Apple Project Aims To Improve Password Managers

Apple has launched an open source project aimed at improving the way password managers work, in an effort to boost their usage and, in turn, web security in general.

Passwords have long been seen as a critical weak spot in the web, with people continuing to commonly reuse weak passwords across multiple services.

Microsoft said in December of last year that some 44 million users were still using passwords that had previously been compromised in data breaches.

Passoword managers are seen as a way of improving the situation, since they automatically generate strong passwords that the service fills in automatically when a user logs into a website or app.

World Password Day: Is the Password Still Fit For Purpose?

Compatibility

But Apple noted that in many cases the automatically generated password isn’t compatible with the site or app, for one reason or another.

This may cause a user to abandon the process and create a weaker password themselves, Apple said.

Password Manager Resources, published on GitHub, includes a list of website-specific rules – called “quirks” – that must be followed when generating passwords.

“Although ideally, the industry will work to eliminate the need for all of the quirks in this project, there’s value in customising behaviours to ensure better user experience,” Apple said in the project’s documentation.

Aside from password rules, the “quirks” also include groups of websites known to use the same credential backend, which can be used to enhance suggested passwords, and website-specific URLs for changing passwords, in order to take a user directly to the right page.

User experience

“By sharing resources, all password managers can improve their quality with less work than it’d take for any individual password manager to achieve the same effect,” Apple said.

The company said that by publicly documenting website-specific behaviours, password managers can offer an incentive or sites to use standards to improve their compatibility with third-party password tools.

“By improving the quality of password managers, we improve user trust in them as a concept, which benefits everyone,” the company said.

Apple encouraged developers to make use of its data and code, but asked that they contribute quirk data back to the project so that it can be used by other password management tools.

“Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service’s password policy is too restrictive for people using password managers, which may incentivize the services to change,” Apple said.

It said the quirk data included in the project is sourced from Apple’s own iCloud Keychain password manager.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

NHS Covid-19 Tracing App For England, Wales, Nears Launch

Date for limited rollout of delayed NHS track and trace app for England and Wales…

2 days ago

Coronavirus: Facebook Staff To Work From Home Until July 2021

Facebook follows Google lead by extending right of staffers to work from home until July…

2 days ago

Canon Suffers Ransomware Attack, With 10TB Of Data Stolen – Report

Report suggests Canon has been crippled with a ransomware attack with allegedly 10TB of data,…

3 days ago

Uber Expands UK Reach With Autocab Buy

Amid consolidation in the taxi sector caused by Coronavirus lockdown, Uber purchases British rival Autocab…

3 days ago

TikTok Selects Ireland For First European Data Centre

Ireland to get another data centre after the Chinese-owned short video app TikTok announces first…

3 days ago