How about making safari work properly so we dont have to constantly using Chrome as a fallback? The only reason I use Safari is integration with Apple Pay and Passwords-app.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Passwords Can Now Automatically Fix Weak and Compromised Passwords With Agentic AI
- Thread starter MacRumors
- Start date
- Sort by reaction score
TheDailyApple
macrumors 6502a
Sir_Macs_A_Lot
macrumors 6502a
Powerbooky
macrumors demi-god
"Apple" doesn't have full access, but the iPhone (or Mac) does as it already has in a way.
I find it more dangerous that a part of the OS has the ability to change several passwords in one go. This will make it very easy for criminals that just had stolen someone's phone to change a whole bunch of logins very quickly. I mean even the current iCloud password security method of one hour delay isn't flawless.
This is something I really want disabled permanently, especially for online financial services.
Last edited:
AriaAmaris
macrumors regular
I'm assuming if you do this it means your password data is being funneled through Google servers.
Unity451
macrumors 65816
Apple (and all tech companies) already know everything about you... they're just now giving you the privilege of benefitting from it.
If people are actually using a unique password for each service, then they should not have to change many passwords at the same time, which would make this feature largely useless.
Apart from that, I personally would not want to hand over something as critical as this to AI.
Apart from that, I personally would not want to hand over something as critical as this to AI.
Robert.Walter
macrumors 68040
Well. Like not much bc you have to initiate it. If it doesn’t store new p/w properly you can fish it out and put it in manually.
I kinda hope it does a log out and then log in with new password to show it works.
I could picture this being a genuinely useful and valuable feature for both technically inclined and novice types.
I auto-generate a strong password for every site and store it all in Passwords, but there are many old things that still have leftover, insecure passwords in them. They're not a bank or anything major--more like older forum logins--and I fix a few now and then manually, but having something to automate that process would be really great.
Likewise, for people who don't get the risks of insecure passwords, having something go and do that for them would hopefully make it frictionless enough to get at least some bad passwords out of circulation.
But... I can also picture this going horribly, disastrously wrong even if designed with the best intentions. Getting locked out is mostly a non-issue--the worst that should happen is you need to go through a password reset if something got screwed up and the AI ended up getting confused and telling the site your email address is the password or changing the password at the wrong site or something.
But unfortunately I can't go past should, into definitely won't--given how badly AI agents sometimes screw up, it's not particularly hard to imagine a badly-coded site and a slightly confused AI managing to tell the site that your new email address is your old password and your new password is your email address, effectively rendering you unable to get in at all. Probably rare, but with a company the size of Apple and the multitude of ways sites manage and mis-manage password change forms and methods, far from impossible.
More likely, though, is some catastrophic security issue or intentional breach where an attacker with sufficient access abuses the system to automatically reset every password you have and collect all the new ones, or a domain squatter or server-side attacker sets up the reset page to induce something malicious, or some other creative abuse I'm not even thinking of.
I believe Apple is serious about privacy and security, and I believe they have smart people who're working hard to make features like this actually good and safe, but I've seen enough go horribly wrong that it's going to take a lot to earn my trust.
I auto-generate a strong password for every site and store it all in Passwords, but there are many old things that still have leftover, insecure passwords in them. They're not a bank or anything major--more like older forum logins--and I fix a few now and then manually, but having something to automate that process would be really great.
Likewise, for people who don't get the risks of insecure passwords, having something go and do that for them would hopefully make it frictionless enough to get at least some bad passwords out of circulation.
But... I can also picture this going horribly, disastrously wrong even if designed with the best intentions. Getting locked out is mostly a non-issue--the worst that should happen is you need to go through a password reset if something got screwed up and the AI ended up getting confused and telling the site your email address is the password or changing the password at the wrong site or something.
But unfortunately I can't go past should, into definitely won't--given how badly AI agents sometimes screw up, it's not particularly hard to imagine a badly-coded site and a slightly confused AI managing to tell the site that your new email address is your old password and your new password is your email address, effectively rendering you unable to get in at all. Probably rare, but with a company the size of Apple and the multitude of ways sites manage and mis-manage password change forms and methods, far from impossible.
More likely, though, is some catastrophic security issue or intentional breach where an attacker with sufficient access abuses the system to automatically reset every password you have and collect all the new ones, or a domain squatter or server-side attacker sets up the reset page to induce something malicious, or some other creative abuse I'm not even thinking of.
I believe Apple is serious about privacy and security, and I believe they have smart people who're working hard to make features like this actually good and safe, but I've seen enough go horribly wrong that it's going to take a lot to earn my trust.
Last edited:
Robert.Walter
macrumors 68040
Veoronox
macrumors newbie
Yeah it reminds me of recent Meta/Instagram vulnrebility where people were able to take over accounts using the Ai agent.
Robert.Walter
macrumors 68040
The opt out is not pushing the button to initiate the change(s).
There is an open standard for .well-known URLs, if the site supports the 'change-password' url it probably makes doing this trivial. Note the Authors.
contacos
macrumors 603
I don't trust this. Apple cannot even get the password generating feature working correctly a lot of times to begin with. The amount of times I asked it for a secure password, proceeded in a registration process and the password was nowhere to be found and I needed to reset the password to login after completing a registration 😅 so annoying
It would be cool if there was an agent for deleting accounts and not just changing passwords Most of my accounts with "weak or compromised passwords" are on websites I don't use anymore.
Is there a way to attach files to accounts in the password app yet? Occasionally I'd like to keep an important PDF (like a scan of an ID) encrypted with its accompanying account.
Great feature. I certainly haven't kept up with the dozens of compromised or reused passwords.
My question is how it's able to tell the server it's doing that.
My question is how it's able to tell the server it's doing that.
usmaak
macrumors 65816
Well that's something that I'll be shutting off on day one.
Because I still use Windows for work, I keep my passwords in both Roboform and Apple Passwords. I don't need Apple Passwords updating my passwords because that will throw me out of sync with Roboform.
It's a cumbersome workflow but it's what I need for both operating systems.
Oh yeah, and I don't need Agent Apple messing with my passwords.
Because I still use Windows for work, I keep my passwords in both Roboform and Apple Passwords. I don't need Apple Passwords updating my passwords because that will throw me out of sync with Roboform.
It's a cumbersome workflow but it's what I need for both operating systems.
Oh yeah, and I don't need Agent Apple messing with my passwords.
Plutonius
macrumors G4
and if you have a subscription, Apple will even tell you what your new passwords are 🙂.
I don’t have sixty sites that need secure passwords. Even MacRumors falls into my don’t care category.
Check to make sure you don’t have a password associated to the wrong site or vice versa, or have multiple entries. My mom had this problem until I went through and cleaned everything up.
You can have a single password entry associated to multiple sites. For example, my Disney account is only in there once, but is associated to multiple sites where it’s used. I did not add it in or save it for each site individually.
Safari should do this for you automatically if you were to click on the key to show all your passwords when logging into a new site that doesn’t have a password saved yet. Pick the password you already have, and you’ll get asked if you want to add the site to the existing password.