iOS 12 Supports Password Managers for Faster Password Filling

For security reasons, we always recommend that you use a password manager like 1Password or LastPass to generate, store, and enter strong passwords in your Web browser. We hope you’ve been doing that because iOS 12 has a fabulous new feature that lets you enter passwords from third-party password managers in addition to iCloud Keychain. It makes logging in to Web sites—and iOS apps!—vastly easier than before.

Set Up AutoFill

To begin, you need to enable the feature. Go to Settings > Passwords & Accounts > AutoFill Passwords. Tap the AutoFill Passwords switch to turn the feature on, and select your password manager in the list below.

Two notes. First, the iOS app for your password manager must be installed for it to appear in the list. Second, although you can also allow iCloud Keychain to fill passwords, it’s not worth the extra confusion unless you have a lot of passwords stored only in iCloud Keychain.

Log In to a Web Site in Safari

Now it’s time to try the feature. Navigate to a Web site where you need to log in, and for which your password manager has stored your credentials. Then follow these steps:

  1. Tap in the username or password field.
  2. iOS 12 consults your password manager, and if it finds a username/password pair that matches the domain of the site, it displays the username for the site in a blue button or in the QuickType bar above the keyboard. Tap it, and unlock the password manager using your password, Touch ID, or Face ID. iOS fills in your credentials.
  3. Tap to continue the login process.

If you have multiple accounts for the same site, you may see several of them in the QuickType bar, but if the one you want doesn’t appear, or if none appear, tap the key icon to see all available passwords. If none are right even still, tap the name of your password manager at the bottom of the list to open and search it manually.

Log In to an App

The process of logging in to an app is often similar to logging in to a Web site, as with the Dropbox and Netflix apps, but iOS 12 doesn’t know how to match every app with an associated account in your password manager. For an app that iOS 12 can’t identify, like the Pixabay app, follow these steps instead:

  1. Tap in the username or password field.
  2. In the QuickType bar, tap the key icon to open your password manager.
  3. If necessary, unlock it with your password, Touch ID, or Face ID.
  4. Search in the password manager for the associated account.
  5. Tap the account to autofill it in the app’s login fields.

Password Manager Limitations

As welcome as iOS 12’s new support for password managers is, it’s lacking in two important ways:

  • The autofill integration is limited to usernames and passwords, so if a site requires an additional field for login, you’ll have to enter that information manually. Similarly, it won’t enter credit card numbers or other information the password manager can autofill when used on a Mac.
  • The password manager can’t automatically create new accounts or generate new passwords, as all password managers can do on the Mac. You can do both manually, but the process is so clumsy that it may be easier to wait and do it on a Mac later, or use an easily typed password temporarily until you can change it to something stronger on your Mac later.

Despite these annoyances, iOS 12’s support for third-party password managers is a huge step forward for anyone who wants quick access to the same login credentials on an iPhone or iPad.

What To Do if You Get Blackmail Spam Containing an Old Password

Have you gotten an email message whose Subject line says something like “Change your password immediately! Your account has been hacked.”? If not, it may be only a matter of time before you do. It’s a scary message, especially because it contains one of your passwords, some threats, and a demand for money. Worse, the password is likely one you’ve used in the past—how could the hacker have discovered it? Has your Mac really been taken over?

Relax. There’s nothing to worry about.

This “blackmail spam” has been making the rounds on the Internet recently—we’ve heard from several clients who have received it, and we’ve gotten copies too. The message purports to be from a hacker who has taken over your Mac and installed spyware that has recorded you visiting Web sites that aren’t exactly G-rated. The hacker also claims to have used your Mac’s camera to photograph you while you’re browsing said non-G-rated sites and threatens to share those pictures with your contacts and erase your drive unless you pay a ransom using Bitcoin.

This blackmail spam has raised so many pulses because it backs up its claims by showing a password that you’ve used in the past. Hopefully, it’s not one that you’re still using, because it was extracted from one of the hundreds of password breaches that have occurred over the past decade. Impacted Web sites include big names such as Yahoo, LinkedIn, Adobe, Dropbox, Disqus, and Tumblr—thieves have collectively stolen over 5.5 billion accounts. It’s all too likely that some old password of yours was caught up in one of those thefts.

Concerning as the message sounds, all the details other than your email address and password are completely fabricated. Your Mac has not been hacked. There is no malware spying on your every move. No pictures of you have been uploaded to a remote server. Your hard drive will not be erased. In short, you have nothing to worry about, and you should just mark the message as spam.

However, if you’re still using the password that appeared in the message, that is cause for concern. It means that any automated hacking software could break into the associated account, and it must be a weak password if the bad guys were able to decrypt it from the stolen password files. Go to Have I Been Pwned and search for your email address. If it shows up for any breaches, make sure you’ve changed your password for those accounts.

As always, we recommend that you create a strong, unique password for each of your Web accounts. The easiest way to do this is to rely on a password manager like 1Password or LastPass to generate a random password. Then, when you want to go back to that site, the password manager can log you in automatically. It’s easier and more secure.

If you’re still concerned about your passwords, call us and we can help you get started with stronger security practices.

Have Your Online Passwords Been Stolen? Here’s How to Find Out.

Data breaches have become commonplace, with online thieves constantly breaking into corporate and government servers and making off with millions—or even hundreds of millions!—of email addresses, often along with other personal information like names, physical address, and passwords.

It would be nice to think that all companies properly encrypt their password databases, but the sad reality is that many have poor data security practices. As a result, passwords gathered in a breach are often easily cracked, enabling the bad guys to log in to your accounts. That may not seem like a big deal—who cares if someone reads the local newspaper under your name? But since many people reuse passwords across multiple sites, once one password associated with an email address is known, attackers use automated software to test that combination against many other sites.

This is why we keep beating the drum for password managers like 1Password and LastPass. They make it easy to create and enter a different random password for every Web site, which protects you in two ways.

  • Because password managers can create passwords of any length, you don’t have to rely on short passwords that you can remember and type easily. The longer the password, the harder it is to crack. A password of 16–20 characters is generally considered safe; never use anything shorter than 13 characters.
  • Even if one of your passwords was compromised, having a different password for every site ensures that the attackers can’t break into any of your other accounts.

But password security hasn’t always been a big deal on the Internet, and many people reused passwords regularly in the past. Wouldn’t it be nice to know if any of your information was included in a data breach, so you’d know which passwords to change?

A free service called Have I Been Pwned does just this (“pwned” is hacker-speak for “owned” or “dominated by”—it rhymes with “owned”). Run by Troy Hunt, Have I Been Pwned gathers the email addresses associated with data breaches and lets you search to see if your address was stolen in any of the archived data breaches. Even better, you can subscribe to have the service notify you if your address shows up in any future breaches.

Needless to say, you’ll want to change your password on any site that has suffered a data breach, and if you reused that password on any other sites, give them new, unique passwords as well. That may seem like a daunting task, and we won’t pretend that it isn’t a fair amount of work, but both 1Password and LastPass offer features to help.

In 1Password, look in the sidebar for Watchtower, which provides several lists, including accounts where the password may have been compromised in a known breach, passwords that are known to have been compromised, passwords that you reused across sites, and weak passwords.

LastPass provide essentially the same information through its Security Challenge and rates your overall security in comparison with other LastPass users. It suggests a series of steps for improving your passwords; the only problem is that you need to restart the Security Challenge if you don’t have time to fix all the passwords at once.

Regardless of which password manager you use, take some time to check for and update compromised, vulnerable, and weak passwords. Start with more important sites, and, as time permits, move on to accounts that don’t contain confidential information.

Subscribe To Our Newsletter
Join our mailing list to receive the latest news and special offers from our team.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and special offers from our team.

You have Successfully Subscribed!

Pin It on Pinterest