Apple releases Password Manager Resources for open source security aplenty
Today Apple revealed the Password Manager Resources open source project to assist in the development password management systems of all sorts. This new system was made by Apple to be open sourced in order to invigorate the global digital community with password management protocol that's as secure as today's tech will allow. This system from Apple allows developers to integrate website-specific requirements used y the iCloud Keychain password manager "to generate strong, unique passwords."
The Password Manager Resources repository on Github delivers an updated set of rules for the project, lovingly titled "Password Rules", as well as a "Password Rules Language Parser." There's a Password Rules language that's both human and machine readable which allows said rules to be concisely written and read by password management systems.
There's a system with which developers can craft new rules and submit new rules. Users can also user the Password Rules Validation Tool to test the validity of each rule before submission.
This resource also includes a list of websites that adhere to this password management credential backend. This is somewhat like what you'll see on your phone or web browser where once you've used a name, address, and other details in signing up for one website, you might get the same suggestions for text fields in another.
When reported today, June 5, 2020, the credential backends list of websites included the following brands and groups (among others):
• Apple
• iCloud.com
• Comcast
• Xfinity
• Docusign
• United Airlines
• AT&T
• FourLeaf
• Amcrest Cloud (and View)
• Boudin Bakery and Catering
• Citi
• Tesla
• Disney
• Gogo internet
• Marriott
• Dropbox
• Square
• Microsoft
• Yahoo
• Verizon
• Amazon
• Capital One
• Dish
• Dow Jones
• SteamPowered.com and SteamCommunity.com
• eBay
• Wilson
• Skype
• Wayfair
NOTE: This is just a partial list of the companies that have already integrated with this Shared Credential Backends system.
If you're reading this as someone who does not develop apps, much less make your own password management systems, it's still good news. The Password Manager Resources open source project will (potentially) make it easier for password manager app creators to improve what they've made already. Unlike a growth model by competition, the open source model here allows advancement by way of global community collaboration.