Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Keychain alerts: passwords compromised

katbel

katbel

macrumors 68040
Original poster
Aug 19, 2009
3,879
36,238
Time to time Keychain is alerting me that one or more passwords are compromised and or seen in a data leak etc .
I'm talking about my iPad or iPhone Keychain pass in Settings. I don't use the iCloud Keychain, ever .
If I check my Safari passwords on my computer, there too there are compromised passwords. All those compromised pass are very old ones that I can't care less
Anyway I wonder how in a secure encrypted , "over the top private device", Apple can tell that one of my passwords has been compromised

Is Keychain an open book ?!
 
No it isn't.

What you're being told is that hackers have obtained your password from the site you were entering that password on. You should change your password on that website and, if you use the same password on other sites (you shouldn't), you should change those passwords there too.
 
  • Like
Reactions: surfzen21, _Mitchan1999, dyou and 2 others

Change weak or compromised passwords on iPhone

iPhone identifies weak and compromised passwords for you automatically.
support.apple.com

"iPhone can also securely monitor your passwords and alert you if they appear in known data leaks."

My guess is this is done securely on your phone. I assume the passwords have to be decrypted before they can be pasted into the password field on the website, and that Apple runs a quick check at that point.
 
  • Like
Reactions: kc9hzn
mblm85 said:

Change weak or compromised passwords on iPhone

iPhone identifies weak and compromised passwords for you automatically.
support.apple.com

"iPhone can also securely monitor your passwords and alert you if they appear in known data leaks."

My guess is this is done securely on your phone. I assume the passwords have to be decrypted before they can be pasted into the password field on the website, and that Apple runs a quick check at that point.
Click to expand...
But the passwords deemed compromised have not been used in ages
 
“Your device may also inform you of passwords that may have been compromised in a data leak.

This feature uses strong cryptographic techniques to regularly check derivations of your passwords against a list of leaked passwords in a secure and private way that doesn't reveal to Apple your accounts or passwords. Apple will send to your device a list of common passwords that are present in data leaks. For your passwords that are not in this list, your device will send information calculated from your passwords to Apple to check if the passwords may be present in a data leak. You will be warned about your passwords determined to possibly be in a data leak. Your actual passwords are never shared with Apple, and Apple does not store the information calculated from your passwords. You can disable this feature at any time by going to Settings > Passwords > Security Recommendations.”

Quoted from the help part of the password feature on iPhone
 
  • Like
  • Love
Reactions: chown33, TechnoMonk, schneeland and 3 others
mblm85 said:
I assume the passwords have to be decrypted before they can be pasted into the password field on the website, and that Apple runs a quick check at that point.
Click to expand...

Basically that^^.

Keychain data protection

The various Apple operating systems use differing mechanisms to enforce the guarantees associated with the different keychain protection classes.
support.apple.com

The actual password is never shared with Apple.

Password Monitoring

Password Monitoring matches passwords stored in the Password AutoFill Keychain against a continuously updated list of passwords known to have been leaked.
support.apple.com
 
  • Like
Reactions: heretiq, BigBlur, katbel and 2 others
I would go back on to those accounts one last time and use any 'Delete Account' option before zapping them from the keychain. I do that in case access gives the hackers any other useful info they can use against you. Not always possible and also likely that any data they hold has expired or is otherwise out of date.
 
  • Like
Reactions: chown33 and katbel
mblm85 said:
What you're being told is that hackers have obtained your password from the site you were entering that password on.
Click to expand...
I may be mistaken, but I don't think Apple cares about the site. They're only checking to see if your password was leaked anywhere.

For example, if someone uses MyAwesomePassword at leakedsite.com; and you also happen to be using MyAwesomePassword at notaleakedsite.com...you'll still get the warning even though it wasn't your account or site that got leaked. Still a good idea to change it though since that password is now in a database for robots to use when trying to brute force accounts.
 
BigBlur said:
I may be mistaken, but I don't think Apple cares about the site. They're only checking to see if your password was leaked anywhere.

For example, if someone uses MyAwesomePassword at leakedsite.com; and you also happen to be using MyAwesomePassword at notaleakedsite.com...you'll still get the warning even though it wasn't your account or site that got leaked. Still a good idea to change it though since that password is now in a database for robots to use when trying to brute force accounts.
Click to expand...
I don’t think it works quite that way. There’s no rule that passwords have to be a unique value on a given service, of course. It’s probably doing something like this: 1) look through public databases of data leaks, 2) if your email address is in the leak, 3) and your password in the leak is the same one you’ve still got in the Keychain or you’re using that same password on a different account, 4) show a warning. It can all be done locally, probably right at the moment you unlock Keychain (or whatever your password manager of choice is). (Presumably, some cache of compromised account data is stored on your local device, probably just those compromises tied to the email addresses you have stored in Accounts.)

There’s a separate function for warning about weak passwords (like Password123).
 
bogdanw said:
Similar threads:
https://forums.macrumors.com/threads/password-data-leak.2409266/
https://forums.macrumors.com/threads/should-i-be-worried.2298530/
https://forums.macrumors.com/threads/has-passwords-been-hacked.2406388/

Apple Support - Password security recommendations
https://support.apple.com/guide/security/sec7f0432063/web

My recommendation is to turn off Detect Compromised Passwords :)
Click to expand...
This Apple support article is probably more relevant to the thread discussion, but, warning, it’s pretty technical. It helps to have a solid grasp on cryptography. https://support.apple.com/guide/security/password-monitoring-sec78e79fc3b/1/web/1
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back