Home iOS How to use iCloud Keychain to audit your passwords

How to use iCloud Keychain to audit your passwords


Reports of a massive 100 million account data leak at T-Mobile should encourage any Apple user to double-check password and account security. Here’s how to do that using Keychain.

iCloud Keychain to the rescue

Apple’s built-in password manager is called iCloud Keychain. It securely stores your saved account information such as account names and passwords across all your signed-in devices. It will automatically enter this information for you when you access an app or service.

It’s a useful tool to help manage better security habits. Many prefer to use cross-platform services such as LastPass, Dashlane, or 1Password for this task, though these services may themselves be vulnerable to attack.

Apple has iterated its password management tool since it was introduced. As of iOS 14, it now alerts you about the following security weaknesses:

  • Weak passwords: When you use a password that is widely used or easy to guess. Passwords are seen as easy to guess when they use words found in a dictionary or make use of common character substitutions, keyboard patterns, or sequences such as 1,2,3,4. You’ll also be told to change your password if you are using the same one to access multiple sites.
  • Leaked passwords: When a password has appeared in a data leak, such as the one recently revealed at T-Mobile. This system makes use of a continuously updated and curated master list of passwords known to have leaked. The password manager uses strong cryptographic techniques to check your passwords against lists of breached passwords in such a way as your own passwords are never shared.
  • Here is more information on how this works.

How to use iCloud Keychain

You set the system up in Settings>iCloud>iCloud Keychain on iOS devices, or System Preferences>Apple ID>iCloud>iCloud Keychain on Macs. Just toggle the feature to On.

Once you enable it, the keychain will gather your passwords across all your devices as you access websites and services during use.

Copyright © 2021 IDG Communications, Inc.