Apple announces open-source project for password manager developers
Apple on Friday announced a new open-source project to help password manager developers create stronger and better-compatible passwords for users.
The so-called Password Manager Resources initiative, one of several open-source Apple projects, allows password manager apps to integrate web-site specific requirements used by the iCloud Keychain password manager in their own apps.
According to the documentation, the goal is to have password app makers collaborate on development resources to improve quality, document website-specific behaviors and improve user trust.
Some of those resources include website behavior "quirks" including specific password guidelines and credential backends. For instance, it's frustratingly common for poorly-designed websites to only tell users that they have a specific maximum password length, or requirements for special characters, after the user has tried to enter one. Regular password managers have no way to know a site's rules either, so the strong passwords they create can then be rejected by the site.
As an example of the goal of the project, Apple is collecting data on specific password rules of certain sites — such as this use of special characters and length requirements — and allowing developers to integrate this data in their own apps.
"Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password," the document reads.
Other aspects of the project include data on websites that share a single sign-in system and webpages where users can change their passwords.
Apple is encouraging developers to incorporate data and other resources from the project into their own apps, with the only stipulation being that they share their own data and findings with the project.
The full details of the program, along with the actual code for use is apps, is available on Github.