Passwords are not sexy, but they are centre to your online security. The good news is, Apple has you covered
Get safe
Passwords, although not too exciting, always seem to generate opinions, and, discussion.
Hopefully, most people have now got a little wiser to the need for online security, and at least use, varied, and more complicated passwords than they did years ago.
Of course, there are some great third-party password apps such as 1 Password that you could buy. However, there may not be a need to go to any extra expense. If you sit firmly within the walled garden of the Apple ecosystem, then a brilliant option is sitting there, ready for you to use.
What is keychain?
A keychain is an encrypted container that securely stores your account names and passwords for your Mac, apps, servers and websites, and confidential information.
Not only can you store passwords, but also credit card numbers or bank account PIN numbers. Every user on a Mac has a login keychain. The password for your login keychain matches the password you use to log in to your Mac.
Passwords for free
Your Mac, iPhone, and iPad, all have a native password generator, and storage app, built in. It has been built by Apple, and it’s called iCloud Keychain.
Over the past few years, Apple has continued to develop, and work on this app. It’s safe, multi-layered, and quick to learn how to use. In the past, Keychain was merely a background password manager, that seemed to randomly pop-up, offering suggestions about a new password, or filling a new one in for you.
The latest iteration of it, however, will now scan for password breaches, warn of repeated passwords, and offers two-factor authentication (2FA) keys in a dedicated Settings window.
If you work across Android, and Apple devices, this choice may not be the best for you, but if you are solely an Apple user, then read on.
iCloud Password Manager for iOS
The app was built to be as invisible as possible. If the website, or app you are in, is coded correctly, a prompt will appear in place of your keyboard.
If you have already typed in the username, or email element, the password will be auto-populated by Apple password keychain manger. By default, this will be a series of twenty characters consisting of at least two dashes, upper case and lower case letters, and a symbol.
You’ll never have to remember that complex password, so accept the suggestion and simply make sure to select remember login when prompted.
The next time you come back to that website, the username, and password will autofill. Making it safer still, it will suggest using Face, or Touch ID, making sure you are the one filling out the password.
These credentials will sync across your iCloud devices, being encrypted end-to-end. And, should you wish to, viewing your stored passwords is simple. All you have to do is navigate to System Settings > Passwords.
Making it yours
One thing I did recently, was to create a shortcut to the passwords app.
Rather than having to navigate to the app in Settings every time, I have created an icon that now sits on my home screen.
To do the same, go to Shortcuts > tap the + top right > to the left of the word ‘done’ rename the shortcut as Passwords > Add Action > Categories > Web > URL (at the bottom of the screen). In that field, paste this command prefs:root=PASSWORDS.
Then, to add that shortcut to your home screen, press the three dots > share > add to home screen. You can even change the colour and associated icon on the shortcut as well.
Should you not wish to go those lengths, the other quick way to get to your passwords is to ask Siri instead.
On Mac
The catch-all, on your Mac for your passwords, is an old legacy tool named Keychain Access. This acts as an app for authentication certificates, passwords, and other security prompts.
However, since macOS Monterey, the easier option, is to find passwords within System Preferences/Settings.
But, the good news is, there really is no need to bother yourself that often with either Keychain Access, or the Passwords app, as in my experience, it just works.
2FA
I mentioned, earlier on, that 2FA is a recent addition to the Passwords app from Apple.
They are a pain, and I tut as much as the next person when prompted for them, but they do offer another layer of security. The kind of 2FA that generated via an SMS are not as secure as setting one up directly with the website.
The website, in question, will need to be set up to support 2FA, and if it is, the procedure is really simple.
In your Passwords app, select the site you want to add 2FA to. Next, select Set Up Verification Code, and then Enter Setup Key. From there, either, just scan the QR code with your iPhone, or right-click the QR code, and then paste in the details in your password app.
Just like passwords, the 2FA key will appear above the keyboard on websites that have been adequately coded for this system. Otherwise, you’ll have to navigate to the Passwords tool to copy and paste the code manually as needed.
A password-less future
No matter how secure your passwords, or password app is, there will always been some vulnerability attached to them. Apple, and other tech behemoths, are keen to move on from passwords, and passkeys, seems to be the elected way forward.
At WWDC last June, Apple mentioned passkeys for the first time. It’s essentially a new type of security that seeks to replace passwords for account login purposes.
Passkeys are a biometric, sign-in standard. Whereas passwords were stored on servers, and thus open for attack, passkeys will be stored locally, on your device.
Passkeys are based on the application programming interface (API), WebAuthn. The beauty is, once set-up, you’ll be able to sign in to the service with either only Face ID or Touch ID.
When you request to get on to a website, it will simply send a request to your device to authenticate the request. It combines both stronger security and increased convenience.
Further convenience comes to Apple users with passkeys, as they can be backed up to iCloud, and synced, with end-to-end encryption, across all devices. And, if you happen to want to access websites and services, whilst on Windows or Android devices, that too is covered. The websites will send a QR code to scan, and again, authenticate using biometrics.
A need for change?
Passwords have been the online standard-bearer for years now, but actually, they are not perfect. Passwords are vulnerable to cyber-attacks and data breaches.
Passkeys, however, cannot be re-used over various services, and, as it’s stored on your device, you’ll have no need to remember them either. And, as they are stored on your device, they cannot be phished, or leaked in data breaches. The fact that passkeys are not stored on some ubiquitous server, is a massive step forward.
If more proof were needed
Apple’s senior director of platform product marketing, Kurt Night, and VP of internet technologies, Darin Adler, were both interviewed by Tom’s Guide. Adler, in particular, was excited by the future, commenting;
“passwords can be like a mixed bag – they are the key to protecting everything we do online, but they’re also one of the biggest attack vectors and security vulnerabilities users face today. Face ID and Touch ID verification will give you the convenience that biometrics can achieve with an iPhone. You don’t have to buy another device, but also you don’t even have to learn a new habit.”
Seeing the future that lays ahead, some of the biggest sites, are already making sure they are FIDO (Fast Identity Online) friendly. Websites such as eBay, Best Buy, PayPal & Nvidia are already compliant.
Wrapping up
Passwords are not sexy – I get that, but they are crucial.
Using the native password app on your iOS device or Mac, and making sure you are getting the most from it, is as good a New Year’s resolution as I can think of…for the moment, at least.
Whilst we are not yet ready for a password-less, online, society yet, we are not that far away.
The future, very much, starts now. Online security can only be good for us all.
Getting involved…
Fancy receiving my weekly video newsletter?
It’s free, and simple to join. Just leave me your details here, and every Sunday lunchtime, I will drop in to your inbox, catching up on the last week.
Guess what – if you look forward to my articles & blogs landing each day, you can help that happen! By clicking via this link, you can join Medium, and get my blogs every day, the moment I publish them. And, you can even get email notifications about them too. Go on – one little click of the Magic Mouse, will make a big difference to both you and me! 😋
And Finally…
I am now on Vero – follow me here https://www.vero.co/dtalkingtech