iOS offers a Security Recommendations feature that tells the users if their password has appeared in a data leak, can be easily guessed or reused.
After updating your iPhone or iPad to iOS 14 or later you may have noticed a new Security Recommendations feature that is found under the Passwords sections of the Settings app.
When you open the Security Recommendations section you might see alarming messages such as ‘This password has appeared in a data leak‘ or warnings such as the password you are using for an online account is an ‘Easily guessed password‘ or it is a ‘Reused password‘.
If you are getting these warnings, then don’t worry as in this article we will explain what these warnings mean and what you need to do in order to improve your online security and privacy.
What Is Security Recommendations feature on iPhone?
With iOS 14 and iPadOS 14 or later Apple has added a new Security Recommendations feature to the iCloud Keychain feature. This feature allows iCloud Keychain to securely check if the password you are using with an online account has been leaked online.
iPhone can monitor publicly available data leaks to check if one of your passwords have leaked in a data breach. If it detects a leak it will warn you about it, giving you the opportunity to change your password in time before someone tries to hack your account.
How to see which passwords are compromised?
You can check which of your passwords have been compromised by following these steps. Make sure your iOS device is running iOS 14 or iPadOS 14 or later.
- Go to Settings and tap on Passwords.
- Next tap on Security Recommendations.
High Priority Section
As soon as you access the Security Recommendations page you will see the High Priority heading. Under it you will find the name of the website, your user ID and the text that says “This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.”
Basically what this means is that the password you are using with your account has appeared in a data leak, which is publicly available on the dark web.
Although it does not necessarily mean that the password leak was for your specific password or for the account the warning is for.
This warning shows up even if the password leak was not specific to you, as it only checks if same password has leaked online. So if you are using password123 (terrible password by the way), and someone else’s account with this exact password leaks, you will also get a warning.
Nevertheless if you see this warning it is a good idea to immediately change your password for the account you are getting the warning for.
Other Recommendations: Reused Passwords and Easily Guessed Passwords
While “This password has appeared in a data leak” is the most alarming warning you can get, iPhone will also give you ‘Other Recommendations’ for Reused passwords and Easily Guessed Passwords.
What are Reused Passwords: iPhone will give you the Reused Passwords warning if it detects that you are using the same password with more than 1 accounts. For example, you might be using the same password for Gmail, iCloud and Facebook account. This is a major security concern and is not recommended even if the password you are using is deemed secure.
What are Easily Guessed Passwords: Easily guessed passwords are the passwords that can be easily guessed by a human or a brute force hacking device. Passwords that contain common words, sequential numbers etc are the ones considered to be Easily Guessed. A strong password and hard to guess password is always the one that is made up of random words or letters and contains combination of numbers, uppercase and lowercase letter, symbols etc.
What to do next
So you got the dreaded This password has appeared in a data leak warning or less severe but equally worrisome Reused Password or Easily Guessed Password warning on your iPhone, what should you do next? Well the answer is quite simple.
It is now time to change the password of the account you got warning for. You can do this by visiting the site on which your account exists. For example, if you got the warning for a Gmail account, then simply visit gmail.com in any web browser to change your account’s password.
iPhone also makes it easy to change the password by letting you visit the relevant website right within the Security Recommendations page. Simply tap on ‘Change Password on Website’ button below the warning and change your password from there.
When choosing a new password make sure it is hard to guess. iCloud Keychain is capable of recommending randomly generated strong passwords that are hard to hack, and it will store them in your iCloud Keychain account automatically.
If you want to use your own password make sure it consists of upper and lower case letters, numbers and symbols. You should also avoid using common words such as Apple, John, iPhone etc.
To further secure your account make sure you use Two-Factor Authentication or Two-Step Authentication. Most websites out there including popular services like Gmail offer these features and using them can make your account even more secure and resistant to hacking.
There you have it. In this article you learned about iOS 14’s new Security Recommendations feature and got tips on what do to when you are getting This Password has appeared in a data leak warning. We also talked about the Reused Password and Easily Guessed Password warning.
If you have any questions regarding this guide, then feel free to let us know in the comments below.
Are you working from home and are concerned about your online security? Read 10 Ways To Keep Data And Computer Secure (Work From Home Tips)