News of another major breach of customer data makes this a good time for business professionals to verify their passwords by any means necessary.
Reports of massive data breaches from 100 million T-Mobile accounts should encourage any Apple user to verify their account password and security. Here’s how to do it with Keychain.
ICloud Keychain to the Rescue
Apple’s built-in password manager is called iCloud Keychain. Securely store saved account information, such as account names and passwords, on all devices you’re connected to. You will automatically enter this information when you access an application or service.
It is a useful tool to help manage better security habits. Many prefer to use cross-platform services such as LastPass, Dashlane or 1Password for this task, although these services may be vulnerable to attack.
Apple has iterated its password management tool since it was introduced. Starting with iOS 14, it now warns you of the following security vulnerabilities:
- Weak passwords: When you use a password that is used a lot or is easy to guess. Passwords are considered easy to guess when using words found in a dictionary or using regular character substitutions, keyboard patterns, or sequences such as 1, 2, 3, 4. You will also be asked to change your password if you use way to access multiple sites.
- Passwords: When a password appeared in a data breach, such as the one recently revealed to T-Mobile. This system uses a continuously updated and selected main list of passwords that have been known to have been leaked. The password manager uses powerful cryptographic techniques to match passwords with faulty password lists so that your own passwords are never shared.
- Here’s more information on how it works.
How to use iCloud keychain
Set up your system in Settings> iCloud> iCloud Keychain on iOS devices or in System Preferences> Apple ID> iCloud> iCloud Keychain on Mac. Just activate the function.
Once activated, the keychain will collect your passwords on all devices as you access websites and services during use.
How to check password strength
To verify the power of your iCloud Keychain password, follow these steps:
- On a Mac
- Open Safari.
- From the Safari menu, open Preferences and then choose Passwords.
- You’ll need to sign in to access your passwords using your Touch ID, Mac password, or by signing in with your Apple Watch.
- You will be presented with a list of sites that use a weak or exposed password, indicated by a yellow warning triangle.
- Double-tap that triangle to find out why the password was called and to find a link to the site in question, where you can change it to something more secure.
- You can also tap Details to access this information.
- Touch Remove to remove a password.
On an iPad or iPhone
The system is better on iOS because it does a better job of making the information it finds visible. To check the status of passwords on iPhone or iPad:
- Open Settings> Passwords.
- You will need to log in with your passcode or Touch / Face ID.
- You’ll find an alphabetical list of your passwords, with a section called Security Tips at the top.
- The Security Recommendations section usefully shows you how many risks it has detected.
- Tap it and you’ll find a switch to turn off the compromised password detection system, which I suggest you don’t use.
- You will also find an extensive list of all the most compromised passwords, what the problem is and why you should fix it.
- Touch any item in the list to learn more about that password, with a link that takes you directly to the website, where you can make a change to resolve the issue.
- NB: Deleting a password on iCloud Keychain does not actually delete your account; you have to do it yourself on the appropriate site.
How is Apple?
Apple in 2020 made available to the open source community a collection of resources for the development of password management. This includes collections of websites that are known to share a login system, links to parts of websites where users change passwords, and information about password idiosyncrasies allowed by certain services.
The company also offers the Apple connection system, which can use Face ID and / or Touch ID and your Apple ID to create extremely secure connections.
Starting with iOS 15, Apple will also integrate Google Authenticator into the system, which means it will be able to generate verification codes for additional login security. If a site provides two-factor authentication, you’ll be able to configure verification codes in Password in Settings, and they should be completed automatically when you sign in to the site.
Apple is also creating a new access key system that can be used to replace passwords with biometric authentication (Touch / Face ID).
Apple takes security seriously (most of the time) and, like most large technology companies, is now working to develop an infrastructure to replace passwords with other forms of authentication access. However, we are not there yet, and the latest data breach should be reason enough for any business user to confirm that their passwords are still strong.