Table of Contents
If you recently updated your iPhone and noticed a new app called Passwords on your home screen, you are not alone. Millions of people discovered the app the same way – an unfamiliar icon appearing after an iOS update, with no explanation of what it does or where it came from. The short answer is that Apple took the password management features that were previously buried in Settings and gave them a dedicated app. The longer answer involves encryption, syncing, AutoFill, passkeys, and a set of design decisions that make the app both impressively capable and notably limited. This article explains how all of it works, step by step, within the broader context of the Apple ecosystem and its approach to keeping your credentials secure.
What Is the Passwords App?
Apple introduced the Passwords app as a standalone application with iOS 18 and macOS Sequoia in late 2024. Before this, iPhone and Mac users managed their saved passwords through a section buried inside Settings – specifically Settings > Passwords on iPhone or System Settings > Passwords on Mac. Most people never found it, and many did not know Apple was saving their passwords at all.
The new app gives those same features a visible home. When you open Passwords, you see all the login credentials your device has saved over the years: website usernames and passwords, Wi-Fi network passwords, passkeys, verification codes, and any credentials shared with family members. The app is not a new technology. It is a new front end for iCloud Keychain, the password storage and sync service Apple has operated since iOS 7 in 2013.
Think of it this way: iCloud Keychain is the engine. The Passwords app is the dashboard. The engine has been running in the background for years, saving your Safari passwords and filling them in automatically. The dashboard is what finally lets you see and manage everything the engine has been doing.
How Passwords Are Stored
Understanding where your passwords actually live – and how they are protected – is the foundation of understanding how the app works.
Encryption at Rest
Every credential stored in Apple Passwords is encrypted using AES-256, the same encryption standard used by governments, banks, and military organizations worldwide. When a password is saved, it is encrypted before it is written to your device’s storage. The raw data on your device’s flash storage is unreadable without the correct decryption key.
AES-256 has no known practical vulnerabilities. The number of possible key combinations is so large that brute-forcing the encryption would take longer than the age of the universe, even with every computer on Earth working simultaneously. Your passwords are not stored in a readable text file somewhere on your phone. They are stored as encrypted data that is mathematically infeasible to decode without the key.
The Secure Enclave
The encryption keys that protect your passwords are not stored in regular memory where software could potentially access them. Apple devices contain a dedicated hardware chip called the Secure Enclave – a physically separate processor with its own isolated memory. The Secure Enclave generates encryption keys, stores them, and performs cryptographic operations in an environment that is walled off from the rest of the device.
When you unlock the Passwords app with Face ID, the biometric comparison happens entirely within the Secure Enclave. Your face or fingerprint data never leaves this secure hardware. Even if the main operating system were compromised by malware, the Secure Enclave remains isolated. This hardware-based protection is fundamentally stronger than software-only encryption, because the keys exist in a place that software cannot reach.
Your Device Passcode Is the Master Key
Here is the critical detail: your device passcode is the ultimate key to your passwords. Face ID and Touch ID are convenient shortcuts, but they are backed by your passcode. If someone knows your six-digit code or alphanumeric passcode, they can open the Passwords app and see everything inside. There is no separate master password for the Passwords app – it uses whatever passcode you set for your device.
This design choice prioritizes simplicity. You do not have to remember a separate password for your password manager. But it also means that the strength of your device passcode directly determines the security of every password stored inside the app.
How AutoFill Works
Storing passwords is only half the job. The other half is filling them in when you need them, automatically and securely. This is where AutoFill comes in, and it is probably the feature you interact with most – even if you did not realize Apple Passwords was behind it.
AutoFill on iPhone and iPad
When you tap a login field on a website in Safari or inside a native app, iOS recognizes the field as a credential input. It checks your configured password manager for matching credentials and displays them in the QuickType bar – the strip that appears above the keyboard. A small key icon and the website name appear, and tapping the suggestion triggers Face ID or Touch ID authentication. Once you authenticate, the username and password fill automatically.
This system-wide integration means AutoFill works in Safari, in Chrome, in native apps, and in any app that properly marks its login fields. You do not need to copy and paste from a separate app. The credentials appear right where you need them, authenticated by your face or fingerprint, in about one second.
When you create a new account on a website, iOS detects the new password field and offers to generate a strong password for you. If you accept, the generated password is saved to Apple Passwords and associated with that website. The next time you visit, AutoFill offers it automatically.
AutoFill on Mac
On Mac, AutoFill works natively in Safari. When you click a login field, Safari offers matching credentials from your Passwords database. Touch ID on MacBooks authenticates the fill, or you can enter your user password on Macs without Touch ID.
For other browsers on Mac, Apple provides the iCloud Passwords extension for Chrome and, more recently, for other Chromium-based browsers. Firefox users do not have an official Apple extension. The browser extension experience is functional but not as seamless as Safari’s native integration – it requires enabling the extension, and AutoFill may occasionally need manual triggering.
For a detailed guide on how AutoFill works across every scenario on iPhone, including troubleshooting, see our complete AutoFill guide.
How iCloud Keychain Sync Works
If you use Apple Passwords on your iPhone, your iPad, and your Mac, the same credentials appear on all three. This happens through iCloud Keychain, Apple’s sync service for credential data.
End-to-End Encryption
iCloud Keychain uses end-to-end encryption for syncing. This means your passwords are encrypted on your device before they leave it, travel to Apple’s servers in encrypted form, and are decrypted only on your other Apple devices. Apple’s servers relay the encrypted data but cannot read it. Apple does not possess the decryption keys. Even if Apple’s servers were breached, or if Apple received a court order demanding your passwords, the company could not comply – they simply do not have the ability to decrypt your data.
This is a meaningful security guarantee. It means you are trusting Apple’s devices and software to encrypt correctly, but you are not trusting Apple’s servers or employees with access to your actual passwords.
How Devices Establish Trust
When you add a new Apple device to your account, it must be approved before it can receive your Keychain data. This approval happens through your existing devices – you confirm the new device by entering a verification code on a device you already trust. This prevents someone who compromises your Apple ID password from simply adding a new device and downloading all your passwords.
Each device in your iCloud Keychain circle has its own encryption keys. When you save a new password on your iPhone, the data is encrypted individually for each of your other devices using their respective keys, then uploaded to iCloud. Each device can only decrypt the data encrypted specifically for it. This per-device encryption model means there is no single key that unlocks everything – compromising one device does not automatically compromise the keys for your other devices.
What Syncs
iCloud Keychain syncs website and app login credentials, Wi-Fi passwords, passkeys, verification codes (TOTP), credit card information stored in Safari, and shared group passwords. All of this data is covered by the end-to-end encryption described above.
Passkeys
Passkeys are the most significant change to how logins work in years, and Apple Passwords has first-class support for them.
A passkey replaces your username and password with a cryptographic key pair. When you create an account on a website that supports passkeys, your device generates two keys: a private key that stays on your device (stored in the Passwords app, protected by the Secure Enclave) and a public key that the website keeps. When you log in, your device proves it holds the private key without ever sending that key to the website. Face ID or Touch ID authenticates the process.
The practical result is that you log in by looking at your phone or touching the sensor. There is no password to type, no password to remember, no password to be phished or stolen in a data breach. The private key never leaves your device or iCloud Keychain’s end-to-end encrypted sync.
Apple Passwords stores and syncs passkeys alongside traditional passwords. When a website supports passkeys, the Passwords app shows the passkey alongside any existing password for that site. AutoFill prioritizes passkeys when they are available, but falls back to passwords when they are not.
Passkey adoption is growing but still limited. Most websites still use traditional passwords, and many will for years to come. Apple Passwords handles both, so you do not need to choose one approach exclusively.
Password Sharing
Starting with iOS 17, Apple introduced shared password groups. This feature lets you create a group, invite family members or trusted contacts, and share specific passwords with everyone in the group.
Each participant can view, add, edit, and delete passwords in the shared group. Changes sync automatically to all members through iCloud Keychain. This is designed for household scenarios: sharing the Netflix login, the Wi-Fi password for the house, the alarm system code, or the shared utility account credentials.
To create a shared group, open the Passwords app, tap the plus icon, and select “New Shared Group.” Add the people you want to share with (they must have Apple devices and recent OS versions), then move existing passwords into the group or create new ones directly inside it.
The limitation is that sharing is Apple-only. Every participant must have an iPhone, iPad, or Mac running a compatible OS version. You cannot share passwords with someone on Android or Windows through this feature.
Security Recommendations
The Passwords app actively monitors your credentials for common security problems. Open the app and look for the Security section (shown as a warning icon) to see what it flags.
Compromised Passwords
Apple checks your saved passwords against known data breach databases. If a password you use appeared in a public data breach – even if the breach was at a different service – the Passwords app flags it. This matters because attackers routinely take credentials from one breach and try them on other services (credential stuffing). A password exposed in a LinkedIn breach could be used to access your bank account if you reused it.
Reused Passwords
If you use the same password for multiple websites, the app flags every instance. Reusing passwords is the single most dangerous common password habit, because one breach compromises every account that shares that password.
Weak Passwords
Short passwords, common words, simple patterns, and other weak passwords get flagged with a recommendation to change them.
What to Do About Alerts
For each flagged credential, the Passwords app provides a “Change Password” link that takes you directly to the website. You can then update the password and save the new one. The goal is to replace every flagged password with a unique, randomly generated strong password – and the app will generate one for you when you are on the site’s password change page.
Verification Codes (TOTP)
Starting with iOS 15, Apple Passwords can store time-based one-time passwords (TOTP) – the six-digit codes that change every 30 seconds, commonly used as a second authentication factor. When you set up two-factor authentication on a website, instead of using a separate authenticator app like Google Authenticator or Authy, you can store the TOTP secret directly in Apple Passwords.
To set this up, open the credential for the relevant website in the Passwords app, tap “Set Up Verification Code,” and either scan the QR code the website provides or enter the setup key manually. Once configured, verification codes appear alongside the credential and AutoFill automatically when the website asks for them.
This is convenient because it keeps your password and your second factor in the same place. You do not need to switch to a separate authenticator app to copy a code. AutoFill handles the entire login – password first, then verification code – in one flow.
The TOTP implementation is basic but functional. It handles the standard use case of website two-factor authentication. It does not offer advanced features like organizing codes independently, exporting TOTP secrets, or managing codes for non-web services like SSH or API access.
What Apple Passwords Cannot Do
Understanding the app’s limitations is as important as understanding its features, especially if you are deciding whether it meets your needs or whether you need something more capable.
Limited Organization
Apple Passwords shows your credentials in a flat list with search and a handful of automatic categories: All, Passkeys, Codes, Wi-Fi, and Security. There are no user-created folders, no nested groups, no tags, and no custom categories. If you have two hundred or three hundred passwords – which is typical for anyone who has been online for more than a decade – navigating the flat list becomes tedious. You cannot separate work credentials from personal ones, group all your financial accounts together, or create a project-specific collection.
No Cross-Platform Access
Apple Passwords works on iPhone, iPad, and Mac. There is a basic iCloud Passwords extension for Chrome on Windows, but it is limited. There is no Android app, no Linux client, and no web vault you can access from any browser. If you ever need your passwords on a non-Apple device – a work Windows laptop, an Android tablet, a Linux development machine – you are out of luck. For a deeper look at these limitations, see our analysis of why iCloud Keychain is not enough.
No KeePass or Standard Format Export
The Passwords app can export your credentials as a CSV file, but CSV is a plaintext format. Every password in the export is readable by anyone who opens the file. There is no encrypted export option and no export to the KDBX format used by KeePass-compatible applications. This matters because data portability is a form of security – if you cannot move your credentials to another tool in a secure, lossless format, you are locked into Apple’s ecosystem.
Apps like PanicVault use the KDBX format, which means your vault file works with KeePassXC on Mac or Linux, KeePass on Windows, KeePassDX on Android, or any other compatible application. Your data is never locked to a single vendor.
No Secure Notes or File Attachments
Apple Passwords stores login credentials, Wi-Fi passwords, passkeys, and verification codes. It does not support standalone secure notes – text entries that exist independently of a login credential. You cannot store your software license keys, insurance policy numbers, cryptocurrency recovery phrases, or any other sensitive text that is not a website login. Similarly, you cannot attach files to entries: no scanned passport copies, no PDF recovery keys, no SSH key files.
No Advanced TOTP Management
The verification code feature covers basic website two-factor authentication, but it lacks the depth of a dedicated TOTP manager. You cannot organize codes independently from their associated credentials, export TOTP secrets for backup, or generate codes for non-web services. If your workflow involves TOTP codes for SSH servers, API services, development environments, or infrastructure management, the built-in implementation may not be sufficient.
No Independent Vault Lock
Apple Passwords uses your device passcode and biometrics to control access. There is no option to set a separate master password for the Passwords app that is independent of your device lock. This means anyone who knows your device passcode – a family member, a coworker who saw you type it, a thief who watched over your shoulder – can open the app and access every stored password. Dedicated password managers, including every KeePass-compatible app, use an independent master password (and optionally a key file) that is separate from your device passcode.
No Standalone Password History
When you change a password, the previous version is not retained in a visible history. Dedicated managers typically keep a full history of every password change for each entry, which can be invaluable if you need to recover an older credential or verify when a password was last rotated.
When Apple Passwords Is the Right Choice
For many people, Apple Passwords is genuinely sufficient. If you use only Apple devices, your primary need is website logins and Wi-Fi passwords, you use a strong device passcode, and you do not need advanced organization or cross-platform access, the app provides strong encryption, seamless AutoFill, and zero-configuration convenience. It is vastly better than no password manager, and for users who were previously reusing the same three passwords everywhere, it represents a transformative security improvement.
The app also serves well as a starting point. It gets you into the habit of using unique, strong passwords for every account. You learn to trust AutoFill instead of typing passwords from memory. You start using verification codes for two-factor authentication. These habits transfer directly to a more full-featured manager if you eventually need one.
When You Need More
The transition from Apple Passwords to a dedicated manager typically happens when you hit one of the boundaries described above. You get a Windows laptop for work and cannot access your passwords on it. Your vault grows to hundreds of entries and the flat list becomes unmanageable. You want to store secure notes or attach documents to entries. You want your vault protected by a master password that is separate from your device passcode.
PanicVault is designed for exactly this transition. It gives you the Apple-native experience you are already used to – Face ID, Touch ID, iCloud Drive sync, system-wide AutoFill – while removing the limitations. Your credentials live in a KDBX database file that you own and control. You get folders, groups, custom fields, TOTP management, file attachments, and a vault lock independent of your device passcode. And because the KDBX format is open and widely supported, your data works with compatible apps on every platform, on your terms.
Whether you stay with Apple Passwords or move to something more capable, the important thing is that you are using a password manager at all. Every credential protected by a unique, strong password is one less vulnerability in your digital life.
