Inside iOS 12: Use Third-Party Password Managers to Simplify Logins


iOS 12 makes several changes to the way passwords are handled; see Glenn Fleishman’s “SMS Text Message Login Codes Autofill in iOS 12 and Mojave, but Remain Insecure,” 4 October 2018). My favorite addition to iOS 12 is support for using third-party password managers in login situations that were previously accessible only to iCloud Keychain. In case you haven’t tried this capability yet, I’d like to show you what it’s all about and why it’s so delightful.

The Old Way

Back in the dark ages (before last month), the only way to use a third-party password manager to log in to a Web site in Safari or other browsers was by way of a Share sheet extension. Once you had enabled the extension, the process was to visit a page in your browser containing a login form, tap the Share icon, tap the icon for your password manager, unlock the password manager, tap the login item you wanted to use, and then (once you were returned to your browser), submit the form. That was a lot of cumbersome steps—enough that many people just used iCloud Keychain from within Safari instead because it required none of these extra steps.

To refresh your memory, iCloud Keychain vastly simplified this entire process by, when you tapped the username field of a login form, providing single-tap access to the username and then the password in the QuickType bar above the keyboard.

Now, iCloud Keychain isn’t terrible, but it’s neither as secure nor as flexible as I prefer. And, of course, it doesn’t sync with non-Apple platforms. So if you, like me, prefer to use a third-party password manager like 1Password or LastPass, you’ll be happy to know that iOS 12 requires far fewer steps to access your data there—and it makes that data available in virtually all apps, not just Web browsers.

Coming into the Light

Before you can make use of iOS 12’s new password manager integration, you have to tell iOS which one you want to use. Go to Settings > Passwords & Accounts > AutoFill Passwords. Make sure the AutoFill Passwords switch at the top is turned on. Then tap an item in the Allow Filling From list to enable or disable it.

AutoFill Password choices.iCloud Keychain is always the first item, followed by any other installed password managers that support this feature are listed afterward. So far, compatible apps I’ve found include 1Password, Bitwarden, Dashlane, Enpass, Keeper, LastPass, RoboForm, and Zoho Vault. There may be others, and more will surely follow.

You may be wondering whether you should leave iCloud Keychain selected in addition to your third-party password manager. (You can select only one third-party password manager, in addition to iCloud Keychain, at a time.) It’s up to you, but I found that having both iCloud Keychain and another password manager selected sometimes led to confusion, so I suggest that you make sure all your important passwords are in your favorite password manager, and then have only that one—not iCloud Keychain—selected as an AutoFill source.

I should point out here that deselecting iCloud Keychain in this list does not disable iCloud Keychain! It’s still active, and it still works behind the scenes to supply credentials for Wi-Fi networks, Mail, Messages, and so on. The AutoFill setting determines only whether browsers and other apps that display login forms may look into iCloud Keychain for their data.

The new AutoFill Procedure

That one-time setup behind you, the steps to fill in credentials on a Web site are blissfully simple:

  1. Tap in the username or password field.
  2. iOS 12 looks in whichever password manager(s) you have selected, and if it finds a likely match, it displays it in the middle of your QuickType bar—or, if the QuickType bar isn’t showing, in a popover at the bottom of the screen. (On rare occasions, it may display more than one option.) If you see the one you want, tap it, unlock your password manager if necessary (using your password, Touch ID, or Face ID), and iOS fills in your credentials.
  3. Tap the Submit button.

Logging in with iOS AutoFill.But what if, in step 2, iOS 12 does not suggest the credentials you want? No problem; tap the key icon on the QuickType bar or at the bottom of the screen. (The key icon appears by itself if there’s a suggested password; if not, it includes the label Passwords.) A popover appears listing other potential matches, if any; you can tap any of these to fill them in.

Choosing a saved password.If that list still doesn’t contain what you’re looking for, tap the name of your password manager, unlock it, and locate the desired credentials there. Tap them to return to your browser and fill in the form.

Beyond the Browser

Web browsers may be the most common places to enter usernames and passwords, but lots of other apps require logins too. Think, for example, of the Dropbox app, Instapaper, Tweetbot, or an app supplied by your bank. These and countless other cases used to require switching back and forth between the app and your password manager to copy and paste your credentials. But in iOS 12, both iCloud Keychain and third-party password managers are available in nearly any app that uses passwords.

Unfortunately, no matter where you store your passwords, iOS 12 has no way to know which accounts go with which app. So, after tapping the key icon on an app’s login screen and tapping your password manager of choice, you’ll have to manually search for the desired account—it’s not quite as smooth a procedure as logging in to a Web site. I also found on numerous occasions that once back in the app, I had to tap in the username or password field before iOS 12 would fill in the credentials.

Furthermore, if you’re setting up a new account from within an app, iOS 12 provides no mechanism whereby a third-party password manager can generate a suggested password and fill it in for you—unless the app displays a 1Password icon in its username or password field, meaning that it supports the old-style 1Password App Extension (which other password managers can also use).

A Web site that supports the 1Password app extension.But Now, the Bad News

As great as this new password manager support is, it would be overstating the case to say that Apple has allowed third-party password managers to work entirely on par with iCloud Keychain. Some processes still require numerous cumbersome steps—and don’t get rid of that Share sheet extension just yet!

First, this new mechanism is for usernames and passwords only. It can’t be used to autofill other data that your password manager might store (such as credit card numbers, addresses, and phone numbers) and that would be available via a browser extension on a Mac or PC. You can still fill in that sort of data using the Share sheet extension.

Second, this autofill capability is one-way: it sends data from your password manager to your browser (or other app), but it can’t gather data from the browser and send it back to a third-party password manager. (In contrast, iCloud Keychain can autosave credentials as you submit them.) That means if you’re filling in a Web form with credentials that aren’t already stored in your password manager, the act of submitting the form won’t trigger the password manager to store them, as typically happens in desktop operating systems. Here are the steps you’d follow to save a new password this in 1Password (other password managers may differ slightly):

  1. Tap the password field.
  2. Tap the key icon.
  3. Tap 1Password.
  4. Unlock 1Password (using a password, Touch ID, or Face ID).
  5. Tap Create Login.
  6. Enter your username.
  7. Tap Generate New Password.
  8. Tap Save & Fill.

The same is true if you’re changing a password on a Web site. If you need a new password, you’ll want your password manager to generate it; then you’ll want to enter it on the site and store it in your password manager. With a desktop browser extension, this whole process is quick and easy (and Dashlane and LastPass make it extra easy for a limited number of sites, basically automating the whole procedure with just a couple of clicks). But because in iOS 12 your browser won’t send data back to your password manager, you’re stuck performing a multi-step process similar to the one above (or using the Share sheet extension, just as you would have done prior to iOS 12).

Postscript: Updates in Progress

Because both Apple and third-party password manager developers have been hard at work adding features and polishing their user interfaces, my two password-related books (Take Control of Your Passwords and Take Control of 1Password), as well as my Wirecutter article about password managers, are all in need of revision. I’m working on all of the above (while also juggling an absurd number of other projects) and hope to have updates available soon.

from TidBITS https://tidbits.com/2018/10/24/inside-ios-12-use-third-party-password-managers-to-simplify-logins/