Apple's password app

Martin Shelton

Principal Researcher

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

Illustration by Freedom of the Press Foundation. (CC BY 4.0)

In the news

In the hope of simplifying how customers can log into apps and websites, Apple has announced it will offer a new Passwords app in its upcoming versions of iOS 18, iPadOS 18, and macOS 15. This application would operate very similarly to a traditional password manager app like 1Password, Bitwarden, and others, allowing users to automatically generate and store unique, random passwords and then automatically fill them out when logging in. Apple already provides a tool with similar offerings (iCloud Keychain) that appears in settings and when logging into a website, but the Passwords app may help users find these features more efficiently. Read more here.

Get Notified. Take Action.

What you can do

  • We know most people reuse passwords. The problem is, so do internet hooligans who will wait until your password is breached on one website and then try it out on countless others. This is why password reuse is not ideal. To prevent password reuse, password managers are key (ba dum tss). If you already happen to use Apple devices exclusively, the upcoming Passwords app may make a lot of sense for you. However, if you want to randomize passwords, or sync them on Android and other environments, it might make more sense to look into a password manager that will work on all major operating systems and browsers. Read our guide to choosing a password manager.
  • While you’re at it, make sure you enable two-factor authentication on your favorite apps and websites. When someone attempts to log into an app or website with two-factor authentication enabled, it will require a second piece of information beyond your password, such as a six-digit code sent to your mobile device, before they can access your data. Read our guide to getting started with two-factor authentication.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Martin

Donate to support press freedom

Your support is more important than ever.

Read more about Digital Security Digest

Beware fraudulent CrowdStrike emails

Last Friday, computer systems worldwide were taken down by a defective update from enterprise cybersecurity vendor CrowdStrike. In the wake of the outage, the U.S. Cybersecurity and Infrastructure Agency is warning of phishing emails, with attackers posing as CrowdStrike customer support.

What to do about AT&T breach

Around 110 million AT&T subscribers were affected by a data breach from May 1 to Oct. 31, 2022, TechCrunch reported.

Massive Authy leak, plus Proton Docs

The parent company for Authy, an application for two-factor authentication, has issued a critical security update to its Android and iOS users. According to BleepingComputer, hackers utilized leaked phone numbers from past data breaches to identify up to 33 million Authy users.