Apple Intelligence was announced at Apple’s Worldwide Developers Conference in Cupertino, California on June 10, 2024.
Source: Apple Inc.
Cybersecurity experts have long predicted the demise of online passwords as more advanced login features, from facial recognition to multi-factor authentication, become more common. But Apple seems to have acknowledged that passwords aren’t going away anytime soon. The new Passwords app, announced at Apple’s WWDC 2024 earlier this week, is another solution to help secure your online accounts and manage multiple logins. The fact remains that having all your login information in one place continues to carry risks.
“Passwords are really hard to get rid of,” says Andras Chell, vice president and principal analyst at Forrester.
The new Passwords app for iPhone, iPad, Vision Pro, Mac, and Windows allows users to store all their passwords including authentication codes, app passwords, Wi-Fi passwords, passkeys, etc. This feature is similar to other password managers on the market such as 1Password and LastPass.
“The power of a default solution like this and built-in password security shouldn’t be underestimated,” says Gadjo Sevilla, senior analyst at eMarketer. “It’s probably something that the majority of Apple’s customers will use because it’s convenient, it’s there, and it’s free.”
Passwords are a dangerous online security measure
But the fundamental concern about users relying on passwords as their default online security method remains the same.
“That’s the movement towards eliminating the need for password managers and moving towards push notification-based authentication, biometric authentication, or one-time passwords based on passkeys,” Cser said. “Moving away from passwords and not using free or upgraded password managers is probably the right message.”
Password hacking is on the rise IBM reports 71% increase It is predicted that in 2023, the number of attacks using valid passwords will increase compared to 2022. Apple, Google, and Microsoft are making moves to move more users to Passkey, which requires a face scan, fingerprint, or other code to verify login on another device the user owns. This eliminates the biggest cybersecurity risk: people tend to have very poor password hygiene, such as using the same password across multiple accounts, which, if that password is stolen, gives hackers access to all of their accounts.
Apple’s passkey system, Keychain, only applies to products with the company’s iOS operating system. The new password app includes compatibility with more systems, including Windows and various types of login authentication. The company clarifies that it won’t include Google or Android passwords across many accounts.
Password managers, like the Apple Passwords app, securely record your various passwords, passcodes, and login information for your secure accounts. They also provide an extra layer of protection. A Security.org study found that people who don’t use a password manager are three times more likely to become victims of identity theft. However, no manager, free or paid, can completely eliminate the risk.
“They’re just band-aids or wraparounds,” Cser said. “Passwords are so weak, they’re pretty much done for protecting any kind of app or resource or data. So no matter what tool you choose, aren’t you just putting everything in one basket?”
Apple did not respond to a request for comment by press time.
There are also concerns that if Apple holds all the digital keys to all its users’ passwords, users could be more vulnerable if the company is hacked, which is not impossible: Apple’s iCloud was hacked in 2014, exposing private photos of many celebrities; LastPass was hacked in 2022, but no customer data was stolen.
“The only security issue so far is that anyone who gets your Apple ID and password can access your iCloud Keychain or your Passwords app, because that’s the critical authentication needed to securely access your actual stored passwords,” Sevilla said.
Apple, Personal Data, and Privacy
Still, protecting reams of personal data is nothing new for Apple, which has a relatively good track record of building its brand around privacy. It has also taken a hard line against sharing information with unauthorized third-party apps. Previous changes since iOS 14.5 required users to opt-in to sharing data and blocked tracking apps, penalizing digital advertising companies like Facebook that rely on that information for ad targeting.
“Apple is a services company,” Sevilla said. “They have billions of credit card numbers. You can’t underestimate the effort they put into making sure that’s locked down. And it’s all tied to an Apple ID, an Apple password. So if they follow this example, they’re probably going to be considered a lot more secure than a standalone app.”
At WWDC, broader data-sharing issues were raised about Apple’s partnership with OpenAI, which it is using to give Siri access to ChatGPT. Some, including Elon Musk, have expressed concern that giving OpenAI access to Apple’s user data could be a potential security breach. OpenAI uses user data and behavior to train its AI models.
While that may be highly unlikely, given that users share their passwords with Apple and that Apple shares their data with OpenAI, cybersecurity experts say there’s at least a theoretical risk that OpenAI could use your login information to examine your personal data for training purposes.
Apple reiterated its commitment to data privacy at WWDC 24. The company’s foray into AI, Apple Intelligence, leverages cloud-based models on special servers using Apple Silicon to ensure the privacy and security of user data. When a request needs to be sent to a cloud server, Apple says it will send only limited data in an “encrypted” and secure manner.
“We’re not going to take that data and send it to the cloud somewhere,” John Giannandrea, Apple’s senior vice president of machine learning and AI strategy, said at the event, “because we want everything to be very private, whether it’s running locally or on a cloud computing service. That’s how we want to make sure we’re able to use your most personal data.”
