What to know

  • Find compromised passwords and weak passwords from the Passwords app > Security.
  • You can also open the ‘All’ section and look for accounts that require your attention (with exclamation marks).
  • Make sure to change passwords that are marked as compromised, weak, or re-used. 

No matter the nature of your online accounts and the data therein, your passwords must be strong, complex, and unique if you want them to be invulnerable to data leaks. But even in the age of password managers, many users still set passwords that are easy to remember – and thus, easy to guess.

In iOS 18, setting strong passwords and checking their security status is easier than ever. So if you think you may have weak passwords that could be compromised in a data breach, here’s how to go about finding and addressing it. 

How to find leaked/compromised passwords and weak passwords on the Passwords app in iOS 18

  • Required: iOS 18 update

iOS 18 has a standalone Passwords app that lets you view and access your accounts and password information saved on iCloud Keychain. You can easily check the status of your passwords via the app. Here’s how:

  1. Open the Passwords app on your iPhone.
  2. Tap on Security. Here, you’ll see all the account and password information that require your attention.
  3. Alternatively, tap on All and see if there’s an exclamation mark next to your accounts.

Depending on the seriousness of the issue, you’ll see the account highlighted in red or grey. Here’s what each of these issues mean: 

  • Compromised password: These are passwords that have been detected in data breaches. The passwords are marked as ‘compromised’ or ‘leaked’ by Apple’s Password Monitoring feature if they match “a continuously updated curated list of passwords known to have been exposed in leaks from different online organizations“.  
  • Weak or easily guessed password: These are passwords that follow common patterns, words, or phrases that barely satisfy the minimum requirements and can be easily guessed by attackers. 
  • Re-used password: These are passwords that are common among multiple accounts.

What to do when you have weak or compromised passwords?

The first thing to do with compromised passwords is to change them right away. So tap on the security recommendation and select Change Password… You’ll then be taken to the app or website to change the password.  

For weak passwords, you can simply get the Passwords app to suggest a stronger, more complex password. Alternatively, you can set a stronger password yourself. 

When you have re-used passwords, all those accounts with the same password will be flagged as such. So make sure to change the password for all of them except one.  

Should you be worried if your passwords are compromised?

It can be scary to see your passwords and, by extension, your account compromised. But as long as you change the password and make sure that it’s a strong one, you don’t need to fret over it. We’d recommend using iCloud Keychain to generate a stronger password. Also make sure not to use the same password for multiple websites. You can also set up a verification code for additional security. 

Strong passwords are easy to generate and save with the Passwords app in iOS 18. So use the functionalities available to you and make sure to check the ‘Security’ section every now and then to check if any of your passwords have been compromised. Until next time! Stay safe.