The Importance of Security

While passwords aren't thrilling, they consistently spark conversations and opinions. Thankfully, more individuals are recognizing the importance of online security and are opting for stronger, more varied passwords compared to the past.

Though there are excellent third-party password management apps, such as 1Password, they may not be necessary if you're fully integrated into the Apple ecosystem. Apple offers a built-in solution that can meet your needs effectively.

Understanding Keychain

Keychain is an encrypted vault that securely houses your usernames and passwords for your Mac, applications, servers, websites, and sensitive information. It not only stores passwords but also retains credit card details and bank PINs. Every Mac user has a login keychain, and the password for this keychain is the same as the one used for logging into your Mac.

Built-in Password Management

All your Apple devices—Mac, iPhone, and iPad—come with a native password generator and storage app known as iCloud Keychain. Over the years, Apple has significantly enhanced this application, making it secure, multi-layered, and user-friendly. Initially, Keychain functioned mainly as a background tool, occasionally offering password suggestions. However, its latest version actively scans for compromised passwords, alerts you about reused passwords, and provides two-factor authentication (2FA) keys through a dedicated settings menu.

If you use both Android and Apple devices, you might want to consider other options, but if you're exclusively an Apple user, keep reading.

iCloud Password Manager for iOS

The app is designed to be as unobtrusive as possible. When you visit a properly coded website or app, a prompt will appear instead of your keyboard. If you've already entered a username or email, the password will automatically populate from the Keychain. By default, this password will consist of at least twenty characters, including upper and lower case letters, symbols, and numbers.

You won't need to memorize this complex password; just accept the suggestion and ensure you select "remember login" when prompted. The next time you visit the site, both the username and password will autofill. For added security, it can suggest using Face ID or Touch ID to verify it's you entering the password.

These credentials sync across your iCloud devices with end-to-end encryption. If you want to view your stored passwords, it's easy: just go to System Settings > Passwords.

Personalizing Your Experience

Recently, I created a shortcut to the passwords app for easier access. Instead of navigating through settings each time, I added an icon to my home screen. To do this, go to Shortcuts > tap the + in the top right > rename the shortcut as "Passwords" > Add Action > Categories > Web > URL (at the bottom of the screen), and paste this command: prefs:root=PASSWORDS. To add it to your home screen, click the three dots > share > add to home screen. You can even customize the icon and color of the shortcut.

If you prefer a simpler method, you can always ask Siri to assist you.

Accessing Passwords on Mac

On your Mac, the go-to tool for managing passwords is Keychain Access. This application handles authentication certificates, passwords, and other security prompts. However, since macOS Monterey, it's easier to locate passwords within System Preferences/Settings.

The good news is that you don’t need to frequently access either Keychain Access or the Passwords app; in my experience, it simply works.

The Role of Two-Factor Authentication

Earlier, I mentioned that 2FA has been recently integrated into Apple's Passwords app. While they can be a nuisance, they add an essential layer of security. SMS-generated 2FA codes aren't as secure as those set up directly with a website.

To enable 2FA for a site, select the site in the Passwords app, choose Set Up Verification Code, and then Enter Setup Key. You can either scan a QR code with your iPhone or manually input the details into your password app.

Like passwords, the 2FA key will appear above the keyboard on compliant websites. Otherwise, you will need to copy and paste the code from the Passwords tool.

Envisioning a Password-less Future

Despite the best security measures, vulnerabilities will always exist with passwords. Apple, along with other tech giants, is looking to move beyond passwords. Passkeys have emerged as a potential solution.

At WWDC last June, Apple introduced passkeys as a new security standard to replace traditional passwords for account logins. Unlike passwords stored on servers, passkeys are saved locally on your device, making them less susceptible to attacks.

Based on the WebAuthn API, passkeys allow users to sign in using only Face ID or Touch ID. When accessing a website, the service sends a request to your device for authentication, combining enhanced security with convenience.

The Need for Evolution

While passwords have served as the standard for years, they are not without flaws. They are prone to cyber-attacks and data breaches. Passkeys, however, cannot be reused across different services and are stored on your device, eliminating the need for memorization. Since they aren’t kept on a central server, they are less vulnerable to phishing and breaches.

Insights from Apple Executives

In an interview with Tom’s Guide, Apple’s senior director of platform product marketing, Kurt Night, and VP of internet technologies, Darin Adler, expressed enthusiasm for the future. Adler highlighted the duality of passwords as both essential and vulnerable:

> “Passwords can be like a mixed bag — they are the key to protecting everything we do online, but they’re also one of the biggest attack vectors and security vulnerabilities users face today. Face ID and Touch ID verification will give you the convenience that biometrics can achieve with an iPhone. You don’t have to buy another device, but also you don’t even have to learn a new habit.”

Recognizing this shift, major websites like eBay, Best Buy, PayPal, and Nvidia are already making strides to be FIDO (Fast Identity Online) compliant.

Conclusion

While passwords may not be glamorous, their significance cannot be understated. Utilizing the built-in password management tools on your iOS device or Mac is a valuable New Year’s resolution. Although we aren't quite ready for a password-less society, the future is approaching rapidly, and improved online security is beneficial for everyone.

Stay Connected

Interested in receiving my weekly video newsletter? It’s free and easy to subscribe. Just provide your details here, and every Sunday, I’ll deliver a recap of the week to your inbox.

If you enjoy my daily articles and blogs, you can help support them! By clicking this link, you can join Medium to receive my blogs as soon as they’re published, along with email notifications. A simple click can make a significant difference for both of us!

And finally... I’m now on Vero—follow me [here](https://www.vero.co/dtalkingtech).

Originally published at https://talkingtechandaudio.com on January 3, 2023.