The new Apple iPhone app demonstrates the difficulty of eliminating online passwords.

• Despite predictions from tech experts that online passwords will become obsolete, Apple recently unveiled its own password manager at its WWDC.
• Online login management tools are the focus of niche businesses, with companies like 1Password and LastPass leading the way.
• While Apple's Passwords app is free and convenient, cybersecurity experts suggest that push notification-based authentication, biometrics, or passkeys are a better solution for the future.

Apple has acknowledged that the online password is not going away anytime soon, despite predictions from cybersecurity experts. Its new Passwords app, unveiled at WWDC 2024, is another solution to safeguard online accounts and manage multiple logins. However, the app does not eliminate the risks associated with storing all logins in one place. According to Andras Cser, Forrester vice president and principal analyst, "Passwords are really hard to get rid of."

The new Passwords app for iPhone, iPad, Vision Pro, Mac, and Windows allows users to securely store all their passwords, including verification codes, app passwords, Wi-Fi passwords, and Passkeys. This feature is similar to other password managers on the market, such as 1Password and LastPass. According to Gadjo Sevilla, eMarketer senior analyst, having a default solution like this with password security built-in is powerful and will likely attract many Apple customers. The convenience of having the feature readily available and being free is also likely to entice users.

Passwords are a risky online security method

The issue with relying on passwords as the primary online security method remains unchanged.

"The solution is to eliminate the need for password managers and switch to one-time passwords based on push notification-based authentication, biometrics, or passkeys," Cser advised. "Moving away from passwords is the correct message, not using free or upgraded password managers." Password hacking is on the rise, with IBM reporting a 71% increase in the number of attacks using valid passwords in 2023 compared to 2022. Apple, Google, and Microsoft have made moves to migrate more users to passkeys, which requires another device owned by the user to verify the login through face scans, fingerprints, or other codes. This helps eliminate the biggest cybersecurity risk: people tend to have very poor password hygiene, including using the same password across accounts, which means if that password is stolen, the hacker would have access to all of them.

Apple's Keychain system is only compatible with its iOS operating system, while the new Passwords app now supports Windows and various login verification methods. The company has not announced plans to include Google or Android passwords, which would cover a significant number of accounts.

Password managers, such as the Apple Password app, securely store different passwords, passcodes, and logins under a single account. They also provide an added layer of protection, as research from Security.org found that those without password managers are three times more likely to be victims of identity theft. However, both free and paid versions of password managers do not completely eliminate risk. According to Cser, passwords are no longer effective in protecting apps, resources, and data, and using password managers simply puts all your eggs in one basket.

Apple did not respond to a request for comment by press time.

If Apple holds all the digital keys to everyone's password, it could make people more vulnerable if the company is hacked, as anyone who gets their Apple ID and password would gain access to their iCloud Keychain or Password app, which is the key authentication needed to safely access stored passwords.

Apple, personal data, and privacy

Protecting personal data has been a longstanding practice for Apple, and it has built its brand around privacy. The company has a strict policy against sharing information with unauthorized third-party apps. Recent changes, such as those introduced with iOS 14.5, have required users to opt-in to data sharing and blocked tracking applications, which has negatively impacted digital advertising companies that rely on that information for ad targeting, like Facebook.

Sevilla stated that Apple is a services company with billions of credit card numbers tied to Apple IDs and passwords. As such, they put a significant amount of effort into securing this data. Following this example, Apple could be seen as more secure than standalone apps. However, broader data sharing issues were raised at WWDC regarding Apple's partnership with OpenAI, which allows Siri to access ChatGPT. Some, including Elon Musk, have expressed concern that allowing OpenAI access to Apple user data could be a potential security violation, as OpenAI uses user data and behavior to train its AI models.

There is a theoretical risk that OpenAI could access personal data through shared logins with Apple for its learning purposes.

At WWDC 24, Apple reaffirmed its dedication to safeguarding user data privacy. Apple Intelligence, its new AI initiative, will utilize cloud-based models on specialized servers powered by Apple Silicon to maintain the confidentiality and security of user data. If a request must be sent to a cloud server, Apple guarantees that only a limited amount of data will be transmitted in a "cryptographically" secure manner.

"John Giannandrea, Apple senior vice president of Machine Learning and AI Strategy, stated at the event that the company will not send data to a cloud service. Instead, they want to keep everything private, whether it's running locally or on a cloud computing service, in order to use the most personal data."