iCloud Keychain users might have seen this message about their passwords. If you have seen this, you may be a little (or more than a little) worried. What does this mean? Does someone have access to your accounts somewhere? Which ones and what should you do?
The message says: This password has appeared in a data breach, which puts this account at high risk of compromise. Likewise, you may also see a warning message saying “Compromised, reused password”.
See also: Keychain not working?
In this article, we will explain what it means to say that your password has appeared in a data leak, what you should do about it and how to prevent your passwords from being compromised in the future.
Keychain Passwords and your Security Recommendations
When you use iCloud Keychain, your passwords are saved and updated across your devices: iPhone, iPad, and Mac. To find information about your saved passwords on your iPhone, go to Settings > Passwords. Here you can change some of your Keychain settings and edit or delete passwords from Keychain. If there are any Security Recommendations, you will see a warning here. Tap to learn more about the warnings and which passwords are involved.
There are a few different warning messages you may see regarding your passwords. If there is anything “high risk” about one or more of your passwords, the warning messages will appear near the top of the page under High Priority. The most concerning is the one from the title of this article: This password has appeared in a data leak, …
Another message will tell you that you are reusing a password.
You can also see other password security messages under Other Recommendations. Here the messages you might see are: Reused password or Easily guessed password.
From the Security Recommendations page, you can tap on the message to see more information about your login credentials for that website. You will see your User Name, Password and the last date your password was modified.
What Should you Do?
For any of these password security issues, you should change your password. Your passwords should be unique (i.e. not reused), and should not be easy to guess.
The main issue that comes with reusing a password is that if your password is gathered in a data breach that affected one of your accounts, that password could be used by hackers to access other accounts where you have reused that same password.
Password that has Appeared in a Data Leak
You definitely need to change the passwords that have appeared in a data leak. If you see this message, your user ID and password have been compromised. This means that someone can use this information to gain access to your account.
You may be wondering how Apple finds out about these data leaks and knows that your info was involved. There are databases of user ID / password combinations that have been stolen from businesses and websites.
You can check if your passwords have been compromised on haveibeenpwned.com. This site collects information about data breaches. You can see which companies/websites have had data breaches, check your own passwords and set up notifications about future compromises to your accounts.
Password and Security Recommendations
One thing you can do to protect your account’s integrity is to use 2-factor authentication when available. For your passwords, they should be at least 12 characters long, unique, and not be made from real words. iCloud Keychain can generate strong, unique passwords for you.
For the passwords that show up in your iPhone’s Security Recommendations (Settings > Passwords > Security Recommendations), you can select Change Password on Website to change your password or tap on the account, then select Change Password on Website.