Beware! iOS 12 is storing your password in plain text! Here’s what you should do.

First of all, don’t panic. And don’t be alarmed yet. I would like to raise awareness to you so that you don’t be the victim!

This is happening not only on iOS 12, but also on previous iOS before iOS 12 and likely to future iOS as well.

For other iOS related news, tweaks, tips and tricks, do check here.

Since iOS 7, Apple has introduced iCloud Keychain to iOS. In case you don’t know, iCloud Keychain is basically a storage or placeholder to store any keys (read: passwords, passcodes including your usernames) that you trust Apple with iOS and iCloud to save them for you.

To be more clear, have you ever been prompted something like this and tap “Save Password”?

iCloud KeyChain Tap Save Password jilaxzone.com
Tap “Save Password” to save your password under iCloud KeyChain

If yes, then that means iOS has been keeping your password on its iCloud Keychain.

And the next time you are visiting the same website or using the same app, during authentication/login process, iOS will offer you to use the stored password like what you see below. All you need to do is just tap on the “Password” and iOS will do the rest for you. Super convenient is it?

iCloud KeyChain stored Password for app jilaxzone.com
Tap “Password” to retrieve your password stored on iCloud KeyChain – you don’t need to key-in yourself

Well, convenient normally comes with a price. So does all the passwords saved under iCloud Keychain. As it turns out, all your passwords or passcodes are stored in plain text.

iOS 12 stored Password in plain text. How could that be?

Prove it yourself that they are stored in plain text.

These steps below are done on iOS 12, for other version of iOS, the steps might be slightly different.

iCloud Keychain Settings Password and Accounts jilaxzone.com
To see your iCloud KeyChain stored passwords, go to Settings then Passwords & Accounts

1) Go to Settings then scroll down until you find “Passwords & Accounts”.

2) Tap on “Password & Accounts”.

iCloud Keychain Website and App Passwords jilaxzone.com
Tap on “Website & App Passwords” to see all of your stored passwords

3) Find “Website & App Passwords”. The number shown next to it, is the number of passwords you have saved inside the Apple iCloud Keychain.

4) Tap on “Website & App Passwords” to continue.

5) If prompted to do Face ID or Touch ID to authenticate, do so.

iCloud Keychain Saved Passwords jilaxzone.com
Here you can find all of your stored passwords – they are all in plain texts!

6) Once authenticated and inside, depends on how many passwords stored inside, you’ll see the list of them. Tap on one of them.

iCloud Keychain password stored in plain text jilaxzone.com
There you go, your password stored in plain text. Totally visible. No encryption. No masking!

7. Surprise?! Yes, that’s your password, stored in plain text!

 


Find other awesome articles, tips, tricks related to Life and Tech, iOS and Android quick review on:

https://jilaxzone.com


 

Don’t worry, they are safe!

Now like I said earlier, please don’t get alarmed first and don’t jump panicking. In fact, similar iCloud KeyChain feature found on other programs/apps are doing the same. For example Google Chrome Browser for Desktop. It also has the save password feature and once authenticated, the browser will show your password in plain text. The difference is that, using iPhone with Face ID or Touch ID, people can easily get access from you if you are not fully aware of what you are giving authentication to.

So those plain text passwords are going to be safe as long as you practice this: never give your face or fingerprint to other people to open your iPhone via Face ID or Touch ID.

At least if they are borrowing your iPhone or iOS device (E.g.: your kid would like to play with it) and ask you to authenticate the device, make sure you see thoroughly what page it is showing and what kind of access they are asking for – making sure they are not trying to open “Website & App Passwords” section. Failure to do so will be catastrophic for you if they are really opening “Website & App Passwords” and you help them authenticate, since they shall know all of your stored plain-text passwords inside.

My recommendation

If the iOS device is a shared device, stay away from saving your password to iCloud Keychain. When either browser or app prompt you to “Save Password”, ignore it or choose “Not now” or “Never for this website”.

Do give your comments and thoughts down below on the comment section. Cheers!


For Life, Tech tips, iOS and Android Apps and Games quick review, do visit below:

https://jilaxzone.com/


Hi, thanks for reading my article. Since you are here and if you find this article is good and helping you in anyway, help me to spread the words by sharing this article to your family, friends, acquaintances so the benefits do not just stop at you, they will also get the same goodness and benefit from it.

Thank you!

3 thoughts on “Beware! iOS 12 is storing your password in plain text! Here’s what you should do.

  • April 29, 2022 at 6:02 am
    Permalink

    Your test does not prove they are “stored in plaintext”. It’s likely they’re stored in some kind of reversible encrypted format. Not only that, the title is intentionally misleading because it makes it sound like they’re storing your Apple ID password or PIN in plaintext or something. What total crap

    Reply
    • May 1, 2022 at 9:00 pm
      Permalink

      Hi Bobson,

      Thanks for your comment. Yes they are stored encrypted. However for someone who has access to your iPhone (E.g. Your spouse/kids/parents/friends) – either because you shared your iPhone PIN and/or you unlock your iPhone and let them borrow from you, they may access this setting and see all your stored passwords.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment moderation is enabled. Your comment may take some time to appear.