Despite the raise of two - factor assay-mark , watchword security remain a top precedency . Unless your password is unique , relatively long , and has n’t been found in a database breach as evident text , you should plausibly change it . For some sites , you might not have changed the password in years – or ever . ( Conversely , if any password for a given site you apply is unique , foresightful , and unbreached , there ’s no valid ground to change it . )
Apple offers a instrument to avail you fix your worst passwords . Security Recommendations can be find in iOS / iPadOS inSettings > word . In macOS , determine it inSystem options > Passwords(Ventura ) ; orSystem Preferences > Passwords(Monterey ) ; orSafari > Preferences / options > Passwords(all macOS versions ) . It ’s easiest to bring off on macOS , so the examples below do from Ventura .
The recommendations are divided into High Priority Recommendations and Other Recommendations . For me , I had 18 in the former category and 68 in the other . ( If you do n’t have any High Priority Recommendations , it may just show a list . ) It ’s not light why Apple advertise some entries into the high - precedency category . With my account , point listed as high-pitched precedence include a financial site , a administration ( .gov ) website , and several Apple sites . The other sites included do n’t needs have anything in vernacular – possibly the gruffness of the parole or how commonly used a word in the password was .
Warnings listed by Apple
Here ’s what you ’ll see as warnings in both gamey - precedency and stock - priority accounting entry :
Commonly used password : password identify as commonly used come from the event of years of password leaks . Passwords used by many citizenry can now be well find on the cyberspace by anyone , much less criminals or other attacker . Apple notes , “ Many people use this password , which makes it easy to guess . ” I ’ve found a numeral of test bill in this category — accounts I set up and never used or that were dress up for me temporarily . The watchword have been as poor as the letteraand the wordpassword . ( These matches are made via data Apple stores on your computer . )
Crackers who gain access to an score database that miss right forward-looking protections that render very passwords as unequalled cryptographically hidden entry will run a list of the most commonly breached passwords first . This lease them find low - hanging fruit .
usually used Christian Bible . Apple warns you if you ’re using a common word , one that ’s short and in frequent use in your language . Password cracker used to run through common words to crack passwords ; that may be outdated because of changes in how passwords are store . But it ’s still unwise to have a word that ’s all or mostly a common word .
Database leaks . Passwords specifically found in database leaks , whether mutual or not . Apple ’s account is that “ This password has come out in a datum making water , which position this account at high peril of compromise . ” These matches are made remotely by Apple against data point from rupture compiled by reputable security root that Apple has licensed , take , and stash away using a apt cryptographic approach that foreclose them from transmitting your exact password . Their list contains 1.5 billion word . you may choose out , however , by disabling Detect Leaked Passwords .
People undertake to discover into accounts will also use less commonly chance parole depending on the computational resources they have available . If a password you use ( you alone or also by other masses in the public ) has ever leaked as evident text edition , you ca n’t be sure that someone ca n’t attack your chronicle with it .
recycle password . Apple notes this for passwords that you apply across multiple sites . The text say , “ You ’re reprocess this password on “ land “ , which increases the risk to this accounting if your “ domain ” report is compromised . ”
Once , it was common wiseness to plunk a strong watchword – at the time , one that was a random sequence of 8 characters , by and by as long as 12 – and use it everywhere . The advice was to change it from time to sentence . That advice expired long ago . Now , you should employ a password manager , like the built - in one in Apple ’s operating systems , to make and store a unique , foresighted countersign for every website and service at which you register .
How to upgrade your password quality
Apple has a shortcut that lets you switch a decrepit or compromised parole quickly . For high - antecedency entries , clickChange Password on Website ; for other entries , first come home the entrance and then clickChange Password on Website .
This may take you to the alteration parole or account - management page on the internet site . Apple make grow a spec that allows a internet site operator to put a especially format file ( or use a script to do the same ) athttps://example.com/.well-known/change-passwordthat redirects to the correct pageboy . If that location exists , cluck theChange Password on Websitebutton takes you to the ripe blot ; if not , it contract you to the internet site ’s home page . ( If you run a site of any sizing , it ’s very easy to go down up . )
If you change the word on the site using Safari , you ’ll be prompt to revise your stored word in the keychain .
you may also modify the watchword directly in place and then copy and paste it into a web site . you may clickEditand then clickCreate Strong Password , and the parole manager generate a new , better one . However , you might need theoldpassword to enter – so make a note of the old password first before update it .
This Mac 911 clause is in response to a enquiry submitted by Macworld reader François .
Ask Mac 911
We ’ve compiled a list of the questions we get asked most frequently , along with resolution and link to columns : read our super FAQ to see if your inquiry is covered . If not , we ’re always looking for new problem to lick ! e-mail yours tomac911@macworld.com , including sieve captures as appropriate and whether you desire your full name used . Not every question will be answer , we do n’t reply to e-mail , and we can not allow direct troubleshooting advice .
