Your device can securely store your saved account information such as your passwords, passkeys, one-time passwords, and associated user names or email addresses. When you are prompted to enter your account information, such as in an app or within a website, your device may automatically help you enter your information. Your account information is encrypted on your device, and cannot be viewed by Apple.

Your device may suggest actions for you to take to improve the strength of your passwords. For example, your device may inform you that a saved password is weak, is reused across multiple accounts, or is a commonly used password. These suggestions are based solely on processing that occurs on your device.

Your device may also inform you of passwords that may have been compromised in a data leak. This feature uses strong cryptographic techniques to regularly check derivations of your passwords against a list of leaked passwords in a secure and private way that doesn’t reveal to Apple your accounts or passwords. Apple will send to your device a list of common passwords that are present in data leaks. For your passwords that are not in this list, your device will send information calculated from your passwords to Apple to check if the passwords may be present in a data leak. You will be warned about your passwords determined to possibly be in a data leak. Your actual passwords are never shared with Apple, and Apple does not store the information calculated from your passwords. You can disable this feature at any time by going to Settings > Passwords > Security Recommendations.

If you have iCloud Passwords & Keychain enabled, you can share passwords, passkeys, one-time passwords, and associated information with others, including groups. Anyone you share an entry with will be able to modify or delete the entry. Deleted entries can be recovered by going to Settings > Passwords > Recently Deleted for up to 30 days, unless removed earlier. When someone joins a group, they will have access to all entries shared to the group. When someone leaves a group, they keep any entries they shared with the group, but lose access to entries shared by others in that group. Sharing of entries is end-to-end encrypted, and Apple cannot view the entries you share.

Your device may display an icon next to an entry. If the entry is related to a website, the icon may be obtained from that site by downloading the icon using two separate relays operated by different entities. The first knows your IP address, but not the icon your device downloads. The second knows the icon you are downloading, but not your IP address, instead providing a generalized identity to the destination. This way, no single entity has the information to identify both you and the icons you download.

At all times, information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy

Published Date: September 18, 2023