Security Experts:

Apple Releases Open Source Password Manager Resources

Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers.

Published on GitHub in the Password Manager Resources repository, the tools should help developers create strong passwords compatible with popular websites. The available resources include data, or “quirks,” and code.

Used in web browser development, “quirk” refers to “a website-specific, hard-coded behavior to work around an issue with a website that can't be fixed in a principled, universal way,” Apple explains.

The Password Manager Resources project maintains the term’s meaning, providing website-specific requirements used by Apple’s iCloud Keychain password manager for the generation of strong, unique passwords.

While the industry is expected to work toward eliminating the need for quirks, Apple’s software engineers believe that it is also important to customize behaviors to deliver an improved user experience.

At the moment, the project offers the following quirks: rules to generate passwords compatible with specific website requirements; groups of websites with shared credential backends; and URLs to websites’ change password pages.

According to Apple, the open source resources should help password manager developers improve quality with less effort, should incentivize website owners to adopt standards or emerging standards to improve compatibility with password managers, and should increase user trust in password managers as a concept.

“We encourage you to incorporate the data from this project into your password manager, but kindly ask that you please contribute any quirks you have back to the project so that all users of participating password managers can benefit from your discoveries and testing,” Apple says.

Developers are invited to contribute by raising compatibility issues with websites, documenting the right data for quirks, and submitting a pull request to add a quirk (merging pull requests currently requires approval by a project owner).

Related: Flaw in Password Managers Allowed Apps to Steal Credentials

Related: Overall Security of Password Managers Debatable, Cracking Firm Says

Related: Cybersecurity Firms Partner on Open Source Security Technology Development

view counter