By “Amer Owaida”, Security Writer at ESET
Apple has released a set of open source tools that are aimed at helping developers of password managers create more secure passwords for their users. Called Password Manager Resources, the project mainly aims to tackle the problem that passwords generated by password managers often don’t match the requirements of the websites in question – a problem faced by people across all operating systems.
“Every time a password manager generates a password that is not compatible with a website, a person not only has a bad experience but a reason to be tempted to create their password,” said Apple on its GitHub page.
People who give in to such a ‘temptation’ may end up committing one of the cardinal password creation sins, such as recycling their password across multiple accounts or opting for easy-to-remember passwords. These are generally less safer than random strings generated by dedicated password management software.
The Cupertino tech giant expects the project to bring a three-fold benefit:
- Resource sharing can improve the quality of all password managers with less work than it would take an individual password manager to achieve the same outcome.
- Public documentation of website-specific behaviors can incentivize websites to use standards or emerging standards that will improve their compatibility with password managers.
- Improving the quality of password managers will improve user trust in them.
The list of tools includes password selection parameters used by popular websites – minimum and maximum password length, whether they require lower-case or upper-case letters, digits, and even special characters. This will allow password managers to generate passwords that are both secure and compatible with the websites.
Apple also included a list of websites that share “the same credential backend”, meaning that they share login credentials. For example, a user can use the same access details across different region-specific varieties of Amazon, or a chain like Marriott International can allow them to use the same credentials across its subsidiaries.
Furthermore, the company also included a list of “change password URLs”, which websites use to redirect users when they want to change their password. “To drive the adoption of strong passwords, it’s useful to be able to take users directly to websites’ change password pages,” added Apple.