Watch this: Apple's MacOS Sequoia: The New Features You'll Want to Try
04:20
Most of your passwords are likely for signing into websites such as your bank, online stores and other outlets. When you sign up for an account at a new site using Safari, Passwords prompts you to create a randomly generated secure password. Choose Use Strong Password, which creates a new entry in the app.
The Passwords app doesn't need to be open for this to work, since it's integrated at the system level.
The advantage of having a standalone Passwords app is to give you a better way to create and manage these passwords. While most of the time you'll be prompted to create a new password, there will be times when you'll need to manually do it.
1. Open the Passwords app and authenticate with your system password, Touch ID, Face ID or device passcode.
2. Click the + button or choose File > New Password.
3. Enter a title for the entry.
4. Type your user name in the User Name field (which could be an email address, depending on what the app or service requires).
5. Click the Password field and choose a secure password option that appears. You can also type directly into the field, but too often people use easily-guessed or repeated passwords -- stick with the randomized ones the Passwords app is suggesting.
6. If you have any other information, such as recovery codes or details about an app purchase, enter those in the Notes field.
7. Click Save.
When you create a password using this method, there's no Website field -- Passwords leans heavily on the process of capturing login information when you're using the site's fields to sign up or log in. But you can add a link separately by clicking the Edit button in the entry you created and then typing or pasting the address in the Website field.
The next time you return to a site and need to sign in, you'll be prompted to use Passwords to autofill your stored information. Select the account that appears in the pop-up and then authenticate using Touch ID or Face ID, depending on your device.
If the autofill prompt doesn't appear, go to the Passwords Menu Bar item and search for the site there. Select it and then click the User Name or Password fields (or one and then the other) to copy the content and paste it into your browser.
Having a secure password is just the first security step in this day and age. Many sites now recommend (or outright require) a two-factor authentication option as well. Sometimes this is the mobile number you use for texting to receive a one-time code that expires after a set amount of time. Or it could be an automatic verification code that randomizes every 30 seconds.
To set up 2FA on a site, sign in to it and access your account settings. Look for an option such as "Sign up for two-factor authentication" or similar. Enter your phone number or email address -- the type depends on what the site is using -- and send it. The site then sends a verification code in the method you supplied.
That might be all the site requires. The next time you sign in, you'll be prompted to authenticate using that method, in which case you'll get a new code.
The system can automatically delete a text message or email containing the code when you're done with it -- after all, that number combination will never work again. Go to System Settings > General > AutoFill & Passwords and turn on Verification Codes: Delete After Use.
There may also be another level of authentication that doesn't rely on sometimes spotty SMS networks and email servers. The site may accept a continuously changing code that is tied to your account, which can be generated at filled in using the Passwords app. Here's how to set that up:
1. In the two-factor authentication process, you'll likely be given a QR code to set up a verification code. Control-click the code and choose Set Up Verification Code from the contextual menu.
2. In the Passwords app, which automatically opens, select the entry for that site.
3. Click Add Verification Code.
Return to Safari and click the field asking for the verification code. A Passwords pop-up will appear for you to authenticate by entering the current code. If that doesn't appear, go to the Passwords app, click the Verification Code field and choose Copy Verification Code. Then paste it into the field in Safari.
The next time you log into that site, using Autofill will also apply the current verification code.
On the iPhone, the process is similar: When presented with a QR code, touch and hold it, and then choose Add Verification Code in "Passwords".
What if I told you we could just forget about passwords altogether? No more requirements that a password include at least 12 characters and numbers and special characters, not be a password you've used previously and also reference your favorite movie genre as expressed in prime numbers.
That's the promise of passkeys, a way of authenticating you using the secure hardware you're already using. With a passkey in place, you can sign into a site or app using Face ID or Touch ID on your iPhone, iPad, Mac or Vision Pro -- without typing a single character.
Setting up a passkey is similar to a 2FA method: Sign in to your account on a service that supports passkeys, view your account security settings and look for an option to create a passkey or security key. You'll get a prompt to store the passkey using Touch ID or Face ID (depending on the device you're using).
When you next sign in to that site, you won't see a password field at all: it prompts you to use the passkey instead.
Not only are they more convenient, passkeys are also more secure. One of the biggest problems with passwords today isn't the danger that someone will somehow break into your devices and steal yours -- it's the industrial-scale theft of thousands or millions of passwords from the companies you've created passwords for as a result of hackers breaking into those servers. That's useful for sites such as Amazon, Shopify and Uber, for example, which contain valuable sensitive information about their customers and are frequent targets for hackers.
Your passwords are private, but sometimes you need to share them with someone. For example, let's say you and your spouse share a login to access a regular food delivery service. You can add the site's login information to a shared group in Passwords so you both have access to it. If you need to change that password, it's automatically updated in the Passwords app on their devices, too. And if you're using a passkey on your devices, they can also login using a passkey that's created for their devices, securely tied to their Apple Account.
Sharing passwords involves creating a new shared group and then adding passwords to it:
1. In the Passwords app, click the + button that appears when you move the pointer over Shared Groups, or choose File > New Shared Group.
2. Type a Group Name.
3. Click the Add People button and choose the person from your contacts. Repeat if you're creating a group with several people.
4. Click Create.
5. In the next screen, search for (or scroll to locate) the password you want to share, and click the checkbox for it. Repeat for all of the passwords to share.
6. Click Move.
7. Optionally notify the other person by sending them a text message. Click Notify via Messages. Or click Not Now to not send a text -- they will still see the group invitation in their Passwords app.
One great new feature in Passwords is a handy way to share a Wi-Fi password without divulging the password itself: You show someone a QR code that grants them access.
You can also share a password with someone near you over AirDrop:
When the other person accepts, the password is added to their Passwords app.
What if you already use another password app, such as 1Password or Bitwarden? You can export your passwords into the Passwords app on the Mac. But there are a few caveats.
First, the Passwords app accepts only a CSV (comma-separated values) file, which is just a big unencrypted text file. Your current password tracker should be able to export the file, then go to File > Import Passwords in the Passwords app and select it.
Then, and this is crucial, remember to securely delete that CSV file so all your passwords aren't sitting around vulnerable. You can do that in the Finder by deleting the file, which puts it into the Trash. Next, open the Trash, right-click or Control-click the file and choose Delete Immediately.
The other thing to keep in mind about importing passwords is that not everything may come over. 1Password, for example, stores items such as secure notes and credit cards that are not imported into the Passwords app.
When Apple announced the Passwords app as part of iOS 18 and MacOS Sequoia, some people wondered if the company had just "Sherlocked" other password keepers. The term comes from an old MacOS feature called Sherlock, which let you search your computer for more than just file names. Other search utilities did the same thing, but when Apple built the feature into the system, it killed the market for many of those third-party apps.
On the surface, it sure sounds like Apple Sherlocked utilities such as 1Password, Bitwarden and LastPass (though LastPass and its poor security has done more damage to itself). But although Passwords assumes the core functions of storing and applying passwords, other apps still have their own advantages:
Source: cnet.com