Apple passwords: This is the recipe for generated passwords
A senior software developer at Apple explains in a blog post how Apple generates passwords.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
They are 20 characters long and stand out due to two-syllable words and the uniform use of hyphens: In a blog post, the head of software development in Apple's Authentication Experience team, Ricky Mondello, provides an insight into exactly how these user-generated passwords are created and what Apple was thinking. With iOS 18, iPadOS 18 and macOS Sequoia, Apple is delivering the password function as a standalone system app for the first time.
First of all, Mondello confirms that two-syllable words are indeed used consistently. When making this decision, the Apple developers had in mind that users sometimes have to enter their passwords on unfamiliar keyboards and without the help of the autofill function. The syllable principle, paired with a pattern of consonant-vowel-consonant sequence, makes it easier to remember the password components, for example when reading them from the Passwords app and entering them on a device at the same time.
As many lower-case letters as possible
For this reason, lowercase letters dominate passwords, he explained at a security conference in Stockholm in 2018. This makes it easier to enter passwords with game controllers, for example, where it is not so easy to switch between lower and upper case.
When chatting about the password details, Mondello also revealed that Apple does not consider all possible characters to be consonants, but has defined exactly 19 characters as such. Six characters are considered to be vowels and are selected at random. In order to prevent the possibility of something naughty coming out of the fantasy terms, a comparison is made with an internal dictionary, which sorts out questionable words.
Secure, but also as simple as possible
Other key points of the 20-character passwords are that the hyphen is the only symbol used. There is also a single digit, which can appear in a total of five positions: before and after the hyphens and at the end of the password.
Videos by heise
According to Shannon entropy, a measure of the randomness or unpredictability of information, Apple's password scheme, which Mondello describes, is 71 bits. By comparison, anyone using "password" as a password only has a Shannon entropy of 2.75 bits –. The low value is influenced by its predictability, the repetition of the letter s and the exclusive use of lowercase letters, among other things. A password with 8 lower-case letters could theoretically reach up to 37.6 bits.
However, if you want to save yourself the hassle of memorizing passwords, you should look at passkeys, which are supported by more and more Internet services and Apple's password manager.
(mki)
