Apple Launches Open Source Project to Let Password Management Apps Create Strong Passwords

4487549 · Jun 6, 2020

mnsportsgeek said:
The thing I’d really like to see is password generation in safari for 3rd party apps.

It’s a bit of a pain to create new accounts in 1Password with the proper url. You have to go back and forth between the app and 1Password a time or two. It’d be nice if it was more streamlined for 3rd party apps kind of like it is for keychain.

Use the "Command + \ " shortcut. They even send the cursor back to where you want it to remove any extraneous clicks. They really sweat the details on that one

[automerge]1591468955[/automerge]
Apple getting ready to Sherlock 1Password...

ss2cire · Jun 6, 2020

bookofxero said:
Oh! And then there was the Amazon weirdness that they may or may not have fixed yet. Long PWM-generated password that works great on their site. Try to use my PWM to log in to the Kindle app and it keeps failing. Lots of trial and error and find out the Kindle apple truncates the password length. Emailed them about it, but I'm sure support just sent it to the circular file.
Anyway, had to shorten my password to... 20 characters if I remember correctly. Still really secure, but once again not the sort of thing an average user would subject themselves to figuring out.

Apple doesn't sell the Kindle brand. Amazon does, so you apparently reported to the wrong company.

Nütztjanix · Jun 7, 2020

Doctor Q said:
May I take this opportunity to rant against websites and security products that restrict the characters that you're allowed to use in a password?

There's absolutely no technical reason for this, as any competent programmer can handle the encoding and decoding where necessary, but I often run into sites that tell me I can't use spaces or less-than signs or ampersands in my password. Dumb!

</rant>

See bookofxero's post about the same thing.

This! Also arbitrary restrictions on length.

Troy Hunt has several blogposts on this topic, and I couldn't agree more.

gk4 · Jun 8, 2020

Mr. Heckles said:
So what dictionary will have JohnDiamondTitanicJapan in it? A dictionary attack will have John, Diamond, Titanic, and japan separately, but not as one word... unless it was used and one of those passwords that got leaked out in a previous breach. Now to make it stronger put a symbol in there and numbers: John*Diamond-2-Titanic-Japan56

However you slice it, using words makes it worse. You're using a situation where you set up a false choice between randomized password of length n and string of words password of length 3n or 4n etc. In actuality, there is no reason the random string password needs to be any shorter. If a website allowed 30 char passwords to accommodate your random word password, there's nothing stopping me from also using all 30 chars and making the password 28VkJ!#!V8#2Peoa7hoibOWo#OVNU.

You also haven't solved the key issue with passwords in that needing to remember them forces password reuse. Do you think you could reliably remember passwords for all your sites if they were comprised of 4 random words in a random order (so presumably, if they're actually random, these words would be different for every single website).

Mr. Heckles · Jun 8, 2020

gk4 said:
However you slice it, using words makes it worse. You're using a situation where you set up a false choice between randomized password of length n and string of words password of length 3n or 4n etc. In actuality, there is no reason the random string password needs to be any shorter. If a website allowed 30 char passwords to accommodate your random word password, there's nothing stopping me from also using all 30 chars and making the password 28VkJ!#!V8#2Peoa7hoibOWo#OVNU.

You also haven't solved the key issue with passwords in that needing to remember them forces password reuse. Do you think you could reliably remember passwords for all your sites if they were comprised of 4 random words in a random order (so presumably, if they're actually random, these words would be different for every single website).

Passphrase Are great when you have to manually type in the password, and yes, that is needed these days even with password managers. Again, if you can find John*Diamond-2-Titanic-Japan56 in a dictionary, let me know.

gplusplus · Jun 8, 2020

Why you shouldn’t use an Apple/iCloud Keychain: because all your credentials are held hostage within Apple’s walled garden. If you ever need your credentials on a non-Apple platform, you’re screwed.

Use LastPass, 1Password, or similar.

Mr. Heckles · Jun 9, 2020

gplusplus said:
Why you shouldn’t use an Apple/iCloud Keychain: because all your credentials are held hostage within Apple’s walled garden. If you ever need your credentials on a non-Apple platform, you’re screwed.

Use LastPass, 1Password, or similar.

How are you screwed? You can go on your Apple Device and look up the password, and type it in where you need it.
This is why I use 1Password, I like that it’s cross platform and I don’t have to be tied down to Apple.

Nütztjanix · Jun 9, 2020

Mr. Heckles said:
Passphrase Are great when you have to manually type in the password, and yes, that is needed these days even with password managers. Again, if you can find John*Diamond-2-Titanic-Japan56 in a dictionary, let me know.

Again, how many different passwords of this type do you have for all the various sites you're registered? And did you all memorize them?

Tech198 · Jun 10, 2020

This could be good and what you'd except from Apple, but there they should not treat on people either. Lastpass has issues on many websites: Gmail fails to auto-fill email address, but ok with password..

How can we be sure open source, or not open source, Apple won't just be making this a bigger problem than password manager aps are left behind because "they can' be bothered" and just shove it too "Web owners just update code which is 'not compatible' ? using php. .js scripts etc..

seriously? you expect me to believe what worked ok, fails to work now under the same conditions? Web sites dont update their login that often. I often think its just because these password managers tend toonly go for the "industry standard" a subset. I wouldn't even say the complete set.

gplusplus · Jun 10, 2020

Mr. Heckles said:
How are you screwed? You can go on your Apple Device and look up the password, and type it in where you need it.
This is why I use 1Password, I like that it’s cross platform and I don’t have to be tied down to Apple.

I can’t tell if you’re joking.

Typing passwords is bad. You shouldn’t have to type your passwords, especially if they’re 32 characters of random characters.

Mr. Heckles · Jun 10, 2020

gplusplus said:
I can’t tell if you’re joking.

Typing passwords is bad. You shouldn’t have to type your passwords, especially if they’re 32 characters of random characters.

My work doesn’t allow password managers. So my work passwords are in 1Password. This is why I have to type them in. What other choice do I have? For these I use a pass phrase, so it’s not hard to type.

Tech198 · Jun 10, 2020

gplusplus said:
Typing passwords is bad. You shouldn’t have to type your passwords, especially if they’re 32 characters of random characters.

I can only think of one device that you must do this for still ..Apple TV. Login based steaming apps are not excluded..

Mr. Heckles · Jun 10, 2020

Tech198 said:
I can only tink of one device that you must do this for still ..Apple TV.

Nope, use the remote app and sometimes it will let you fill, others you just copy and paste.

gk4 · Jun 15, 2020

Mr. Heckles said:
Passphrase Are great when you have to manually type in the password, and yes, that is needed these days even with password managers. Again, if you can find John*Diamond-2-Titanic-Japan56 in a dictionary, let me know.

You ignored the actual important part of my comment.

You also haven't solved the key issue with passwords in that needing to remember them forces password reuse. Do you think you could reliably remember passwords for all your sites if they were comprised of 4 random words in a random order (so presumably, if they're actually random, these words would be different for every single website).

So if you want to use the example John*Diamond-2-Titanic-Japan56, are you going to remember 100 different random word passwords with random non alpha separators? Seems like you'd still need a password manager to manage that, and once you have introduced a password manager into the mix - why bother with words at all?

Mr. Heckles · Jun 15, 2020

gk4 said:
You ignored the actual important part of my comment.

So if you want to use the example John*Diamond-2-Titanic-Japan56, are you going to remember 100 different random word passwords with random non alpha separators? Seems like you'd still need a password manager to manage that, and once you have introduced a password manager into the mix - why bother with words at all?

What are you talking about? I said before I used a password a manager, so I have no reason to ever remember most of my passwords. I said in another post, my work doesn’t allow password managers at all, so I have no choice and I make it work. So all my work passwords are passphrases.

I just remembered another why a passphrase is also needed, Decrypting a computer (bitlocker on Windows for example). You want to put )(6*=kjhgtjbvcdderGHKlmngugv do this this, or this-IS-EASIER-to type-in-when-you-cant-use-a-7-password-manager?

Search

Search

Apple Launches Open Source Project to Let Password Management Apps Create Strong Passwords

4487549

Cancelled

ss2cire

macrumors 6502

Nütztjanix

macrumors 68000

gk4

macrumors regular

Mr. Heckles

macrumors 68000

gplusplus

macrumors 6502

Mr. Heckles

macrumors 68000

Nütztjanix

macrumors 68000

Tech198

Cancelled

gplusplus

macrumors 6502

Mr. Heckles

macrumors 68000

Tech198

Cancelled

Mr. Heckles

macrumors 68000

gk4

macrumors regular

Mr. Heckles

macrumors 68000

Our Staff