Reports of a massive 100 million account data leak at T-Mobile should encourage any Apple user to double-check password and account security. Here's how to do that using Keychain.

Apple’s built-in password manager is called iCloud Keychain. It securely stores your saved account information such as account names and passwords across all your signed-in devices. It will automatically enter this information for you when you access an app or service.

It’s a useful tool to help manage better security habits. Many prefer to use cross-platform services such as LastPass, Dashlane, or 1Password for this task, though these services may themselves be vulnerable to attack.

Apple has iterated its password management tool since it was introduced. As of iOS 14, it now alerts you about the following security weaknesses:

You set the system up in Settings>iCloud>iCloud Keychain on iOS devices, or System Preferences>Apple ID>iCloud>iCloud Keychain on Macs. Just toggle the feature to On.

Once you enable it, the keychain will gather your passwords across all your devices as you access websites and services during use.

To check password security on iCloud Keychain follow, these steps:

The system is better on iOS, as it does a better job of making the information that you find visible. To check the state of your passwords on iPhones or iPads:

NB: Deleting a password in iCloud Keychain does not actually delete your account – you need to do that yourself on the relevant site.

Apple in 2020 made a collection of resources for password management development available to the open source community. This includes collections of websites known to share a sign-in system, links to the parts of some websites where users change passwords, and information concerning idiosyncrasies in the passwords some services permit.

The company also provides the Sign-in With Apple system, which can use Face ID and/or Touch ID and your Apple ID to create highly secure logins.

Starting with iOS 15, Apple will also build Google Authenticator into the system, which means you will be able to generate verification codes for additional sign-in security. If a site offers two-factor authentication, you will be able to set up verification codes under Passwords in Settings and these should autofill when you sign in to the site.

Apple is also putting a new Passkey system together that can be used to replace passwords with biometric (Touch/Face ID) authentication.

Apple does take security seriously (most of the time), and like most big tech companies is now working to develop an infrastructure that replaces passwords with other forms of login access. We are, however, not there yet, and the latest data breach should be reason enough for any enterprise user to confirm their passwords remain secure.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.