How To

How to use Apple’s Passwords app on iPhone, iPad, and Mac

Posted on by

We all use passwords to log into dozens of websites and services. While it’s hard to remember that many different passwords, it’s essential to avoid reusing a password across multiple websites. That’s because if one site is compromised, hackers will have an email address and password combination that they can try on other sites. Because of this, you need to ensure that your passwords are different for every website and app, and that they are hard to guess or crack.

Your iPhone, iPad, and Mac have a “keychain”—an encrypted database that stores your logins, passwords, and some other information. This data syncs securely via iCloud, so you can use the same passwords on all your devices. Beginning with iOS 18, iPadOS 18, and macOS Sequoia, this information is available via a new Passwords app; previously, your saved passwords were accessible via the Settings app, or via the Keychain Access app on a Mac.

Here’s how to use Apple’s Passwords app on your Apple devices: iPhone, iPad, or Mac.

Apple’s iCloud Keychain

Apple’s iCloud Keychain enables you to sync all your passwords, via iCloud, to all your devices. You enable this in the iCloud settings on your iPhone, iPad, or Mac. These passwords are synced to the cloud — they are encrypted, so this is secure — so when you log into a new website on your iPhone, for example, you’ll be able to automatically use that login and password on your Mac.

In 2023, Apple changed the terminology, calling this iCloud Passwords and Keychain. You could access the information via the System Settings app, or in Safari, in Settings > Passwords. In late 2024, with the release of iOS 18, iPadOS 18, and macOS Sequoia, Apple released a dedicated Passwords app, which replaces the access in Settings and Safari.

It’s easy to use this feature. When you visit a website and encounter a login form, Safari, and some apps on iPhone or iPad, will auto-fill the form if it has a password stored for that site or service. In some cases, you may have multiple login/password combinations for a site, and you’ll see options for what’s available. And if none of these options are correct, which may happen if a website has changed its domain, for example, click or tap Other Usernames to search all the saved passwords.

How to Enable iCloud Passwords

To sync your passwords via iCloud, you need to turn this feature on, on all the devices where you want to access these passwords. Go to Settings, tap or click your name, then iCloud, then See All. This shows you all the types of content that are synced via your iCloud account, such as your photos, messages, email, and more.

Tap or click Passwords & Keychain, and make sure than syncing is enabled.

How to access passwords on your iPhone, iPad, or Mac

With the new Passwords app, you can now access passwords on your Apple devices by opening that app. It’s in your Mac’s Applications folder, and you can find it on your iPhone or iPad by pulling down on your Home Screen and searching for it. This simplifies the way you could access passwords previously. With last year’s operating systems, you could access passwords via System Settings, Safari, or the Keychain Access app.

Most of your interactions with the Passwords app will occur automatically, such as when you create a new login on a website and Safari creates a password and saves your login credentials, or when you log in to a site and Safari offers to auto-fill those credentials. Note that Apple’s Passwords app on Mac doesn’t work with other web browsers, many of which have their own method for saving passwords. Those passwords may sync to the same web browser on other devices, but they’ll be inaccessible in Safari or other apps. On iPhone and iPad, you can allow auto-fill from other browsers (see below).

What’s missing from the Keychain Access app

The Keychain Access app, available only on Mac, has been around for a long time. While the Passwords app has replaced it, there is some content in the keychain that the Passwords app doesn’t display. In macOS Sequoia, you can find the Keychain Access app in /System/Library/CoreServices/Applications. The main reason you might want to access this app is if you have stored secure notes in it. These are encrypted notes that sync via iCloud, and, while you could never access them on an iPhone or iPad, you could access them on multiple Macs using the same iCloud account.

If you do have secure notes set up in Keychain Access, it’s a good idea to migrate them to another app. Apple’s Notes app lets you password protect notes, and there are other apps that can store secure notes and sync them via iCloud. Most password managers offer this feature, and it’s surprising that Apple hasn’t included a secure notes option in its Passwords app.

Using the Passwords app

The Passwords app displays a half dozen sections in its sidebar. All its content, Passkeys, Codes (for two-factor authentication), Wi-Fi passwords, Security alerts, and Deleted.

Most of these sections are self-explanatory, but it’s important to check the Security section, which can help you ensure that your passwords are robust. In the Passwords app settings, there’s an option to Detect Compromised Passwords. This is enabled by default, and it allows the Passwords app to tell you if any of your email and password combinations have been found in data leaks. This is a serious problem, as billions of credentials have leaked in recent years. iCloud Keychain will tell you which passwords may be compromised, and prompt you to change them. It will also tell you if you are reusing any passwords, which can lead to user name / password pairs, found in such leaks, being tried on different accounts. With the ability of the Passwords app to create strong passwords, you should never come up with a password manually, and never reuse passwords.

However, you may find some reused passwords for companies that have multiple domains. For example, if you shop and multiple Amazon websites – different country sites, or Amazon-owned sites such as Audible – you’ll see those passwords marked as reused. Apple’s Passwords app doesn’t give you the option to merge these passwords into one entry that is allowed to work on multiple domains.

You’ll also be alerted if you’re using passwords that are too common, or too simple. Passwords will tell you that “This password is easy to guess and should be changed.” This is the case for passwords such as 123456, qwerty, password, etc. I have noticed that many public wi-fi passwords show up in this list, those used in hotels, coffee shops, and other locations, which are often simple so patrons can easily connect to wi-fi networks. Don’t worry about these.

You may have a lot of passwords in this Security Recommendations list, and, while it can take a long time to correct them, it’s worth doing. Click one of the passwords, then click Change Password on Website. Sometimes this will take you to a password reset page, but in most cases, you’ll need to log into your account, then find where to change the password.

There are several settings for the Passwords app:

  • Detect Compromised Passwords: As explained above, this allows Passwords to show you any passwords that are found in data breaches, reused, or easy to guess.
  • Suggest Strong Passwords: This tells Passwords to automatically suggest strong passwords when setting up new accounts in Safari.
  • Automatically Create Passkeys: If you enable this, Passwords will create passkeys on websites that support them, and upgrade existing credentials when passkeys are available. For more on passkeys, see our article, What are Passkeys, and how do they work?

On iPhone and iPad, the Passwords app is similar. Tap one of the category icons to view its contents. Settings for the Passwords app can be found in Settings > Apps > Passwords.

Manually create passwords

While much of what the Passwords app does is automatic, you may need to create some passwords manually. Tap or click + and a dialog displays. You can enter the name of the website or service and the user name, and when you click the Password field, the app suggests a strong password, or a strong password without special characters. You can also manually type or pate a password in that field.

You can also write notes for any entry in the Passwords app. You may want to enter things like dates, or what a specific site is for, if you have lots of entries for sites in your business whose names are not self-explanatory.

Auto-Fill settings

The Passwords app can auto-fill credentials for websites in Safari, and, in some cases, auto-fill logins in apps on iPhone and iPad. These settings are enabled by default, but you can check them. On the Mac, go to Safari > Settings > Auto-Fill. You can choose here to auto-fill contacts, user names and passwords, credit cards, and other forms.

On iPhone or iPad, go the Settings > General > AutoFill & Passwords. You can allow your iPhone to auto-fill passwords and passkeys, and also enable other password managers, if you use one. You can also allow other web browsers to auto-fill passwords, but you can only enable a total of three apps in the auto-fill settings.

 

Accessing Passwords on Windows

Apple also makes it possible to access your passwords on Windows. To do so, simply install iCloud for Windows, which you can download from the Microsoft Store. Apple also offers Chrome and Edge browser extensions specifically for Windows users, though user reviews for these extensions aren’t very positive.

Setting Up Two-Factor Authentication on iPhone, iPad, or Mac

Two-factor authentication, or 2FA, is a way to protect your accounts; in addition to having to enter your user name and password, you have to also enter a one-time code, which is generally valid for a short period of time, to access a website or service. You should use two-factor authentication whenever possible.

Related:

Two-Factor Authentication: How It Works and Why You Should Use It

Many services provide 2FA codes, also known as one-time passwords or OTP, via text message, and sometimes by email, but these methods of transmitting codes isn’t secure. Also, there may be times when you cannot access text messages or emails. The safest way to work with 2FA is to use your device to generate codes.

To set up 2FA for a login, find a website or service you’d like to protect in Passwords. Go to the website and find how to turn on two-factor authentication; this is usually in the site’s Security or Password settings.

You’ll generally get one or two options; an alphanumeric code and/or a QR code. If you’re on an iPhone or iPad, you have the option to scan a QR code, which you could do if you obtain the code on a computer which is in front of you. Otherwise, the easiest way is to just copy the setup key from the website then paste it into the dialog.

On macOS, click a password, then click Set Up Verification Code. A dialog displays:

On iOS or iPadOS, tap a password, then tap Set Up Verification Code. In the dialog that displays, tap either Enter Setup Key or Scan QR Code. Note that on Mac, you could use a screenshot of a QR code; click Choose QR Code Image to upload the screenshot.

In the future, where you visit that website, Passwords will enter your username and password, then, when a code is requested, it will auto-fill that field with a code generated on the fly.

What else should I know about Apple’s Passwords app?

Passwords is a great app that saves time and helps keep you secure. Since you don’t need to remember your passwords, you can make them even more robust, so be sure to use Apple’s Passwords app to stay safe.

If you use Android, Chrome OS, or Linux devices, Apple’s Passwords may not necessarily be the best option for you. While you can use the Chrome or Edge browser extensions mentioned above, if you don’t use those browsers, then you cannot access your passwords. Apple does not offer web access to passwords via iCloud.com. If you’re looking for a password manager that has better cross-platform support or has a more comprehensive feature set, see our related article detailing a few prominent password managers:

4 Best Password Managers in 2024: How to choose the right one for you

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →