Apple iCloud KeyChain Web Developers Best Practice Guide

Apple’s password manager (iCloud KeyChain for Safari) may not be the best password manager but that’s completely irrelevant because by now it’s already the most popular, most widely adopted password manager in the World. It’s therefore important that you make sure your website is compatible with this piece of Apple technology. As a user of Apple’s Safari I’m increasingly shocked at the number of major websites that are not compatible with the Apple password manager.

Testing that your site works with Apples iCloud password manager will improve your User Experience (UX) and also improves your sites security.  In my experience people are much more likely to use a strong password if Safari picks the password for them.  In addition to this Safari generates a random strong password for each site, so the chances of a hack on one site being used to gain access to another are greatly reduced.

The key points to making your site compatible are:

  1. Make sure that testing your site against the Safari password manager is incorporated into your user acceptance test plans from now on.
  2. Make sure that testing includes your password change page and password recovery pages. Specifically make sure that when your user picks a new password that this gets saved away properly by Safari and is used next time they need to logon.
  3. Make sure that your site can accept the long complex passwords generated by Safari – currently 15 long containing upper and lower case and dashes.  For example:

    Apple Safari Web designers and developers password manager guidelines.
    The most frequent issue we encounter is that sites don’t allow the hyphen in passwords.

  4. Make sure that your website does not undermine this great security by then emailing out this strong password to the user/customer as part of their registration confirmation.
  5. Make sure that your website does not store passwords as clear text in its database. It should be using a one way hashing algorithm so that the password itself can never be retrieved.

If you discover any hints or tips for making your website work really well with Apple’s Safari / iCloud KeyChain password manager do please get in touch and leave a comment below.  We’ll be sure to update this blog post as we discover more about it.

Speak Your Mind

*