Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers.
Published on GitHub in the Password Manager Resources repository, the tools should help developers create strong passwords compatible with popular websites. The available resources include data, or “quirks,” and code.
Used in web browser development, “quirk” refers to “a website-specific, hard-coded behavior to work around an issue with a website that can’t be fixed in a principled, universal way,” Apple explains.
The Password Manager Resources project maintains the term’s meaning, providing website-specific requirements used by Apple’s iCloud Keychain password manager for the generation of strong, unique passwords.
While the industry is expected to work toward eliminating the need for quirks, Apple’s software engineers believe that it is also important to customize behaviors to deliver an improved user experience.
At the moment, the project offers the following quirks: rules to generate passwords compatible with specific website requirements; groups of websites with shared credential backends; and URLs to websites’ change password pages.
According to Apple, the open source resources should help password manager developers improve quality with less effort, should incentivize website owners to adopt standards or emerging standards to improve compatibility with password managers, and should increase user trust in password managers as a concept.
“We encourage you to incorporate the data from this project into your password manager, but kindly ask that you please contribute any quirks you have back to the project so that all users of participating password managers can benefit from your discoveries and testing,” Apple says.
Developers are invited to contribute by raising compatibility issues with websites, documenting the right data for quirks, and submitting a pull request to add a quirk (merging pull requests currently requires approval by a project owner).
Related: Flaw in Password Managers Allowed Apps to Steal Credentials
Related: Overall Security of Password Managers Debatable, Cracking Firm Says
Related: Cybersecurity Firms Partner on Open Source Security Technology Development
More from Ionut Arghire
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
Latest News
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
- Backslash Snags $8M Seed Financing for AppSec Tech
