How to View and Change Compromised iCloud Keychain Passwords on iPhone
Apple has been slowly improving the iCloud Keychain to compete with third-party password managers, and that’s good news for all consumers. Many users don’t want to use a password manager as they will have to pay a subscription fee, and that leads to the use of simple and repeated passwords, which is not good for online security. Thanks to new features like password autofill and iCloud Keychain password, users can use a strong password manager without paying anything. One of the recent features in addition to iCloud Keychain Password is Password Monitoring, which informs you when your passwords get revealed in a data breach. Here, we will show how you can view and change compromised passwords on your iPhone.
How Apple monitors your compromised passwords
iCloud Keychain Password helps users create strong passwords and keeps them secure inside an end-to-end encrypted vault. You only need to remember the master password, which is your iCloud account password, to access these passwords. Since web services are prone to hacking attacks, there’s a chance that your passwords are made public by malicious actors.
For example, suppose you are using a service like Facebook that requires you to create an account and password. If there’s a hack at Facebook, hackers will sell the data of hundreds of thousands of users, including their account email and password information.
The password monitoring feature of iCloud Keychain keeps track of these data breaches and lets you know if your account and password are compromised. That’s why it’s recommended to use different passwords for different online accounts, so even if your password is revealed in a data breach, you only have to worry about that one account.
How to view and change compromised iCloud Keychain passwords on iPhone
Apple has made it very easy to view and change compromised passwords on iPhone. Firstly, the iCloud Keychain sends you an immediate notification whenever it finds your account and password data in a leak. If you miss or dismiss the notification, you can open the Settings app to view your compromised account and change the password. To see compromised passwords, go to Settings → Passwords, and verify with Face ID or Touch ID. Now, tap on Security Recommendations.
At the top, you will see a list of items labeled as High Priority. These are the passwords that iCloud Keychain has found in data leaks. These are the accounts you should secure right away. Since my passwords have not appeared in a data leak, it’s not showing me any high-priority item. Below the high-priority items, you will see low-priority items. These are the passwords that iCloud Keychain has deemed to be simple and that can be easily guessed. You should change these passwords to secure your accounts. The steps to change the password are the same for all items.
Tap on the account you want the change the password for and tap on Change Password on Website. iCloud Keychain will open the website for the account and ask you to log in with your current credentials. Once you log in, you can visit the website’s account management page to change your password.
How to check non-iCloud Keychain password leaks
For accounts not saved in iCloud Keychain, you will have to check for password leaks manually. There’s a good website that lets you check for data breaches by entering your email ID. To check whether your email and password have appeared in a data leak or not, first, go to haveibeenpawned.com, enter your email ID, and click on the pwned? button.
If your data appeared in a leak, the website will show you which of your accounts has been compromised. You can then change your passwords for those accounts to secure them.
Change compromised passwords on iPhone: final thoughts
It’s good that Apple has taken a proactive approach to password security and informs users whenever their password is found in a data leak. We recommend that you use the iCloud Keychain account to manage your password (or use a third-party client), so you can create strong and random passwords for your different accounts.