Passwords have been, are, and will be (at least until an alternative and more secure system appears) a key element in security. We depend on them to access services, protect documents, log in and unlock our devices … the keys, whatever the type, are the main (and in many cases the only) means we have to protect what interests us, worries, etc.
Thus, although to this day still many nonsense are still being committed with them, a increasingly global awareness, added to the eefforts made by industry and the media to promote good practices, as well as proliferation of tools and services to properly manage them, they are making it possible for passwords to still have a great future ahead of them. Without ignoring, of course, its integration into 2FA access models, which considerably reinforce the security guarantee for users.
This, however, does not mean that the situation with passwords is idyllic, unfortunately. There is still a plethora of problems that, on many occasions, are exploited by cyber criminals to attack all kinds of targets: from the email account of a particular user, to the IT infrastructures of large companies and public entities. A situation that is less sustainable every day, mainly due to the constant increase in criminal activity on the Internet.
Aware of this situation, Apple has just launched an open source project aimed at facilitating collaboration between developers. password management solutions and make it easier for them to work hand in hand with the administrators of these keys, in order to ensure interoperability with websites and create a better and more secure user experience for users. To that end, the goal is to integrate the password generation capabilities of the iCloud Keychain platform into password management applications.
Password Manager Resources It is the name of the project and, according to its managers, it focuses on addressing the problem of quirks, a common concept in web programming that refers to certain specific functions that, for one reason or another, serve a very specific operation on that site. In other words, they are «peculiarities» that prevent the use of a standard solution (code) to cover that need. Something very common in terms of passwords.
With this developer toolkit, the main goal is create an absolute compatibility scenario between password managers and the services in which they are used. In this way, and knowing that the passwords that will be automatically generated will always be secure and compatible with the rules of each service, the risk of the user creating their own keys is substantially reduced, which can be really insecure.
To attack the Quirks problem in password management, Apple’s project focuses on three points:
Password rules: When suggesting a key, the password manager must be able to carry out this operation taking into account the possible specific rules of the site in which it is being used. Start with a capital letter or a number, a maximum number of characters, compatibility or not with special characters, etc.
Websites with shared credential backends: The tool must be able to distinguish, and properly manage, groups of websites that use the same credentials to access their shared services, back-ends, etc.
Password change URL: A key factor in promoting the adoption of strong passwords is the facilities offered by the service for a hypothetical change of credentials if necessary.