How to use iCloud Keychain to audit your passwords

By Posted on

Reports of a massive 100 million account data leak on T-Mobile should prompt every Apple user to double-check passwords and account security. Here’s how to do it using Keychain.

iCloud Keychain to the rescue

Apple’s built-in password manager is called iCloud Keychain. It securely stores your stored account information like account name and password across all your logged in devices. It will automatically enter this information for you when you access the app or service.

Read moreHow To Choose The Top Accounting Software

This is a useful tool to help manage your security habits better. Many prefer to use a cross-platform service such as LastPass, Dashlane, or 1Password for this task, although these services themselves may be vulnerable to attack.

Apple has been repeating its password management tool since its introduction. As of iOS 14, it now informs you of the following security flaws:

  • Weak password: When you use a password that is widely used or easy to guess. Passwords look easy to guess when they use words found in dictionaries or use common character substitutions, keyboard patterns, or sequences such as 1,2,3,4. You will also be asked to change your password if you use the same password to access multiple sites.
  • Password leak: When passwords show up in data leaks, as recently revealed on T-Mobile. The system uses a constantly updated and curated list of master passwords that are known to have leaked. Password managers use strong cryptographic techniques to check your passwords against a list of breached passwords in such a way that your own passwords are never shared.
  • Here is more information on how it works.

How to use iCloud Keychain

Read moreThe Importance of Geothermal Energy in the Electrical Industry

You set the system in Settings > iCloud > iCloud Keychain on an iOS device, or System Preferences > Apple ID > iCloud > iCloud Keychain on Mac. Just toggle the feature to On.

Once you enable it, Keychain will collect your passwords across all your devices when you access websites and services while in use.

How to check the security of your password

To check password security in iCloud Keychain, follow, these steps:

On Mac

  • Open Safari.
  • In the Safari menu, go to Preference then select password.
  • You must sign in to access your password using Touch ID, a Mac password, or by authenticating with Apple Watch.
  • You will be presented with a list of sites that use weak or open passwords, which are marked with yellow warning triangle.
  • Double-tap the triangle to find the reason the password is flagged and to find a link to the site in question where you can change it to something more secure.
  • You can also tap details to reach this information.
  • Knock Delete to remove the password.

On iPad or iPhone

This system is better on iOS, as it does a better job of making the information you find visible. To check the status of your password on your iPhone or iPad:

  • Open Settings > Password.
  • You must sign in using a passcode or Touch/Face ID.
  • You will find a list of passwords alphabetically, with a section called Safety Recommendations on.
  • That Safety Recommendations the help section tells you about how much risk was discovered.
  • Tap it and you’ll find a toggle to turn off the compromised password detection system, which I recommend you don’t use.
  • You’ll also find a comprehensive list of all your most frequently compromised passwords, what the problem is, and why you should fix it.
  • Tap on any item in the list to find out more about that password, with a link that takes you directly to a website where you can change it to resolve the issue.

NB: Deleting passwords in iCloud Keychain doesn’t actually delete your account – you’ll have to do it yourself on the relevant site.

What else is Apple doing?

Apple in 2020 made a collection of resources for password management development available to the open source community. This includes a collection of websites known to share login systems, links to sections of some websites where users change passwords, and information about oddities in passwords that some services allow.

The company also provides a Sign In With Apple system, which can use Face ID and/or Touch ID and your Apple ID to create highly secure logins.

Starting with iOS 15, Apple will also be building Google Authenticator into the system, meaning you’ll be able to generate verification codes for additional login security. If a site offers two-factor authentication, you will be able to set up a verification code under Passwords in Settings and it will autofill when you sign in to the site.

Apple is also incorporating a new Passkey system that can be used to replace passwords with biometric authentication (Touch/Face ID).

Apple really cares about security (most of the time), and like most big tech companies are now working to develop an infrastructure that replaces passwords with other forms of login. However, we’re not there yet, and the latest data breach should be reason enough for every enterprise user to confirm that their passwords remain secure.

Please follow me on Indonesiaor join me at the AppleHolic bar & grill and Apple Discussion group on MeWe.

Copyright © 2021 IDG Communications, Inc.

Related posts: