Apple has a new open source project to help improve password security
Apple has launched a new open source project designed to promote collaboration between the developers of password management software to help improve security for users.
The Password Manager Resources project has been created to make it easier for the developers of password managers to work together to ensure interoperability with websites, and to create a better experience for users. The aim is to integrate the strong password generating capabilities of the iCloud Keychain platform into password management apps.
- Apple releases macOS Catalina 10.15.5 with new battery extending feature
- Apple's new 13-inch MacBook Pro comes with the much-improved Magic Keyboard
- Coronavirus pandemic means Apple will probably delay the next iPhone release
In a post on its developer website, the company says: "Apple has created a new open source project to help developers of password managers collaborate to create strong passwords that are compatible with popular websites. The Password Manager Resources open source project allows you to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords. The project also contains collections of websites known to share a sign-in system, links to websites' pages where users change passwords, and more".
The project is available on GitHub, and Apple explains the various "quirks" (hard-coded, website-specific workarounds for problems) that the project aims to address:
- Password Rules: Rules to generate compatible passwords with websites' particular requirements.
- Websites with Shared Credential Backends: Groups of websites known to use the same credential backend, which can be used to enhance suggested credentials to sign into websites.
- Change Password URLs: To drive adoption of strong passwords, it's useful to be able to take users directly to websites' change password pages.
It is hoped that by getting developers to collaborate more, these quirks can be eliminated. Apple explains the reason behind wanting to improve the password rule experience:
Many password managers generate strong, unique passwords for people, so that they aren't tempted to create their own passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.
Find out more about the Password Manager Resources project on GitHub.