Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Apple Releases Open Source Password Manager Resources

Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers.

Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers.

Published on GitHub in the Password Manager Resources repository, the tools should help developers create strong passwords compatible with popular websites. The available resources include data, or “quirks,” and code.

Used in web browser development, “quirk” refers to “a website-specific, hard-coded behavior to work around an issue with a website that can’t be fixed in a principled, universal way,” Apple explains.

The Password Manager Resources project maintains the term’s meaning, providing website-specific requirements used by Apple’s iCloud Keychain password manager for the generation of strong, unique passwords.

While the industry is expected to work toward eliminating the need for quirks, Apple’s software engineers believe that it is also important to customize behaviors to deliver an improved user experience.

At the moment, the project offers the following quirks: rules to generate passwords compatible with specific website requirements; groups of websites with shared credential backends; and URLs to websites’ change password pages.

According to Apple, the open source resources should help password manager developers improve quality with less effort, should incentivize website owners to adopt standards or emerging standards to improve compatibility with password managers, and should increase user trust in password managers as a concept.

“We encourage you to incorporate the data from this project into your password manager, but kindly ask that you please contribute any quirks you have back to the project so that all users of participating password managers can benefit from your discoveries and testing,” Apple says.

Developers are invited to contribute by raising compatibility issues with websites, documenting the right data for quirks, and submitting a pull request to add a quirk (merging pull requests currently requires approval by a project owner).

Related: Flaw in Password Managers Allowed Apps to Steal Credentials

Related: Overall Security of Password Managers Debatable, Cracking Firm Says

Related: Cybersecurity Firms Partner on Open Source Security Technology Development

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...