Apple has created a new open source project to help developers of password managers collaborate to create strong passwords that are compatible with popular websites.
The Password Manager Resources open source project allows you to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords.
The project also contains collections of websites known to share a sign-in system, links to websites’ pages where users change passwords, and more.
Apple states that the Password Manager Resources project exists so creators of password managers can collaborate on resources to make password management better for users. Resources currently consist of data, or “quirks”, as well as code.
“Quirk” is a term from web browser development which refers a website-specific, hard-coded behavior to work around an issue with a website that can’t be fixed in a principled, universal way. In this project, it has the same meaning.
Although ideally the industry will work to eliminate the need for all of the quirks in this project, there’s value in customizing behaviors to ensure a better user experience. The current quirks are:
- Password Rules: Rules to generate compatible passwords with websites’ particular requirements.
- Websites with Shared Credential Backends: Groups of websites known to use the same credential backend, which can be use to enhance suggested credentials to sign into websites.
- Change Password URLs: To drive adoption of strong passwords, it’s useful to be able to take users directly to websites’ change password pages.
Having password managers collaborate on these resources has three high-level benefits:
- By sharing resources, all password managers can improve their quality with less work than it’d take for any individual password manager to achieve the same effect.
- By publicly documenting website-specific behaviors, password managers can offer an incentive for websites to use standards or emerging standards to improve their compatibility with password managers; it’s no fun to be called out on a list!
- By improving the quality of password managers, we improve user trust in them as a concept, which benefits everyone.
Developers can contribute either by raising compatibility issues with a website, researching and documenting what the right data for a quirk might be, and/or submitting a pull request to add a quirk.
You can raise an issue at the repository’s issues page. If you’ve done some investigation into a service’s behavior, you can document it on an existing issue for that problem. If you’d like to submit a pull request, there are some additional special considerations for each type of quirk, detailed below.
The source is available to download now on Github.
