Apple’s latest iPhone software update, iOS 18, arrives today and includes a new app: Passwords. For the first time, Apple is taking your phone’s ability to save login details and putting them in a standalone app. It could help improve millions of people’s terrible passwords.
After years of being told you should create unique, strong passwords for every website and app you use, you probably fall into one of two camps: people that are fully signed up to the password manager life, or those still using “123456” for every other website.
Apple’s new encrypted Passwords app is automatically included with iOS 18, and is a public-facing evolution of its Keychain and password-saving capabilities. The Keychain, which has existed for more than a decade, no longer has as prominent a home in the iPhone’s settings, and details previously saved there are being moved to the new app.
The launch of the password manager app, which will also be available on macOS Sequoia and iPadOS 18, may help improve people’s relationships with their passwords but also could, to varying degrees, challenge existing password managers.
“This move makes the app more visible to lay users and informs them about this secure method to store and manage passwords,” says Talal Haj Bakry and Tommy Mysk from security company Mysk. “You have a default password manager preinstalled on your device [that] provides end-to-end encryption when syncing data across devices.”
New Passwords
The Passwords app has a pretty barebones design. Six different tiles are presented when you open the app on an iPhone: All, Passkeys, Codes, Wi-Fi, Security, and Deleted. These are essentially the main functions of the app, allowing you to save each type of data within their relevant sections. The security section includes check-ups allowing weak and exposed passwords to be identified.
“This will definitely boost the adoption of this preinstalled app and bolster user security,” Bakry and Mysk say. They add that it presents the saved data “in a more organized way than the Settings app.”
Apple says the Passwords app uses end-to-end encryption to save your details, meaning nobody, not even Apple, knows what you have saved. Within the app, you can search for login details to your entries and set up groups to share passwords with other people.
Your saved login details are synced across Apple devices using iCloud, meaning the encrypted data is shared with Apple’s cloud servers and available on all of your Apple devices. Within Apple’s settings, you can turn off syncing passwords on a specific device. The app is locked using Face ID.
When using the Passwords app, any details you have previously saved in Keychain or AutoFill will be moved to the new location. This includes if you have used the Sign in with Apple login system on any websites or apps. It is unclear why Apple has decided to spin its Keychain system into a fully fledged password manager now, although the company has been building out the individual features over a number of years. (Apple has not responded to WIRED’s request for comment at the time of writing.)
For many people, having a standalone password manager app from Apple could encourage better password practices. Siamak Shahandashti, a senior lecturer in the University of York’s cybersecurity and privacy research group, says the move from Apple may be a usability decision. Making Passwords visible could encourage people to take their passwords seriously.
“We need to design authentication systems for human beings,” Shahandashti says. “We cannot expect users to maintain a hundred accounts, for each of them [to] use a strong password. It’s actually the fault of the designers because these systems have not been designed for users considering the capability of an average human being.”
Death of the Password
Passwords are slowly dying. Enter the passkey. For the past couple of years, websites, apps, and phone manufacturers have been in the process of rolling out passkeys—a technology that replaces passwords, is more secure, and doesn’t require you to remember any complex login details. (Although passkeys still have some teething problems.)
Leona Lassak, a research assistant at Ruhr-University Bochum who has studied passkey adoption, says greater “visibility” of the Passwords app can help get the sign-in technology to a broader audience, one which might not use a password manager otherwise. Apple’s Passwords app could help with the perception and transition to passkeys, Lassak says. “There has been discussion about the need for passkey managers, because once we actually use them on websites, there's probably going to be multiple for each website,” she says.
The app is also, at least subtly, encouraging the adoption of passkeys. Within Passwords’ settings, accessed through Apple’s System preferences, there’s the option to turn on “automatic” passkey upgrades, which will allow existing accounts to use passkeys when they are available.
Lock In
Password managers have existed for years and there are plenty of options you can use, from open source apps to browser-based management systems. Each comes with their own particular set of pros and cons.
Apple wading into the password management market by including a new app on millions of iPhones, Macs, and iPads could also impact the wider ecosystem. “There’s no question that Apple’s Passwords app would ‘sherlock’ third-party password managers—or make them less attractive,” say Bakry and Mysk, highlighting that people need to use iCloud to sync passwords in Apple’s system, and that those who are privacy conscious may not want this to happen automatically.
There’s also the risk of locking people into Apple’s password manager—at launch, there appear to be no options to export the saved data and use it in a commercial alternative. One competitor password manager has stressed that their software works on products “beyond” the “Apple ecosystem.” (People using Apple’s password management software on Windows devices can access saved details through iCloud for Windows.)
Ultimately, what password manager you use should reflect what type of software you want to support and the individual threats you may face. For many, Apple’s new app is probably better than not using a password manager at all.