For security reasons, we always recommend that you use a password manager like 1Password or LastPass to generate, store, and enter strong passwords in your Web browser. We hope you’ve been doing that because iOS 12 has a fabulous new feature that lets you enter passwords from third-party password managers in addition to iCloud Keychain. It makes logging in to Web sites—and iOS apps!—vastly easier than before.
Set Up AutoFill
To begin, you need to enable the feature. Go to Settings > Passwords & Accounts > AutoFill Passwords. Tap the AutoFill Passwords switch to turn the feature on, and select your password manager in the list below.
Two notes. First, the iOS app for your password manager must be installed for it to appear in the list. Second, although you can also allow iCloud Keychain to fill passwords, it’s not worth the extra confusion unless you have a lot of passwords stored only in iCloud Keychain.
Log In to a Web Site in Safari
Now it’s time to try the feature. Navigate to a Web site where you need to log in, and for which your password manager has stored your credentials. Then follow these steps:
- Tap in the username or password field.
- iOS 12 consults your password manager, and if it finds a username/password pair that matches the domain of the site, it displays the username for the site in a blue button or in the QuickType bar above the keyboard. Tap it, and unlock the password manager using your password, Touch ID, or Face ID. iOS fills in your credentials.
- Tap to continue the login process.
If you have multiple accounts for the same site, you may see several of them in the QuickType bar, but if the one you want doesn’t appear, or if none appear, tap the key icon to see all available passwords. If none are right even still, tap the name of your password manager at the bottom of the list to open and search it manually.
Log In to an App
The process of logging in to an app is often similar to logging in to a Web site, as with the Dropbox and Netflix apps, but iOS 12 doesn’t know how to match every app with an associated account in your password manager. For an app that iOS 12 can’t identify, like the Pixabay app, follow these steps instead:
- Tap in the username or password field.
- In the QuickType bar, tap the key icon to open your password manager.
- If necessary, unlock it with your password, Touch ID, or Face ID.
- Search in the password manager for the associated account.
- Tap the account to autofill it in the app’s login fields.
Password Manager Limitations
As welcome as iOS 12’s new support for password managers is, it’s lacking in two important ways:
- The autofill integration is limited to usernames and passwords, so if a site requires an additional field for login, you’ll have to enter that information manually. Similarly, it won’t enter credit card numbers or other information the password manager can autofill when used on a Mac.
- The password manager can’t automatically create new accounts or generate new passwords, as all password managers can do on the Mac. You can do both manually, but the process is so clumsy that it may be easier to wait and do it on a Mac later, or use an easily typed password temporarily until you can change it to something stronger on your Mac later.
Despite these annoyances, iOS 12’s support for third-party password managers is a huge step forward for anyone who wants quick access to the same login credentials on an iPhone or iPad.
Social Media: For those who rely on a password manager like 1Password or LastPass, iOS 12’s new support for third-party password managers makes it easier to log in to Web sites in Safari and iOS apps. Here’s how:
Have you gotten an email message whose Subject line says something like “Change your password immediately! Your account has been hacked.”? If not, it may be only a matter of time before you do. It’s a scary message, especially because it contains one of your passwords, some threats, and a demand for money. Worse, the password is likely one you’ve used in the past—how could the hacker have discovered it? Has your Mac really been taken over?
Relax. There’s nothing to worry about.
This “blackmail spam” has been making the rounds on the Internet recently—we’ve heard from several clients who have received it, and we’ve gotten copies too. The message purports to be from a hacker who has taken over your Mac and installed spyware that has recorded you visiting Web sites that aren’t exactly G-rated. The hacker also claims to have used your Mac’s camera to photograph you while you’re browsing said non-G-rated sites and threatens to share those pictures with your contacts and erase your drive unless you pay a ransom using Bitcoin.
This blackmail spam has raised so many pulses because it backs up its claims by showing a password that you’ve used in the past. Hopefully, it’s not one that you’re still using, because it was extracted from one of the hundreds of password breaches that have occurred over the past decade. Impacted Web sites include big names such as Yahoo, LinkedIn, Adobe, Dropbox, Disqus, and Tumblr—thieves have collectively stolen over 5.5 billion accounts. It’s all too likely that some old password of yours was caught up in one of those thefts.
Concerning as the message sounds, all the details other than your email address and password are completely fabricated. Your Mac has not been hacked. There is no malware spying on your every move. No pictures of you have been uploaded to a remote server. Your hard drive will not be erased. In short, you have nothing to worry about, and you should just mark the message as spam.
However, if you’re still using the password that appeared in the message, that is cause for concern. It means that any automated hacking software could break into the associated account, and it must be a weak password if the bad guys were able to decrypt it from the stolen password files. Go to Have I Been Pwned and search for your email address. If it shows up for any breaches, make sure you’ve changed your password for those accounts.
As always, we recommend that you create a strong, unique password for each of your Web accounts. The easiest way to do this is to rely on a password manager like 1Password or LastPass to generate a random password. Then, when you want to go back to that site, the password manager can log you in automatically. It’s easier and more secure.
If you’re still concerned about your passwords, call us and we can help you get started with stronger security practices.