You Have No Excuse for Crappy Passwords Anymore

By Andrew Couts on at

The password itself is crappy. It’s a fundamentally flawed mechanism for securing our accounts and data that should have died long ago. That means poorly crafted passwords are doubly bad. But with the release of iOS 12 and recent updates to Android, truly terrible passwords—your 123456, facebookpassw0rd, or dEadP3tsnAme—have lost all reason to exist.

Apple on Monday released its latest mobile OS update, which includes what may ultimately be its most consequential feature: Password Autofill. With the feature enabled, you can automatically enter passwords across your apps and the web using FaceID, TouchID, or your pin. This feature expanded beyond the confines of Safari in iOS 11, allowing you to autofill passwords stored in your iCloud Keychain across apps and websites. But the updated feature is vastly improved in iOS 12. It now works with third-party password managers, which have helped make strong personal security easier for years. And from my brief time using the feature, it just works better overall—I’ve only had to copy-paste a few updated passwords on apps that are slow to get with the program.

Of course, Apple was not the first to add such a feature: Google introduced third-party password manager integration into Android back in April. That means the two most popular mobile operating systems now make it as easy as it’s ever been to create, maintain, and use strong passwords. It’s never your fault if you get hacked. But if you’re still not using hard-to-crack passwords—for example, 0tu!mqGK*yKoYfcE81HXMAtz&JXdOT (please, please don’t use that one)—after the iOS and Android updates, you’re not even really trying to avoid it.

Respected password managers including 1Password, LastPass, Keeper, and Dashlane now seamlessly integrate with iOS 12's Password Autofill through an API. This means you’re not limited to using Apple’s keychain, and you can keep all your passwords stored in one place on your iPhone, iPad, and PC—even if you use Windows, Android, or another platform. If you’re making the most of this feature, it means you never need to remember your passwords, craft them yourself, or even know what they are in the first place.

Password managers don’t just store your passwords. They also auto-generate strong passwords for you. This is key to ridding your life of shitty login credentials. People often craft easily crackable passwords simply as a matter of convenience and then reuse those crap passwords across multiple accounts, thus giving attackers an easy way into all the locked corners of their digital lives. (iOS 12 also tells you which passwords you’ve reused, by the way.) So password managers largely remove the need to create passwords and remember them, and the iOS and Android integrations take it the rest of the way.

Unless you exclusively use Apple products, I’d recommend using one of the third-party password managers, which will easily work across platforms. While 1Password, Keeper, and Dashlane all work well, I personally like the free version of LastPass, which I use through a Chrome extension and a mobile app. If you create and save a password on one platform, it saves them across every version of the app. (iCloud Keychain works well for iPhones and Macs, but not so much on Windows or Android machines, which can be limiting for some people.) LastPass already made password management pretty easy, but I still found myself having to log into the LastPass app, find the password I’m looking for, copy it, and finally paste it into whatever app or website I’m trying to access. Now that it’s fully integrated with Password Autofill, it’s so easy I essentially never have to think about it. I just look at my iPhone X, zap my mug with FaceID, and I’m in. That is exactly how easy cybersecurity should be.

There is one flaw to all this: If you already use shitty passwords—and unless you’ve made a point to craft long, complex passwords that you never duplicate for multiple uses, just assume you do—you’re going to have to change all of your passwords. It’s terrible and I’m sorry, but that’s the deal. The good news is, by using a password manager, you’ll more or less automatically have it accessible on all your devices after you do it on one.

Here’s how this process might look if you’re an iPhone user just getting started with a password manager. You could sign up for LastPass—which will, ironically, require you to create a strong password you do need to remember to access your stored passwords—install the browser extension, and head to, say, facebook.com. Go to settings to reset your password. Enter your old password. In the new password box, click the LastPass lock-and-arrow icon that should automatically appear. Click the “generate and fill” button that pops up, and LastPass will create the new password (use the “advanced features” option to customise as you see fit). Click “OK” on the LastPass pop-up prompt. On your iPhone, download the LastPass app, log in, and allow it access to FaceID. Go to Settings > Passwords & Accounts > AutoFill Passwords; set the toggle to on, and tap the LastPass option to integrate it with Password Autofill.

If you don’t already have two-factor authentication enabled, now’s a good time to do that. Also, if you have login credentials for accounts stored in both iCloud Keychain and your third-party password manager, you’ll have to make sure both are updated, which might involve some copy-pasting.

And that’s, uh, it.

Okay, the process isn’t without its pains. But the iOS 12 and Android autofill features take a lot of the headache out of creating and maintaining good passwords. And you don’t have to change every password at once. If you focus on the most sensitive accounts first and chip away at it, you’ll be rocking good security practices in no time.

Fact is, the password still needs to die. Nobody has created a widespread, viable solution to knocking it off entirely just yet. That means we’re all still on the hook for our own personal security through the passwords we choose to use. There are still plenty of ways for you to get hacked even if you use strong passwords. But by integrating with password managers and burying logins beneath an extra, super simple autofill solution, Google and Apple have at least begun the serious work of digging the password’s grave.