iCloud Keychain continues to improve with features that rival dedicated third-party password managers, and one of its most valuable capabilities is password monitoring.
If you’ve received a notification on your iPhone or iPad warning you that one of your saved passwords has appeared in a data leak, you’ve seen password monitoring in action.
Learn how your iPhone detects compromised passwords and what to do when it alerts you about one of your accounts.
How Your iPhone Monitors Saved Passwords
Password monitoring is a built-in feature of iCloud Keychain, which stores and auto-fills account information on your Apple devices. End-to-end encryption keeps your sensitive data hidden from everyone, including Apple. Unfortunately, your web accounts sometimes suffer data leaks that are out of your control. This can result in your usernames and passwords leaking in public data dumps.
Fortunately, iCloud Keychain’s password monitoring feature can detect when this happens and let you know.
According to Apple, your iPhone or iPad continuously checks the passwords you’ve saved in your Password AutoFill keychain against a list of passwords that have appeared in known leaks.
When one of your passwords matches a password found in a data leak, your iPhone will send you a notification with the title Compromised Passwords. It will also list that account in the Security Recommendations page in Settings.
It’s a frightening notification but remember: it doesn’t mean that someone has gained access to one of your accounts or even that someone is trying to log in. It simply indicates that your password has appeared in a data leak and, therefore, your account is vulnerable.
Practically, it means you should immediately change the password on the account or accounts in question to prevent potential security issues in the future.
How Secure Is Password Monitoring?
The idea of your iPhone regularly sending your passwords to Apple’s servers might sound scary, but your iCloud Keychain is already stored and end-to-end encrypted there. The password monitoring process uses some additional cryptography to share as little information as possible with Apple.
Some of the most popular password managers for iPhone include similar features that detect data leaks and weak passwords. Part of deciding which service to use—or if you should stick with Apple’s free, built-in option—is determining which company you trust most with some of your most sensitive data.
How to View Compromised Passwords and What to Do About Them
The easiest way to view your vulnerable accounts is to tap the Compromised Password notification, which opens the Settings app to the Security Recommendations page. However, you can easily go there anytime.
First, open the Settings app on your iPhone or iPad. Then, tap Passwords in the list and choose Security Recommendations above the list of saved passwords.
At the top, you’ll see a list of items labeled High Priority—this includes passwords that your iPhone knows have appeared in data leaks. They’re the accounts you should focus on securing first.
The bottom section, Other Recommendations, contains reused and weak passwords that haven’t appeared in leaks but could be stronger or more secure.
How to Manage Compromised Passwords in Your Keychain
To change the password for a vulnerable account, follow these steps:
- Open Settings and tap Passwords.
- Then, tap Security Recommendations.
- Choose the account you’d like to change.
- On the account detail page, tap Change Password on Website.
Your iPhone will open the related website, where you can log in by auto-filling your username and password.
Then, use the website’s account management tools to change your password. Tap the Use Strong Password option to accept the system’s randomly generated password suggestion. You could create a strong password yourself, but this feature takes the guesswork out of it and saves it automatically.
Know When to Change Leaked Passwords
Compromised password detection is a valuable feature of your iOS device’s built-in keychain. It’ll help you discover weak and reused passwords and alert you when your data is potentially at risk.
Beyond password monitoring, you’ll find even more reasons to consider using iCloud Keychain on your Apple devices to keep your accounts safe.
iCloud Keychain is built into every iPhone, iPad, and Mac device. Learn how to use it to log into websites, Wi-Fi networks, and more!
About The Author