First of all, don’t panic. And don’t be alarmed yet. I would like to raise awareness to you so that you don’t be the victim!
This is happening not only on iOS 12, but also on previous iOS before iOS 12 and likely to future iOS as well.
For other iOS related news, tweaks, tips and tricks, do check here.
Since iOS 7, Apple has introduced iCloud Keychain to iOS. In case you don’t know, iCloud Keychain is basically a storage or placeholder to store any keys (read: passwords, passcodes including your usernames) that you trust Apple with iOS and iCloud to save them for you.
To be more clear, have you ever been prompted something like this and tap “Save Password”?
If yes, then that means iOS has been keeping your password on its iCloud Keychain.
And the next time you are visiting the same website or using the same app, during authentication/login process, iOS will offer you to use the stored password like what you see below. All you need to do is just tap on the “Password” and iOS will do the rest for you. Super convenient is it?
Well, convenient normally comes with a price. So does all the passwords saved under iCloud Keychain. As it turns out, all your passwords or passcodes are stored in plain text.
iOS 12 stored Password in plain text. How could that be?
Prove it yourself that they are stored in plain text.
These steps below are done on iOS 12, for other version of iOS, the steps might be slightly different.
1) Go to Settings then scroll down until you find “Passwords & Accounts”.
2) Tap on “Password & Accounts”.
3) Find “Website & App Passwords”. The number shown next to it, is the number of passwords you have saved inside the Apple iCloud Keychain.
4) Tap on “Website & App Passwords” to continue.
5) If prompted to do Face ID or Touch ID to authenticate, do so.
6) Once authenticated and inside, depends on how many passwords stored inside, you’ll see the list of them. Tap on one of them.
7. Surprise?! Yes, that’s your password, stored in plain text!
Find other awesome articles, tips, tricks related to Life and Tech, iOS and Android quick review on:
Don’t worry, they are safe!
Now like I said earlier, please don’t get alarmed first and don’t jump panicking. In fact, similar iCloud KeyChain feature found on other programs/apps are doing the same. For example Google Chrome Browser for Desktop. It also has the save password feature and once authenticated, the browser will show your password in plain text. The difference is that, using iPhone with Face ID or Touch ID, people can easily get access from you if you are not fully aware of what you are giving authentication to.
So those plain text passwords are going to be safe as long as you practice this: never give your face or fingerprint to other people to open your iPhone via Face ID or Touch ID.
At least if they are borrowing your iPhone or iOS device (E.g.: your kid would like to play with it) and ask you to authenticate the device, make sure you see thoroughly what page it is showing and what kind of access they are asking for – making sure they are not trying to open “Website & App Passwords” section. Failure to do so will be catastrophic for you if they are really opening “Website & App Passwords” and you help them authenticate, since they shall know all of your stored plain-text passwords inside.
If the iOS device is a shared device, stay away from saving your password to iCloud Keychain. When either browser or app prompt you to “Save Password”, ignore it or choose “Not now” or “Never for this website”.
Do give your comments and thoughts down below on the comment section. Cheers!
For Life, Tech tips, iOS and Android Apps and Games quick review, do visit below:
Hi, thanks for reading my article. Since you are here and if you find this article is good and helping you in anyway, help me to spread the words by sharing this article to your family, friends, acquaintances so the benefits do not just stop at you, they will also get the same goodness and benefit from it.