Apple didn’t reveal every new iOS 12 update onstage at its WWDC keynote on Monday. Some things didn’t make the cut; others may be highlighted more prominently at its iPhone event in the fall, when the new operating system will actually ship. But as part of that update, Apple is making some noteworthy changes to the way its devices handle passwords, changes that should help smartphone users better manage their passwords—and perhaps use better password practices in general.
In iOS 12, Apple will be giving developers access to a new Password Manager API. This API will work with third-party password management apps installed on your device and allow other apps to hook into those stored passwords. These will be offered as suggestions when a user is prompted to fill in password information. Password manager 1Password showed off a demo of the API in action on Twitter: After entering the username for an account, a prompt appears above the keyboard saying that 1Password has a password stored for the site. The user is then able to use FaceID to confirm their identity, and the password is automatically filled in.
It’s not sexy, it’s not flashy, and—to many—it may not seem particularly exciting, but this may be one of the more useful and important iOS features to date. Most Americans (65 percent) try to keep their passwords memorized, according to data from the Pew Research Center. The next most common way to keep tabs of passwords is by writing them down on a piece of paper, used by 18 percent of those polled. Only 3 percent of those in this mid-2016 study use a password manager to store their login credentials securely. And if you are indeed using unique, strong password combinations for every app and website you log into, a password manager is the only reasonable way to keep track of all those passphrases.
Apple’s Password Manager API could incentivize iOS users to finally make the jump from reusing passwords or using easy-to-remember ones to using a password manager and setting up long, distinct passphrases for different online accounts. iOS 12 has some other tools that help with this as well. If you’re logged into a site on your Mac, but not your nearby iPhone, Apple will allow password sharing between these devices. This will help streamline your work or social flow as you may hop from one device to another over the course of a day. Apple is also extending Safari’s strong password creating feature: iOS 12 will now offer strong password suggestions when you log into a new app or site, and it will store those passwords in your iCloud keychain for autofilling later. iOS 12 will also flag reused passwords so that you can change them to something more secure.
When it comes to online security, passwords are still the weakest link. Phishing attacks, which typically use a cleverly disguised ruse like a faux website log-in page to glean your username and password credentials, are still one of the most common ways scammers are able to gain access to consumers’ online accounts. With its password-related updates in iOS 12, Apple will push users to adopt better digital security practices by highlighting when they’ve reused passwords, suggesting auto-generated options, and remembering those passcodes for easy login later. The biggest hurdle for many when it comes to practicing good online security is that it’s an enormous hassle (or without a password manager, it feels like it). iOS 12 will take a lot of the time and frustration out of proper password management. If even a fraction of users adopt its suggestions, iOS users should be better protected against the repercussions of hacks and data breaches. But for many, the main payoff may just be the time saved in not having to manually input a password ever again.
