Many of us are guilty of a cardinal cybersecurity sin: We reuse old passwords. In a 2025 survey of 2,300 adults, more than half of respondents said they recycled an existing password when updating accounts with companies that have disclosed data breaches.
But Apple wants to fix this bad habit by flagging and automatically updating compromised or weak passwords you’re using on websites and apps through its new Passwords app feature. The update was announced at the tech giant’s June developers conference.
Illustration: HuffPost; Photos: Apple
Following the release, you don’t have to manually update each password ― Apple can do it for you automatically for eligible accounts. You won’t need to sign into each individual app and waste time to do this.
In the developer demo shown at the conference, the iPhone showed a “Fix Passwords” button at the top that a user needed to tap to change multiple passwords in listed apps at once. Then Apple said it would use its artificial intelligence and Safari to update the password in the background, and let you know through an update that will state “Security upgraded.”
The Passwords app will do this through Apple’s processing system for artificial intelligence known as Private Cloud Compute, which says it will not retain any of your data, including via logging or for debugging.
The final version of this feature will not be released until the fall iOS 27 software update, but you can try the iOS 27 developer beta right now.
Bill Budington, a senior staff technologist for nonprofit digital rights group Electronic Frontier Foundation, said he is “cautiously optimistic” about this feature. “I would want to see how it’s implemented, and also what it looks like when it comes out,” he said.
And it’s not the only way you can protect your data in an app in the meantime. “We know the secure way to generate passwords. Those are built into password managers already,” Budington noted.
These password managers generate unique, random-looking passwords for new accounts, and store them all for you without having to remember each one. It’s also unclear yet how the new Apple feature will integrate with third-party password apps people already use.
And then there’s the larger question of trusting Apple’s AI to decide which passwords need an upgrade and what a strong password looks like.
Apple defines a weak password as one that is “easily guessed or used multiple times,” but it remains to be seen how well it is at deciding what’s a weak or strong password. When AI creates a password, it’s not always the strong safeguard it’s supposed to be. In one PCMag test, Google Gemini generated weak passwords even when it was prompted to create strong ones.
But overall, this could be an important step forward for people who use the same password on every app. “If you have the same password on five different sites, and even one of them implements bad security … then all five sites are vulnerable to attacks using those credentials,” Budington explained about why reusing passwords is so insecure.
“If people are using this because they were not using anything else before, I think that’s definitely a huge improvement,” he said.
