Logged in away from home this morning, and Apple complained my password had been seen in a data breach.
This password has only ever been used on Channels.
Wondering if it’s a SNAFU, but figured I would ask.
There has been no password breach. You would hear it from us before Apples password manager.
That features doesn’t report on specific passwords. It tracks websites that have reported breaches and compares them to the sites you have stored passwords for.
Why it’s reporting a password for Channels is not clear. Do you have a screenshot of what you saw?
Sorry, no. It popped up in the standard iOS window after the safari session came up for logging in away from home.
I’ll try to recreate it later on today.
You can get back to your iOS password Security Recommendations by going to Settings -> Passwords -> Security Recommendations. There you should be able to see your compromised passwords.
That annoying thing just means that Apple stole your passwords and login info that you saved into their ecosystem, to compare with known hacks/data breach databases and found that password, or one near identical to it, and/or your email address in one or more of those databases.
It just is informing you that they think you should change that password and not use it anymore elsewhere.
Also, it warns you if you use the same password on more than one site.
you can also accomplish the same lookup thing your self via the website
https://haveibeenpwned.com/
@speedingcheetah i would prefer apple over another 3rd party.
@maddox annoyingly I can’t replicate at home right now, and channels isn’t in my suspect list. I’d consider this a non issue. Sorry for the noise.
Apple is the third party, that is the site that has all the databases Apple and others check against.
It is a legit site, created by Troy Hunt, a Microsoft Regional Director that is vetted by Security professionals and the tech community. It is even hosted by and endorsed by Cloudflare directly.
Apples built in checker is very basic and not to be relied upon. Some web browsers, like FireFox now just nag you if you have more than one of the same password stored in it, and does not even check any database. I have had Apple say a few of my emails and passwords were fine, but know for a fact they were compromised in a breach, that i verified via that site and other legit sources.
Ultimately, as long as you have 2FA setup on all your accounts, the OTP based, not SMS, having your info in a breach is not overly concerning. It is inevitable for the most part.