Apple Project Aims To Improve Password Managers

Apple has launched an open source project aimed at improving the way password managers work, in an effort to boost their usage and, in turn, web security in general.

Passwords have long been seen as a critical weak spot in the web, with people continuing to commonly reuse weak passwords across multiple services.

Microsoft said in December of last year that some 44 million users were still using passwords that had previously been compromised in data breaches.

Passoword managers are seen as a way of improving the situation, since they automatically generate strong passwords that the service fills in automatically when a user logs into a website or app.

World Password Day: Is the Password Still Fit For Purpose?

Compatibility

But Apple noted that in many cases the automatically generated password isn’t compatible with the site or app, for one reason or another.

This may cause a user to abandon the process and create a weaker password themselves, Apple said.

Password Manager Resources, published on GitHub, includes a list of website-specific rules – called “quirks” – that must be followed when generating passwords.

“Although ideally, the industry will work to eliminate the need for all of the quirks in this project, there’s value in customising behaviours to ensure better user experience,” Apple said in the project’s documentation.

Aside from password rules, the “quirks” also include groups of websites known to use the same credential backend, which can be used to enhance suggested passwords, and website-specific URLs for changing passwords, in order to take a user directly to the right page.

User experience

“By sharing resources, all password managers can improve their quality with less work than it’d take for any individual password manager to achieve the same effect,” Apple said.

The company said that by publicly documenting website-specific behaviours, password managers can offer an incentive or sites to use standards to improve their compatibility with third-party password tools.

“By improving the quality of password managers, we improve user trust in them as a concept, which benefits everyone,” the company said.

Apple encouraged developers to make use of its data and code, but asked that they contribute quirk data back to the project so that it can be used by other password management tools.

“Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service’s password policy is too restrictive for people using password managers, which may incentivize the services to change,” Apple said.

It said the quirk data included in the project is sourced from Apple’s own iCloud Keychain password manager.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

16 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

17 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

17 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

19 hours ago

Fewer People Using Twitter After Musk Takeover – Report

Research data suggests fewer people are using Elon Musk's X, but platform insists 250 million…

22 hours ago

Julian Assange Wins Temporary Reprieve For US Extradition Appeal

US assurances required. Julian Assange handed a slender reprieve in fight against his extradition to…

24 hours ago