Everything lives online these days, so it's not uncommon to have hundreds of credentials for different accounts on apps and websites. That's why a password manager is a must, and your iPhone has one built right into iOS that you can start using today. In iOS 14, it's gotten even more useful since it can now monitor your passwords regularly to see if any match leaked password lists online.
While Apple's iCloud Keychain password manager has already been able to alert you to weak passwords, whether they are just weak or reused across accounts, password monitoring against data breaches is a whole new thing.
Just because one of your passwords may be listed in a data breach doesn't necessarily mean the specific account is automatically compromised. The password may be from a leak of another website or company's data, not from the same site as the one you use the password on. Still, even if you have a strong password, hackers will regularly add leaked passwords to their password-cracking lists for brute-force attacks, so it's only a matter of time before someone targets you and gets access.
If you have iCloud Keychain set up as an option to auto-fill passwords into mobile and web apps, Safari will help out in the auditing so that it can warn you of compromised passwords whenever you log in to a website. So if you use iCloud Keychain to auto-fill your credentials into a website in Safari, after you sing in, Safari will give you a prompt to "Change Password on Website," like so:
This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.
iPhone can create a strong password for you. Would you like to change your password for "[sitename]"?
Tapping the"Change Password on Website" button will pop you into the web view inside of the "Passwords" menu item in your Settings app. From here, you can log in and change your password for the site or use the forgot password option to change it right away, depending on the site's options. Then, iCloud Keychain can help you choose a stronger password, just like it always has been able to do.
If the website has an option to upgrade your login to Sign in with Apple, you'll also get a suggestion to do that instead of letting iCloud Keychain automatically generate a new password. Sign in with Apple uses your Apple ID for the account. That way, it limits the information shared about you to the website.
If you don't want to wait for Safari to warn you of vulnerable passwords only when logging into an applicable website, you can go directly to the Settings app to see all of your security recommendations. That way, you get things done before it's too late. Doing so is also useful if you store passwords in iCloud Keychain but don't use it as one of your auto-fill password managers (since you wouldn't get alerts in Safari).
In the Settings app, open up the "Passwords" menu item. You could also tell Siri to "open passwords." Then, use Face ID, Touch ID, or your passcode to log in.
Once logged in, you should see the "AutoFill Passwords" option (which lets you choose iCloud Keychain or another password manager like LastPass for auto-filling credentials) up top. Right under that but before your list of accounts, you'll see "Security Recommendations;" open that.
Here is where you would find high priority recommendations to change passwords that are too weak or reused, with other suggestions listed below. Now, in iOS 14, you'll also see high priority recommendations to change passwords because of a "password that has appeared in a data leak."
You can tap "Change Password on Website" to open up that site's web view right away to get started, or you can tap the account to see more details. There, you'll be able to see your username and password, as well as any other security risks associated with the account, such as weak or reused passwords. You'll also see the link to "Change Password on Website" here too.
If you choose "Change Password on Website," you can let iCloud Keychain help you pick a new password, just like you would when doing so from Safari. You can also upgrade your account to Sign in with Apple if the site supports it, as described in the previous section above.
Safari and iCloud Keychain regularly monitor your passwords against leaked passwords online that may have been involved in a data breach. Apple states that it "uses strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords in a secure and private way that doesn't reveal your password information — even to Apple."
If that still doesn't sound good to you, you can disable the feature. To stop the automatic monitoring, toggle off the "Detect Compromised Passwords" switch in the "Security Recommendations" section of the "Passwords" menu in Settings.
Keep Your Connection Secure Without a Monthly Bill. Get a lifetime subscription to VPN Unlimited for all your devices with a one-time purchase from the new Gadget Hacks Shop, and watch Hulu or Netflix without regional restrictions, increase security when browsing on public networks, and more.
Other worthwhile deals to check out: