How To Find Reused And Compromised Passwords In Safari

Many of us are guilty of using one password for all of our online accounts. It's not hard to see why — doing so is convenient and easier to remember. Passwords are a headache, and keeping track of them for your many online accounts can get tiring fast. But reusing passwords is a huge security risk. Your accounts could be easily compromised if hackers get ahold of your passwords in data breaches or phishing attacks. It's the same thing if you use a password that can be easily guessed.

Apple is known for ensuring and preserving top-notch user security on its devices, and the recent version of Safari has a feature called Password Monitoring that lives up to that reputation. This feature will offer security recommendations to alert you when your passwords are weak, reused, or leaked, allowing you to make smarter security decisions. Here's how to use that feature to find reused and compromised passwords in Safari.

How to view compromised passwords in Safari on macOS

The macOS version requirement to use this feature is Big Sur or Monterey, but it worked fine in Catalina, as well. To get started:

1. Launch Safari on your Mac.

2. Once a new Safari window opens, click on Safari in the menu bar and select Preferences from the dropdown menu.

3. You should see a popup menu of Safari preferences — you'll be under the General section by default. Select Passwords from the top menu to manage your saved passwords.

4. At this point, you'll have to enter your system password to access your saved passwords.

5. Once you're in, you'll see a list of all your stored passwords. If you see a yellow warning icon next to any of the passwords, that means Safari has a security recommendation for it.

6. Tap the warning icon on the password to know its security status. If a password has been overused, if it is easy to guess, or if it has been compromised in a data breach, Safari will add a short comment. There'll also be a link to the appropriate page so you can change your password (via Apple Support).

Whenever Safari is auto-filling your passwords in any field, you may also get a Compromised Password alert notifying you to change a password because it is weak, reused, or leaked.

How to view password security recommendations on iPhone and iPad

You can also take advantage of this feature on iOS to detect compromised passwords on your iPhone (via Apple Support), and as you likely expect, the same steps will also work on the iPad to reveal any accounts that should have their passwords updated. To see these recommendations on an iPhone or iPad, you'll need to:

  1. Tap the Settings app, scroll down, and then tap the Passwords menu.
  2. You'll have to verify your identity with either Face ID or Touch ID before you can gain access to Keychain data.
  3. Next, tap Security Recommendations right above the list of passwords.
  4. Tap on an account to see more details about its security status. If any of your accounts are using a password that's weak, easy to guess, or has been compromised in a data leak, it will be displayed here.
  5. Tap Change Password on Website to change your password to something more secure.

If you're concerned about the security of Apple's processes for reviewing your passwords, the company's passwords and privacy policy will put your mind at ease. Safari uses "strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords," according to the company, in a way that still keeps your password information private — even from Apple. If you ever get a Compromised Password alert that seems suspicious, you can always use the steps above to verify that the prompt is from Apple itself, not scammers or hackers.