in the comments below.