Keychain Access should be more pro-active in helping users avoid password re-use
| Originator: | signwave | ||
| Number: | rdar://33263596 | Date Originated: | July 12 2017 |
| Status: | Open | Resolved: | |
| Product: | macOS + SDK | Product Version: | 10.12.5 (16F73) |
| Classification: | Suggestion | Reproducible: |
Area: Something not on this list Summary: Keychain Access should be able to scan all stored passwords and highlight those entries that have the same password. It doesn't need to reveal the password (that can be done on an individual basis as a user double-clicks and authenticates, as currently). However, there is no reason why it shouldn't help users avoid re-using passwords, especially for legacy or third-party accounts. I've had my eBay account for about 15 years, but I can't remember what other web site I might have used the same password for it. If I am to effectively ensure I don't re-use a password on any of these legacy accounts (I have thousands!) then why should I have to go through each entry and double-click/authenticate one at a time just to achieve this? Steps to Reproduce: Collect hundreds, if not thousands of logins in your Keychain. Spend years doing it. Now realising you need to go back and ensure you've got better security, try to build a list of accounts stored in Keychain Access that might share the same password. Expected Results: This would be great: In Keychain Access, go to a simple menu item "Check for duplicate passwords..." and wait for it to report which accounts I need to change passwords on. Observed Results: This is reality: Double click each entry in Keychain Access, tick the Reveal box, type your password to authenticate, take a note of the password shown. Record it, and the details of the account, somewhere else so you can tabulate all your actual passwords (whilst maintaining a good level of security over that place where you're collecting this information). Hope that you can use some form of tool to find duplicates in that list (Excel could sort the list by password, BBEdit could perform a regex sort on password, or even find duplicate lines, some shell script could possibly do this too). Version: 10.12.5 (16F73) Notes: Please help your users help themselves to be more secure! This 2012 article from zdnet talks about this problem with Keychain Access...http://www.zdnet.com/article/checking-for-password-duplication-in-keychain-access-and-1password/ - things really should have stepped up a level by 2017!
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Apple Developer Relations - DUPLICATE OF 19439187 (OPEN)
Engineering has determined that your bug report is a duplicate of another issue and will be closed. The open or closed status of the original report your bug was duplicated to appears in a text box within the bug detail section of the bug reporter user interface. For security and privacy reasons, we don't provide access to the original bug yours was duped to. If you have any questions or concerns, please update your report directly at this link:https://bugreport.apple.com/.