The Essential Guide to Using Apple's New Passwords App: Passkeys, 2FA, Sharing and More

How do you store the passwords for your favorite websites, your bank, smart devices and all the rest? You’ve no doubt got a raft of passwords to keep track of. It’s exhausting. We’re long past the time when you could use the same password across multiple services — and I hope your solution isn’t a list in your Notes app that anyone could read.

If you’re tired of password chaos, Apple’s new Passwords app can securely store the passwords and passkeys you use every day. Third-party apps such as 1Password and Bitwarden can also take on this role, but the dedicated Passwords app is native to the Apple ecosystem on the iPhone, iPad, Mac and Vision Pro.

Are you ready to tame your tangle of passwords? This guide covers the main features of the Passwords app and shows you how to easily access your critical information when you need it. It primarily covers Passwords from the point of view of the MacOS app, but the basics apply to the iPhone and iPad apps, too. 

For more of what you can find in iOS 18 and MacOS Sequoia, read how to get more from your iPhone with nine unique iOS 18 features and eight real-world uses for iPhone mirroring in iOS 18 and MacOS Sequoia.

The Passwords app is the best kind of feature facelift

If the Passwords app sounds familiar, that’s because storing passwords isn’t new to Apple’s operating systems. The app accesses a set of low-level Keychains that the operating systems use to store sensitive information such as credentials for websites and apps and security certificates.

Until now, this was difficult to access — you had to open the more technical Keychain Access app (which is still available) or dig into system settings or Safari’s preferences to find them.

The new Passwords app pulls all that data together into a simple interface that lets you add and edit passwords, generate automatic verification codes, create passkeys and share selected entries with other people. If you’ve used Apple’s Reminders app, the look and approach will be familiar. And if you enable iCloud Keychain (in Settings > [Your Name] > iCloud > Saved to iCloud > Passwords and Keychain), the encrypted data securely syncs to the Passwords app on each of your devices.

It runs as a standalone app and ties into Safari to autofill site passwords. You can also access your passwords from a menu bar item. If your preferred browser on the Mac is Chrome or a Chromium-based browser such as Opera, you can install the iCloud Passwords extension for Chrome; Apple doesn’t offer an official add-on for Firefox or DuckDuckGo, so be mindful of extensions that claim to work with iCloud Passwords.

Watch this: Apple’s MacOS Sequoia: The New Features You’ll Want to Try

04:20

How to save a new website password in Safari

Most of your passwords are likely for signing into websites such as your bank, online stores and other outlets. When you sign up for an account at a new site using Safari, Passwords prompts you to create a randomly generated secure password. Choose Use Strong Password, which creates a new entry in the app.

The Passwords app doesn’t need to be open for this to work, since it’s integrated at the system level.

How to create a new password in the Passwords app

The advantage of having a standalone Passwords app is to give you a better way to create and manage these passwords. While most of the time you’ll be prompted to create a new password, there will be times when you’ll need to manually do it.

1. Open the Passwords app and authenticate with your system password, Touch ID, Face ID or device passcode.
2. Click the + button or choose File > New Password.
3. Enter a title for the entry.
4. Type your user name in the User Name field (which could be an email address, depending on what the app or service requires).
5. Click the Password field and choose a secure password option that appears. You can also type directly into the field, but too often people use easily-guessed or repeated passwords — stick with the randomized ones the Passwords app is suggesting.
6. If you have any other information, such as recovery codes or details about an app purchase, enter those in the Notes field.
7. Click Save.

When you create a password using this method, there’s no Website field — Passwords leans heavily on the process of capturing login information when you’re using the site’s fields to sign up or log in. But you can add a link separately by clicking the Edit button in the entry you created and then typing or pasting the address in the Website field.

How to autofill your information using Passwords

The next time you return to a site and need to sign in, you’ll be prompted to use Passwords to autofill your stored information. Select the account that appears in the pop-up and then authenticate using Touch ID or Face ID, depending on your device.

If the autofill prompt doesn’t appear, go to the Passwords Menu Bar item and search for the site there. Select it and then click the User Name or Password fields (or one and then the other) to copy the content and paste it into your browser.

How to set up automatic verification codes

Having a secure password is just the first security step in this day and age. Many sites now recommend (or outright require) a two-factor authentication option as well. Sometimes this is the mobile number you use for texting to receive a one-time code that expires after a set amount of time. Or it could be an automatic verification code that randomizes every 30 seconds.

To set up 2FA on a site, sign in to it and access your account settings. Look for an option such as “Sign up for two-factor authentication” or similar. Enter your phone number or email address — the type depends on what the site is using — and send it. The site then sends a verification code in the method you supplied.

That might be all the site requires. The next time you sign in, you’ll be prompted to authenticate using that method, in which case you’ll get a new code.

The system can automatically delete a text message or email containing the code when you’re done with it — after all, that number combination will never work again. Go to System Settings > General > AutoFill & Passwords and turn on Verification Codes: Delete After Use.

There may also be another level of authentication that doesn’t rely on sometimes spotty SMS networks and email servers. The site may accept a continuously changing code that is tied to your account, which can be generated at filled in using the Passwords app. Here’s how to set that up:

1. In the two-factor authentication process, you’ll likely be given a QR code to set up a verification code. Control-click the code and choose Set Up Verification Code from the contextual menu.
2. In the Passwords app, which automatically opens, select the entry for that site.
3. Click Add Verification Code.

Return to Safari and click the field asking for the verification code. A Passwords pop-up will appear for you to authenticate by entering the current code. If that doesn’t appear, go to the Passwords app, click the Verification Code field and choose Copy Verification Code. Then paste it into the field in Safari.

The next time you log into that site, using Autofill will also apply the current verification code.

On the iPhone, the process is similar: When presented with a QR code, touch and hold it, and then choose Add Verification Code in “Passwords”.

What are passkeys and how do I use them?

What if I told you we could just forget about passwords altogether? No more requirements that a password include at least 12 characters and numbers and special characters, not be a password you’ve used previously and also reference your favorite movie genre as expressed in prime numbers.

That’s the promise of passkeys, a way of authenticating you using the secure hardware you’re already using. With a passkey in place, you can sign into a site or app using Face ID or Touch ID on your iPhone, iPad, Mac or Vision Pro — without typing a single character.

Setting up a passkey is similar to a 2FA method: Sign in to your account on a service that supports passkeys, view your account security settings and look for an option to create a passkey or security key. You’ll get a prompt to store the passkey using Touch ID or Face ID (depending on the device you’re using).

When you next sign in to that site, you won’t see a password field at all: it prompts you to use the passkey instead.

Not only are they more convenient, passkeys are also more secure. One of the biggest problems with passwords today isn’t the danger that someone will somehow break into your devices and steal yours — it’s the industrial-scale theft of thousands or millions of passwords from the companies you’ve created passwords for as a result of hackers breaking into those servers. That’s useful for sites such as Amazon, Shopify and Uber, for example, which contain valuable sensitive information about their customers and are frequent targets for hackers.

Share selected passwords in groups

Your passwords are private, but sometimes you need to share them with someone. For example, let’s say you and your spouse share a login to access a regular food delivery service. You can add the site’s login information to a shared group in Passwords so you both have access to it. If you need to change that password, it’s automatically updated in the Passwords app on their devices, too. And if you’re using a passkey on your devices, they can also login using a passkey that’s created for their devices, securely tied to their Apple Account.

Sharing passwords involves creating a new shared group and then adding passwords to it:

1. In the Passwords app, click the + button that appears when you move the pointer over Shared Groups, or choose File > New Shared Group.
2. Type a Group Name.
3. Click the Add People button and choose the person from your contacts. Repeat if you’re creating a group with several people.
4. Click Create.
5. In the next screen, search for (or scroll to locate) the password you want to share, and click the checkbox for it. Repeat for all of the passwords to share.
6. Click Move.
7. Optionally notify the other person by sending them a text message. Click Notify via Messages. Or click Not Now to not send a text — they will still see the group invitation in their Passwords app.

Share a single password with someone

One great new feature in Passwords is a handy way to share a Wi-Fi password without divulging the password itself: You show someone a QR code that grants them access.

You can also share a password with someone near you over AirDrop:

1. In the Passwords app, go to the password you want to share.
2. Click the Share button and authenticate to grant permission.
3. In the AirDrop window that appears, click the icon of the person near you.

When the other person accepts, the password is added to their Passwords app.

Import passwords from other services

What if you already use another password app, such as 1Password or Bitwarden? You can export your passwords into the Passwords app on the Mac. But there are a few caveats.

First, the Passwords app accepts only a CSV (comma-separated values) file, which is just a big unencrypted text file. Your current password tracker should be able to export the file, then go to File > Import Passwords in the Passwords app and select it.

Then, and this is crucial, remember to securely delete that CSV file so all your passwords aren’t sitting around vulnerable. You can do that in the Finder by deleting the file, which puts it into the Trash. Next, open the Trash, right-click or Control-click the file and choose Delete Immediately.

The other thing to keep in mind about importing passwords is that not everything may come over. 1Password, for example, stores items such as secure notes and credit cards that are not imported into the Passwords app.

What the Passwords app doesn’t offer

When Apple announced the Passwords app as part of iOS 18 and MacOS Sequoia, some people wondered if the company had just “Sherlocked” other password keepers. The term comes from an old MacOS feature called Sherlock, which let you search your computer for more than just file names. Other search utilities did the same thing, but when Apple built the feature into the system, it killed the market for many of those third-party apps.

On the surface, it sure sounds like Apple Sherlocked utilities such as 1Password, Bitwarden and LastPass (though LastPass and its poor security has done more damage to itself). But although Passwords assumes the core functions of storing and applying passwords, other apps still have their own advantages:

• Sharing between platforms: Other apps have iOS, MacOS, Windows and Android apps.
• Sharing between family members on different platforms: Similarly, if you want to share passwords with someone who isn’t in the Apple ecosystem, a third-party app is the alternative.
• Other types of secure information: If you want to store sensitive data like notes, documents, credit cards and bank account numbers in one place, look to another app.