The option to auto-fill passwords on your iPhone has been around a while now, but iOS 12 improves on it by suggesting strong passwords when first creating an account online in Safari or within apps. Apple has also added "password reuse auditing" for your iCloud Keychain, where all your logins are housed, which will find and change your weak passwords to strong ones.
Password auditing in iOS 12 can only be accessed in the settings for Apple's built-in password manager. If it finds repetition in your database, it will flag the entries and recommend you change those passwords. You can also change the weak password to a stronger one generated by the operating system itself. The procedure is simple to perform, but there are a few things you should be aware of.
Open up the Settings app, then choose "Passwords & Accounts," followed by "Website & App Passwords" up at the top. You'll need to either use Face ID or Touch ID to access your list of logins in iCloud Keychain.
Once you've accessed your iCloud Keychain, you'll see the websites listed along with your username. Tapping on any one will show its password. In the main list, if any password has been used more than once, there will be a warning sign (an exclamation point inside of a gray triangle) right next to it. A reused password is much more susceptible to a breach (and therefore is a weak password).
You could be using the same password on even more accounts. Also, some accounts that you know you are using a duplicate password on might not show warning signs next to them. These instances will only happen if those other accounts are not saved to your iCloud Keychain. The algorithm won't know about those other accounts if you have not saved them to this list for comparison, so keep that in mind.
While a notice is a significant first step, most of us will likely forget to change the password to something stronger unless the process is made easy, and that's precisely what iOS 12 does.
Select one of the accounts with the reused password warning, then choose "Change Password on Website." (This option only appears when there's a warning sign for the account.) The site will open in a Safari WebView window without leaving the Settings app. Log into your account using the AutoFill feature, then locate the account option to change your password. You can use the share sheet to "Request Desktop Site" if the mobile site won't let you change passwords.
Note that you can also hit the Safari icon in the bottom right of the screen when the keyboard is not open to visit the website directly in the Safari app instead of through the Settings app. The process will be the same.
Next, use the AutoFill feature for your old password. For the new password, tap on its box and your iCloud Keychain will automatically create a new secure password for you. You can also choose to bypass this suggestion and create your own.
If you choose "Use Strong Password," it will automatically add the password to the database. After that, select the "change password," "save password," or a similar button on the website to make the password change official, and your account is now better protected using a stronger password.
You can verify the information was logged correctly in your iCloud Keychain from the list of accounts. The website should no longer have a warning sign next to it, and after tapping on it, you'll see the new password.
Depending on the account you're trying to change, the mobile version of the website may be the default one that shows in Safari, either in the WebView window or in Safari directly. Some websites won't let you change passwords in the mobile version of the site, so you'll want to request the desktop version, as mentioned before.
However, not all websites allow you to use the desktop version on an iPhone, so requesting the desktop site may do nothing but reload the mobile site. In this case, you'll need to change your password on your computer.
Also, not all websites allow you to change passwords from Safari on an iPhone at all, and while you can use the website's app, if there is one, it might prevent you from changing passwords there too. One example of this is eMusic, in which you can only change passwords from a computer, not via the app or Safari on an iPhone.
The above issues are all problems originating with the website developers, not Apple's tools. But Apple's system has a few quirks of its own. Mainly, while "Use Strong Password" is supposed to work within apps, not just Safari, we have yet to see a case where you can change weak passwords with Apple's "password reuse auditing." We tried Chipotle, Groupon, and other popular apps, but the "Use Strong Password" option never showed up on the change password screens.