Apple Launches Open Source Project to Let Password Management Apps Create Strong Passwords

by

Apple today informed developers that it has launched a new open source project that's designed to let those who develop password management apps create strong passwords compatible with popular websites.

1passwordgenerate
The new Password Manager Resources open source project allows password management apps to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords.

Many password managers generate strong, unique passwords for people, so that they aren't tempted to create their own passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.

The project also features a collection of websites known to share a sign-in system, links to website pages where users can change passwords, and more, with full details available on GitHub.

Apple says that having password managers collaborate on resources like password rules and change password URLs allows all password management apps to improve their quality with less work, plus it encourages websites to use standards or emerging standards to improve their compatibility with password managers.

Tag: Apple Developer Program

Popular Stories

iPhone 16 Pro vs iPhone 17 Air Feature

iPhone 17 Air and 17 Pro Max Allegedly Same Size Apart From Thickness

Friday March 7, 2025 2:45 am PST by
Apple's all-new ultra-thin iPhone 17 Air shares the same dimensions as the iPhone 17 Pro Max, with the only difference being in the thickness of the devices, according to the leaker Ice Universe. Posting to their Weibo account, the Chinese leaker today claimed that the iPhone 17 Air and iPhone 17 Pro Max have identical body length, width, screen size, and bezels. "The only difference is the...
Read Full Article70 comments
2016 12 inch macbook feature

Apple Introduced Its Most Controversial MacBook 10 Years Ago Today

Sunday March 9, 2025 1:00 am PST by
Apple announced the infamous 12-inch Retina MacBook a decade ago today, an experimental new Mac that was as controversial as it was revolutionary. Apple unveiled the 12-inch MacBook on March 9, 2015, at the "Spring Forward" event in San Francisco, California. The event was primarily focused on the Apple Watch, which was being fully detailed ahead of its launch the following month, so the...
Read Full Article341 comments
Apple One Apps Feature 2

Apple One's Best Plan Now Includes Two More Perks For Free

Monday March 10, 2025 6:40 am PDT by
Apple One allows you to subscribe to up to six Apple services for one discounted monthly price. There are three Apple One tiers: Individual, Family, and Premier. Over the last month, the highest-end ‌Apple One‌ Premier plan has gained two additional perks. Here is what Apple One Premier already included, for $37.95 per month:Apple Music Apple TV+ Apple Arcade Apple News+ Apple Fitness+...
Read Full Article63 comments
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro Launching Later This Year With These 8 New Features

Tuesday March 4, 2025 3:15 pm PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro's alleged design via Front Page Tech Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone...
Read Full Article
iphone 17 pro asherdipps

iPhone 17 Pro Max Said to Be Thicker to Accommodate Larger Battery

Friday March 7, 2025 2:47 am PST by
Apple has increased the thickness of the upcoming iPhone 17 Pro Max compared to the current generation iPhone 16 Pro Max, claims the Chinese leaker known as Ice Universe. Apple is said to have increased the depth of the iPhone 17 Pro Max to 8.725mm, up from 8.25mm on the iPhone 16 Pro Max, which would be a 0.475mm difference in thickness. The increase "surely means a larger battery,"...
Read Full Article131 comments
Generic iOS 19 Feature Mock Light

iOS 19 Will Bring Biggest Design Overhaul Since iOS 7

Monday March 10, 2025 12:17 pm PDT by
Apple is planning for a major design overhaul of the iPhone, iPad, and Mac interfaces with the introduction of iOS 19, iPadOS 19, and macOS 16 later this year, reports Bloomberg. The update will "fundamentally change" the look of Apple's operating system, introducing a more consistent cross-platform experience. Apple plans to update the style of icons, menus, apps, windows, and system...
Read Full Article211 comments
Apple MacBook Air hero

New MacBook Air Quietly Fixes This Decades-Long Design Oversight

Friday March 7, 2025 6:58 am PST by
In a move that probably won't make headlines but should delight detail-oriented Mac users everywhere, Apple has quietly corrected a 26-year-old design inconsistency on its keyboards. The Mute key, a staple on Mac keyboards since the PowerBook G3 'Lombard' debuted in 1999, has finally received a logical redesign on the new MacBook Air with M4 chip. As spotted by iCulture, the key now displays ...
Read Full Article109 comments
iphone 17 mockups idevicehelp

Video Shows iPhone 17 Mockups Based on 'Internal Documents'

Monday March 10, 2025 4:41 am PDT by
YouTuber iDeviceHelp on Friday posted a video that shows off mockups of Apple's forthcoming iPhone 17 models that are purportedly based on "internal documents." We're sharing the video here since it was made in collaboration with leaker Majin Bu, who last month published similar iPhone 17 renders that were widely corroborated by separate leakers with links to Apple's Chinese supply chain....
Read Full Article88 comments
Apple Intelligence General Feature

Apple Delays Apple Intelligence Siri Features

Friday March 7, 2025 9:35 am PST by
Apple is delaying some of the Apple Intelligence Siri features that it expected to release in iOS 18, an Apple spokesperson said in a statement to Daring Fireball. Apple says that it is going to take longer than expected to roll out the more personalized Siri experience, and that these features will be rolled out "in the coming year.""Siri helps our users find what they need and get things...
Read Full Article314 comments

Top Rated Comments

kop48 Avatar
kop48
62 months ago
Any reason why the article shows the password generator from 1Password without references? :)
Score: 21 Votes (Like | Disagree)
mnsportsgeek Avatar
mnsportsgeek
62 months ago
The thing I’d really like to see is password generation in safari for 3rd party apps.

It’s a bit of a pain to create new accounts in 1Password with the proper url. You have to go back and forth between the app and 1Password a time or two. It’d be nice if it was more streamlined for 3rd party apps kind of like it is for keychain.
Score: 14 Votes (Like | Disagree)
TriBruin Avatar
TriBruin
62 months ago

there's still going to be (and are) plenty of websites that create their own stupid password rules that no password manager that generates strong passwords will be able to comply. People are still going to have to roll their own- kinda taking away the spark of this project. - But at least it's a step in the right direction.
From the way I read it, that is the goal of this project. Once enough password managers add this feature, it should not matter (from a password generation POV), what the requirements are. The password manager will know BEFORE it generates a password.

Take an example from one of the existing websites in the password-rules.json:

According to the JSON, bhphotovideo.com has a requirement of a password max length of 15 characters. Pretend you go to that website and attempt to create an account. You use the Password Generator in Safari (or any password manager), BEFORE the password generator attempts to create a complex password, it reads the JSON and finds the bhphotovideo.com URL. It then reads the requirements (Max length 15). It immediate creates a password that fits that requirement, regardless of what your defaults are. No action needed on your part to manually change the requirements (which may not be obvious on the webpage.)

The key is (a) the list of password requirements is kept up to date. Since this is published on GitHub, anyone can make a PULL request to update. I wonder what Apple's merge requirements are going to be.

(b) Password managers integrate this in to there workflow.
Score: 14 Votes (Like | Disagree)
NightFox Avatar
NightFox
62 months ago

Any reason why the article shows the password generator from 1Password without references? :)
I'd guess that if they did reference it, people on here would be asking why they'd singled out 1Password to feature over other PWMs
Score: 13 Votes (Like | Disagree)
Stanfield Avatar
Stanfield
62 months ago

Sure. Give hackers the open source code to help people generate passwords. What can go wrong? :rolleyes:
Openness enables collaboration. Black boxes maintained by a single company aren't usually the best method for strong security. I want security that shows you exactly what its doing, has been vetted by a community of security experts, and dares the hackers to break it.
Score: 9 Votes (Like | Disagree)
bookofxero Avatar
bookofxero
62 months ago
It would be great if websites would have some consistency in their input validation and database schemas. I know one company that allows almost every special character but a comma - and the error message doesn't tell you which special character is the disallowed one. I used 1password and had to go through the generated password and remove each special character 1-by-1 to figure out which one was problematic.
"Hrm, octothorp? Nope. Modulus? Nope. Pipe? Nope. Asterisk? Nope. Greater than symbol? Nope. That just leaves the comma. What?! Seriously?"
It really is an awful experience and I can see why other users would resort to weak and/or reused passwords.
I've see other sites with very specific character length guidelines and other weird combinations. One site, which has since updated to something more secure, even once required 8-15 characters, letters and numbers only. If I were trying to brute force or guess a potentially weak password, wouldn't that make the dictionary size much smaller and thus easier to crack?
Score: 7 Votes (Like | Disagree)
Read All Comments