IOS software
Swipe away your touchscreen troubles and rekindle your love of Apple’s mobile devices Password security
Q
Should I change all passwords that my iPhone reports as being potentially compromised, or is it being overcautious?
A
Checking the security of your passwords is new to iOS 14, and currently its only documentation is limited to bit.ly/mac364iospwds. It’s accessed in Settings, through Passwords > Security Recommendations, where you’ll find a list of stored passwords which could be vulnerable for a range of different reasons.
Apple doesn’t explain where it gets its lists of potentially compromised passwords from, but these are quite widely accessible through sites such as Have I Been Pwned? at haveibeenpwned.com/Passwords.
For each entry, iOS gives a basic explanation as to why it considers using that particular password isn’t advisable, then provides options to change that password on its website, or delete it.
Passwords checked include all in your keychain, which is likely to be more than used by Safari, and is sure to include many old and disused ones which you’d probably forgotten about. When you get a chance, work steadily through its list, deleting those which aren’t used any more to bring order to your keychain, but note that there’s no undo.
Not all passwords need to be completely secure. Think of what each protects: if it’s just access to the private section of a website, that doesn’t need to be as robust and hacker-proof as the password protecting your Apple ID and iCloud. You may also need to enter some manually, in which case they need to be memorable and easily typed in.