My iPad says 35 passwords found in data leaks
(I had a screenshot of the logins linked here that are supposedly compromised but wasn't sure who saw my posting, so removed it)
I think the compromised logins I just received notice from my iPad that were leaked are from B4 I started using 1Password. Several months ago, I got a notice from my iPad that many of my passwords were found in leaks so I stopped using my current password manager, deleted all logins from google and apple browser password keepers and then changed ALL passwords and entered new logins and passwords into 1Password. Now I just got another similar notice which makes me nervous. I can see some are referencing old emails (some are old and no longer active - from a former employer which I'm sure deleted my account) so I don't think this newly leaked data is from my 1Password account - but I'd like to make sure. How do I figure out where this login data came from? The notice displays in my iPad's settings > passwords. Thank you!
1Password Version: 8.9.5
Extension Version: Not Provided
OS Version: iOs 15.7
Browser:_ Chrome
Referrer: forum-search:Security risks found by iPad
Comments
-
The Settings > Passwords > Security Recommendations, when you have Detect Compromised Passwords enabled, is evaluating your iCloud Keychain passwords (typically from Safari's saved passwords). Most users would have iCloud Keychain enabled, as well as saving / auto-filling passwords in Safari.
If you have new passwords for sites in 1Password, you can / should delete the corresponding (likely old) passwords in iCloud Keychain (e.g. Settings > Passwords). With the settings above, this will delete the password on all your devices, if they are iCloud Keychain is enabled and your login to iCloud is active (sometimes your device will be disconnected, like after some update / upgrade, and you need to reconnect).
If you are using 1Password, you typically should disable Safari's auto-save / auto-filling of passwords in Settings > Passwords > AutoFill Passwords, disabling iCloud Keychain (and enabling 1Password). This way, there's no confusion about which pasword you are using, and you have only 1 place where you store credentials.
Does this help?
0 -
I'm not sure I understand entirely. I have Detect Compromised Passwords enabled. iCloud Keychain was NOT enabled for autofill and only 1Password 7 was enabled. However lately I noticed my iPad was offering to autofill from a non-1Password source. I do not understand how the now 45 compromised passwords got into the iCloud keychain as I had it set to autofill for only 1Password. Could this have occurred when the newest version of 1Password 7 came out. I find myself using both versions as I didn't remove the original version.
I'm also baffled about some of the "compromised passwords". Some of the login names shown in my latest alert had email address logins listed that no longer exist. When I set up 1Password quite a few months ago (maybe a year ago?). - I changed every password on its website and also every email login if the email changed. If I didn't need a login anymore - I closed the account. It took a week to change every password, close accounts no longer needed and to delete every saved login/password from known password keepers from browsers. I just checked Google and the only saved one was Amazon. I just deleted all 45 compromised passwords from Settings > Passwords. I am concerned - I don't understand where my iPad is getting this data from. Chances are that since some of the data appears outdated it's not an issue since I changed every single password when I changed to 1Password months ago, but nowadays one shouldn't leave things to chance. I don't want to have to change every one of my passwords again. I'd like to understand where this data came from. It sounds like I have things configured correctly. Dunno, I am so not a techie. Is there a bug that switches on iCloud Keychain or asks users to turn it on in a manner where one wouldn't under the ramifications.
Once again, thanks for any clarification you can provide for this baffling concern.
0 -
Let's see if I can clarify a bit more. All of this is a bit complex and can be confusing because there are multiple parts involved and it feels like a black box.
I have Detect Compromised Passwords enabled
That's fine. This just allows your iCloud Keychain passwords to be safely tested for being on known data leak lists.
Here you see I have 6 saved (dummy) entries in my iCloud Keychain:
And here you see that I have Detect Compromised Passwords enabled, and that three of these are known to be one or more lists of compromised passwords:
And here you see I have only 1Password (8) enabled for auto-fill, and that iCloud Keychain is disabled (as a source for autofill).
So the passwords already stored in iCloud Keychain is still available to be tested. Once they've been detected as compromised, only changing the password in iCloud Keychain (to something not on one of those large lists), or deleting it, will reduce the count of items flagged as potentially problematic. The settings shown in the third image do not affect this count.
lately I noticed my iPad was offering to autofill from a non-1Password source.
Only the sources shown in the setting area shown in the third image should be candidates, and only those sources that are enabled.
I do not understand how the now 45 compromised passwords got into the iCloud keychain as I had it set to autofill for only 1Password.
Three ways I can think of: 1) these were stored in the past and you had not deleted them, or 2) another one of your Apple devices had the passwords locally (not stored in iCloud Keychain), and then iCloud Keychain was later enabled on that device and the passwords were then uploaded to iCloud, 3) you restored from backup and then enabled iCloud Keychain.
Could this have occurred when the newest version of 1Password 7 came out
Nope. 1Password is not saving the passwords you save in it to your device's local password storage or iCloud Keychain's passwords.
I find myself using both versions as I didn't remove the original version
While this is generally not advised by the 1Password folks, so long as you are clear about how all the pieces work, it is OK to have both version 7 and 8 on your device. Just be sure only one of them is set to perform the autofill.
I'm also baffled about some of the "compromised passwords". Some of the login names shown in my latest alert had email address logins listed that no longer exist. When I set up 1Password quite a few months ago (maybe a year ago?). - I changed every password on its website and also every email login if the email changed. If I didn't need a login anymore - I closed the account.
You deleting a web account, or changing credentials on the site, doesn't delete the email address or the password that are already saved in iCloud Keychain. Using Safari to change a password on a remote site can update the saved value, however. Changing your email address on a site also usually won't update the saved iCloud Keychain entry. Generally it is the logging-in that allows Safari the opportunity to set these credentials. Otherwise, you have to manage them yourself.
I just deleted all 45 compromised passwords from Settings > Passwords.
That's the right thing to do since 1Password is now your credentials storage facility.
I am concerned - I don't understand where my iPad is getting this data from.
I think this is covered above.
Chances are that since some of the data appears outdated it's not an issue since I changed every single password when I changed to 1Password months ago, but nowadays one shouldn't leave things to chance.
If you've changed the credentials, then you are correct, there's no issue. The relics that were in your iCloud Keychain are just that - unimportant relics (but your good housekeeping was the correct thing to do).
Is there a bug that switches on iCloud Keychain or asks users to turn it on in a manner where one wouldn't under the ramifications.
Apple has a tendency to enable certain iCloud services upon major updates or upgrades, so its always good to review each of those settings when your device has been updated. It is tedious (and most users hate the exercise), but it is an unfortunate necessity.
Two additional things to be aware of:
Browsers or other password managers of course each want to store credentials in their own ecosystem. Just be aware of this in case you use anything else.
Email addresses can also appear on various "compromised" lists. Having an email address detected as present in such lists generally isn't an issue, so long as any accounts that use that email address have secure, not-breached passwords. Since most of us have one email address (or very few), it is critical that you use unique passwords across accounts (so that if one account is breached, other accounts aren't automatically susceptible as well).
0 -
Thank you for helping me to better understand what is happening. From this I learned to check my vital settings after major updates and to check all my devices for stored passwords. I did my "clean up" on one device only, so I may have had some locally stored logins. (I'm not sure how to check for those but I'll nose around). Thanks again!
0 -
You're welcome.
I may have had some locally stored logins. (I'm not sure how to check for those but I'll nose around).
Once you enable iCloud Keychain, the locally stored items are syncned, by default. The list you cleared in Settings > Passwords was sufficient.
Cheers,
MrC0