The Passwords app

The Passwords app

The Passwords app was introduced in iOS and iPadOS 18 and updates a feature formerly known as iCloud Keychain. If you are using iOS 17 or earlier please use Apple's iPhone or iPad User Guides for your version to learn about Keychain. Keychain is broadly similar to the Passwords app but lacks its ability to handle wi-fi passwords and to act as an authenticator ahich avoids the need for those One Time Passwords sent by text or email. If you used iCloud Keychain in an earlier version of iOS, all the passwords saved there will be available in the new Passwords app when you upgrade to iOS 18.

Passwords, passkeys and Sign in with Apple

User names and passwords are a problem for all IT users and they present even more serious problems for IT users with sight loss.  It isn't usually possible to enter user names or passwords using dictation and many users find typing complex passwords on iPhone and iPad keyboards difficult, slow or even impossible. Users with sight loss are often tempted to try to use passwords which are easy to type and remember and, of course, these will also be easy for others to guess. Worse, people are often tempted to use the same password, one they can remember, on multiple websites. This is bad practice since, if one website is compromised or a hacker learns one of your passwords through a scam like an email with a fake website login, then the hacker has your password for several websites. The best passwords are ones that even you can't remember. Your iPhone or iPad can offer random, strong passwords for you to use when signing in for the first time and these will be saved by the Passwords app so that you do not need to remember them.

Some websites and apps now offer a recent alternative to passwords called passkeys which is more secure than traditional passwords. Passkeys aren't offered by every online service yet but, if a passkey option is available, it is a more secure and simpler option than a traditional password. The process for creating a passkey varies between services but the steps should be simple to follow. Once a passkey is created automatically by your device it is saved by the Passwords app, shared with all your Apple devices and can be used to sign in with passkey on any of your Apple devices. The sign in will request FaceID, TouchID or the device passcode to sign in with passkey. If you create a passkey then the website or app trusts your device to prove that it's you. Passkeys are an excellent choice if all your computing is on Apple devices but may be less convenient if you use other devices such as a Windows PC.

Many web sites and apps now offer the option to sign in using other services such as Facebook and Google. This option trusts those services to have verified your identity and requires no further verification. Sign in with Apple, this may be called Continue with Apple, will normally also be offered on your Apple devices. If this is available when you first register on a new app or web site it is a great choice that won't require you to create yet another password or passkey and will automatically supply much of the information required by the website or app to complete your initial sign up. Once you have signed up, you can select Sign in with Apple or Continue with Apple on any Apple device to sign in to a website or app. If Sign in with Apple is offered by a new website or app, I recommend you use this if all of your use of that website or app will be on Apple devices. If you need to use the website or app on non-Apple devices too, then it may be best to create a password. 

How the Passwords app can help

The Passwords app helps by remembering all your user names, passwords and passkeys for apps, websites and wi-fi networks, storing them securely and filling them in automatically for you when they are requested. It also lists the apps and websites for which you have used sign in with Apple. The Passwords app can be used on iPhones, iPads, Macs and is also available on Windows. So long as you haven't turned off Passwords & Keychain in Settings / iCloud, everything stored in the Passwords app will be stored securely in iCloud and will automatically be available on all your devices.

Before you start using the Passwords app

You shouldn't use the Passwords app on a device that has inadequate security. Some of the recommendations below may be optional but I strongly recommend them all. Most readers will have already set up their device securely but please take a moment to check the recommendations.

You should have a passcode set and either TouchID or FaceID set up.  You will need to supply TouchID, FaceID or the passcode before viewing or auto-filling passwords.  Even if you have a passcode and TouchID or FaceID set up, please take a moment to consider your passcode. Your passcode can be four digit, six digit, or a mix of letters and digits of a length of your choice.  Some people use a passcode that is easy to remember and enter, such as 1234. When that passcode was first set, the phone or tablet would have advised the user to change it but would have allowed the insecure passcode if the user chose to ignore the warning.  If you have a passcode that is easy to guess, then please change it before setting up Keychain. Apple suggest a 6 digit passcode, but some users with sight loss prefer the simplicity of a four digit passcode which, after all, is the same level of security as on many bank cards. Remember that if someone finding or stealing your iPhone can guess your passcode, then they will be able to access your phone and passwords stored in iCloud. However, if you also turn on stolen device protection this will add a further layer of security to frustrate a thief who has stolen both your phone and your passcode.

You should also have two factor authentication turned on. Most readers will have this set up since Apple have been pushing users towards it for several years.  Two factor authentication makes it impossible for a remote hacker to log in to your Apple account, even if they successfully steal your Apple password, since all login attempts result in a message appearing on all your devices, asking if you wish to allow the login attempt. If you agree to the login attempt, then a 6 digit code is sent to your devices and the hacker will need that code before successfully logging in.  For example, I know the Apple password for some of the people whom I have helped with their iPhones and iPads but I cannot work remotely on their accounts  unless I agree a session with them in advance and call them on the phone in order to be given the 6 digit authorisation code. So, two factor authentication ensures another layer of security for your stored passwords and passkeys; it prevents remote hackers who have stolen your Apple password from logging in without your permission and using your passwords and passkeys stored in iCloud. If you are unsure that two factor authentication is on, go to Settings / your name / Password & Security and swipe right through the items there. Be aware that two factor authentication cannot be turned off once it has been turned on. I strongly recommend that you have two factor authentication set even if you do not intend to use the Passwords app. Never allow anyone to login remotely to your account unless you know and trust them and have agreed the login with them in person or at least over the phone. You should also have agreed why the remote login is necessary. Apple support will never request remote login. They may ask you to allow them to see your screen, but they will not be able to interact with your screen.

It is also important that you are using an up to date version of iOS or iPadOS that has current security updates.  It is prudent to delay installing major software updates like upgrading from iOS 17 to iOS 18  until it becomes clear that there are no serious issues, especially for VoiceOver users but you shouldn't hang back for too long because you will possibly be missing important security updates. In the case of any major release such as x.0 you may usually safely hold off until x.1 is released but by all means update earlier if there are no major issues reported.

Setting up the Passwords app and enabling auto-fill

Some or all of the relevant settings may have been set up for you but please check the following.

Go to Settings / iCloud / Saved to iCloud, see all, button and double tap to reveal the full list of items stored to iCloud.

Now swipe right to reach Passwords and Keychain. If it is off, then turn it on with a double tap. You may be asked for your passcode or Apple password. 

Next go to Settings / Apps / Passwords / View auto fill settings, button, and double tap.

Ensure that everything is turned on except in the Autofill from section where you may find some additional apps. Turn these on only if you wish to be able to access passwords stored in those apps. On the whole, it's simpler to keep everything in one place unless you have thought through a scheme that works for you.

That's it, the Passwords app is set up  and auto-fill is  now available on that device.  Do the same on any other iOS or iPadOS devices on which you wish to use your passwords and passkeys stored in iCloud.

You might also like to turn on a related feature in Safari.  Go to Settings / Apps / Safari / Autofill

If you have a contact set up for yourself, Safari can use the information in this contact, e.g. your email address and postal address, when requested by web sites. You can also set Safari to autofill credit card information using a credit card saved in your Wallet.

Entering user names and passwords in to the Passwords app

When signing in to a new app or website for the first time I recommend you use Sign in with Apple or passkey if they are available. Sign in with Apple requires no additional information to be saved and passkeys will automatically be saved. If you have to opt for signing up with a password your iPhone or iPad will normally spot what you are doing and offer to create a strong password for you. This is your best option unless you have a very good reason to avoid a strong password. You will be offered an "easy to type" option if you need one but remember that you won't normally be typing the password unless you need to use it on devices on which you can't used your saved passwords. When you have finished setting up the new user name and password you will be asked for permission to save it to iCloud and you should agree to this.   

Some websites and apps make it hard for your iPhone or iPad to spot that you are creating an account and for these sites and apps, you willl need to store the user name and password manually in iCloud. If the automatic process doesn't work then open the Passwords app. You will be asked for TouchID or FaceID. Locate the new password button near the bottom of the screen and double tap. The first field to be filled is the app or website but you can also give a label of your choice if you prefer. Next add the user name and password. This is followed by a Notes field where you can note additional information including any security questions. Finally locate the Save button at top right and double tap. You can store security information for systems that you don't use on your iPhone or iPad here too, if you wish. 

Inspecting your passwords in the Passwords app

Open the Passwords app. If the heading "Passwords" is at the top of the page you are viewing a page which offers a choice of the different types of item the app manages. Swipe right to All and double tap. 

The list of saved user names and passwords is now on screen. Swipe right through this to hear the item name and the user name for each of your saved passwords or use the section index at the right edge of the screen to move through a long list of passwords. A search field is also available. If you want to inspect the password, double tap to have access to all the information saved for that item. The password will initially be obscured by bullets. If you want to view the password, use the Edit button at top right which will reveal the password. To avoid accidental changes, I recommend you immediately use the Cancel button at top left which will leave the password accessible.

Using auto-fill to enter saved user names and passwords

The precise behaviour of auto-fill varies between apps and web sites.  Sometimes you will be prompted to select a password to use. For some sites which remember your email address, you may find a button for the password near the bottom of the screen in place of the keyboard. At other times one or more choices will be offered immediately above the keyboard when you double tap the password field.  Search for this by sliding your finger above the keyboard and then double tap to select. You will always be asked for  TouchID, FaceID or your passcode before information is auto-filled. It sounds a bit messy, but you should soon get the hang of it for sites that require you frequently to login. Some web sites and apps my not accept auto-fill. If auto-fill is not offered, you always have the option of locating the password in the Passwords app and copying it to the clipboard and then pasteing it in to Safari or the app. Paste can be found on the Edit position of the VoiceOver rotor.

Back to navigation page