I haven’t used it before (at least knowingly). But today one of my seldom used IOS devices displayed a warning that a password I use for a news site (a very weak one by choice) had appeared on a national data base of stolen passwords. The message even identified the news site where I use it. Apparently I’d left keychain switched on on that device and Apple had been monitoring that password.
Well, I changed the PW and a few others that were intentionally simple and easy to remember. Than I researched Apple’s keychain function to see what it’s all about.Article
Here’s a snippet: “If you have iCloud Keychain set up as an option to auto-fill passwords into mobile and web apps, Safari will help out in the auditing so that it can warn you of compromised passwords whenever you log in to a website. So if you use iCloud Keychain to auto-fill your credentials into a website in Safari, after you sing in, Safari will give you a prompt to "Change Password on Website," like so: This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.
One problem with above: I don’t use Safari for sensitive sites. I use DuckGo instead.
Like most of you, I’m sure, I use some pretty tough passwords for financial sites, some extending to 15 characters. (And, most often 2-factor authentication is also used.) Each password is unique. So, I’m not particularly concerned. The one that may have been heisted is a simple one I’ve used for over 20 years where security isn’t much of a concern. On the other hand - If Russian hackers can shut down a major U.S. pipeline, how do you keep them from accessing your personal financial data - or worse?
So … Do you think trusting Apple to remember your passwords is a good idea? Or a bad idea?
Please forgive listing this as “Other Investing.” But ISTM security of financial records is pretty important.