The tech giant wants developers of password
managers to collaborate for better user experience and security
Apple has released a set of
open source tools that are aimed at helping developers of password managers
create more secure passwords for their users. Called Password Manager Resources, the project mainly aims to tackle the problem
that passwords generated by password managers often don’t match the
requirements of websites – a problem faced by people across all operating
systems.
“Every time a password
manager generates a password that isn’t compatible with a website, a person not
only has a bad experience but a reason to be tempted to create their password,”
said Apple on its GitHub
page.
People who give in to such
a ‘temptation’ may end up committing one of the cardinal
password creation sins, such
as recycling their
password across multiple
accounts or opting for easy-to-remember passwords. These are generally less
safe than random strings generated by dedicated password management software.
The Cupertino tech giant
expects the project to bring a three-fold benefit:
· Resource sharing can improve the quality of all
password managers with less work than it would take an individual password
manager vendor to achieve the same outcome.
· Public documentation of website-specific behaviors
can incentivize websites to use standards or emerging standards that will
improve their compatibility with password managers.
· Improving the quality of password managers will
improve user trust in them.
The list of tools includes
password selection parameters used by popular websites – minimum and maximum
password length, whether they require lower-case or upper-case letters, digits,
and even special characters. This will allow password managers to generate
passwords that are both secure and compatible with the websites.
Apple also included a list
of websites that share “the same credential backend”, meaning that they share
login credentials. For example, a user can use the same access details across
different region-specific varieties of Amazon, or a chain like Marriott
International can allow them to use the same credentials across its
subsidiaries.
Furthermore, the company
also included a list of “change password URLs”, which websites use to redirect
users when they want to change their password. “To drive the adoption of strong
passwords, it’s useful to be able to take users directly to websites’ change
password pages,” added Apple.
Further
reading:
5
common password mistakes you should avoid
People know reusing passwords is risky – then do it anyway
Security flaws found in popular password managers
People know reusing passwords is risky – then do it anyway
Security flaws found in popular password managers