Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers.
Published on GitHub in the Password Manager Resources repository, the tools should help developers create strong passwords compatible with popular websites. The available resources include data, or “quirks,” and code.
Used in web browser development, “quirk” refers to “a website-specific, hard-coded behavior to work around an issue with a website that can’t be fixed in a principled, universal way,” Apple explains.
The Password Manager Resources project maintains the term’s meaning, providing website-specific requirements used by Apple’s iCloud Keychain password manager for the generation of strong, unique passwords.
While the industry is expected to work toward eliminating the need for quirks, Apple’s software engineers believe that it is also important to customize behaviors to deliver an improved user experience.
At the moment, the project offers the following quirks: rules to generate passwords compatible with specific website requirements; groups of websites with shared credential backends; and URLs to websites’ change password pages.
According to Apple, the open source resources should help password manager developers improve quality with less effort, should incentivize website owners to adopt standards or emerging standards to improve compatibility with password managers, and should increase user trust in password managers as a concept.
“We encourage you to incorporate the data from this project into your password manager, but kindly ask that you please contribute any quirks you have back to the project so that all users of participating password managers can benefit from your discoveries and testing,” Apple says.
Developers are invited to contribute by raising compatibility issues with websites, documenting the right data for quirks, and submitting a pull request to add a quirk (merging pull requests currently requires approval by a project owner).
Related: Flaw in Password Managers Allowed Apps to Steal Credentials
Related: Overall Security of Password Managers Debatable, Cracking Firm Says
Related: Cybersecurity Firms Partner on Open Source Security Technology Development
More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
