General I hate password auto-fill suggestions

[Pagemakers]

Really don’t like iOS12’s password auto-fill suggestion feature.

Even using a password manager I find iOS12 offers me passwords for websites I don’t want suggestions for.

It happens on every visit and it’s so irritating.

I have to select “use my password” instead then click the key icon and then click again to find the password. It’s clunky beyond belief.

The only way to get rid of the suggestions is to turn off password auto-fill completely which I don’t want to do.

It’s probably the only iOS12 feature that none of my mates like either.

 

[steve62388]

Works brilliantly for me. I use it alongside 1P.

 

[GreyOS]

It’s not really clear what you mean.

What is a site you don’t want suggestions for? Surely you want it to offer the password on every site you have one saved against?

Or do you mean it offers the wrong one, or doesn’t suggest one at all, so you have to find it manually?

 

[Pagemakers]

It’s not really clear what you mean.

What is a site you don’t want suggestions for? Surely you want it to offer the password on every site you have one saved against?

Or do you mean it offers the wrong one, or doesn’t suggest one at all, so you have to find it manually?

For some sites it works well offering your password as you click in the password field - but it’s no better than before.

However, for other websites or apps, I guess those that don’t really want you to save passwords the entire process is worse than before. Previously for these websites I would click in the password field and nothing was offered so I would simply entered the password manually or used the share sheet to open an app such as Lastpass/1Password to inout the password. Now each time I click in the password fiend iOS12 suggests a wrong complex password which I don’t need because I already have a password in Lastpass/1Password so now I have to click “use my own password”, then click the key icon, on the right, then the Lastpass/1Password link to open the password manager app, then click the password from there. It’s about 3-4 clicks more than it was before and if you need to visit these websites several times a days it’s a pain in the ass.

They should have added a “never suggest passwords for this site” option.

I still think the password feature is unnecessarily cumbersome.

 

[GreyOS]

For some sites it works well offering your password as you click in the password field - but it’s no better than before.

However, for other websites or apps, I guess those that don’t really want you to save passwords the entire process is worse than before. Previously for these websites I would click in the password field and nothing was offered so I would simply entered the password manually or used the share sheet to open an app such as Lastpass/1Password to inout the password. Now each time I click in the password fiend iOS12 suggests a wrong complex password which I don’t need because I already have a password in Lastpass/1Password so now I have to click “use my own password”, then click the key icon, on the right, then the Lastpass/1Password link to open the password manager app, then click the password from there. It’s about 3-4 clicks more than it was before and if you need to visit these websites several times a days it’s a pain in the ass.

They should have added a “never suggest passwords for this site” option.

I still think the password feature is unnecessarily cumbersome.

I’m still quite confused, sorry. It should only offer to generate a new password for password fields that expect you to enter a new password, such as those on forms for creating an account or changing your password. In those cases, you won’t already have a password, because the point is that you’re creating a new one, so I’m confused as to why you say you already have it in another password manager...?

If the field is expecting an existing password (eg you’re logging in, or it’s a field on a ‘change password’ form that wants your current password) then it shouldn’t generate a password for you.

Safari uses heuristics and the site’s markup to determine which whether a password field is for an existing or new password and I’ve rarely seen it fail. Perhaps this is what is happening- do you have any example sites?

Finally- and this might be the most important thing for you, as the above may just be a result of me misunderstanding- if you’re using LastPass, you could turn off iCloud Keychain for AutoFill and only use LastPass. This will stop Safari generating new passwords for you. My advice would be to fully commit to one or the other and not use multiple.

 

[Pagemakers]

Thank you for your very detailed explanation. My company website does not permit users to save password for security reasons. I do have a password saved in Lastpass. Each time I visit the site I am greeted with this. Because there is no iCloud Keychain password it offers one on every visit.

I hear what you say about turning iCloud Keychain passwords off but they work well for 85% of sites.

 

[GreyOS]

Thank you for your very detailed explanation. My company website does not permit users to save password for security reasons. I do have a password saved in Lastpass. Each time I visit the site I am greeted with this. Because there is no iCloud Keychain password it offers one on every visit.

I hear what you say about turning iCloud Keychain passwords off but they work well for 85% of sites.

I’m not certain that it’s necessarily the case that to stop a password being saved on a website, the field has to be incorrectly flagged or detected as a ‘new password’ field (after all, new passwords are saved too).

I would get in touch with the people who make your company website and see if there’s anything they can do to improve the situation. The iOS 12 security white paper includes some details on how the password generation works which might be of use to them.

I appreciate that might not be the only website that doesn’t work for you, and you can’t go chasing down every website owner, but at the moment I feel fairly confident that 99% of the time it will be because the website is poorly constructed. And it’s quite rare in my own experience.

Edit: Security document I mentioned: https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf

See page 73 onwards. It says it generates a password if the field has “autocomplete=new-password”. I believe to stop it remembering passwords, like your company website wants to do, it should be “autocomplete=off” - but I’m far from certain

 

[Pagemakers]

Great help. Thanks for taking to time to assist.

 

[GreyOS]

Great help. Thanks for taking to time to assist.

You’re welcome, btw I edited the above post with a bit more info.

 

[Pagemakers]

Another thing I don’t like about this feature is the different way passwords are offered. I’ve counted 3.

1) in a blue pop up (I like this very much)

2) in the text suggestions bar (ok)

3) via a key icon on the right (cumbersome)

For consistency I wish Apple just adopted one method. Preferably the 1st one.

 

[benjamintm]

My company website does not permit users to save password for security reasons.

That is incredibly short-sighted of your company. People can reliably remember a small number of complex passwords. Most people will just end up reusing the same one across multiple sites, meaning a breach of one site means a breach of all. A password manager is the only effective way to have truly unique passwords across multiple sites.

 

[ck2875]

Thank you for your very detailed explanation. My company website does not permit users to save password for security reasons. I do have a password saved in Lastpass. Each time I visit the site I am greeted with this. Because there is no iCloud Keychain password it offers one on every visit.

I hear what you say about turning iCloud Keychain passwords off but they work well for 85% of sites.

Alternatively, you could try manually adding the username and password you use to Settings > Passwords & Accounts > + (top right corner of screen), and then fill in the username, password, and website. If safari is able to suggest a password, it should able to autofill. Granted that bypasses your company not wanting passwords saved, but you're already doing that with LastPass.

 

[Pagemakers]

That is incredibly short-sighted of your company. People can reliably remember a small number of complex passwords. Most people will just end up reusing the same one across multiple sites, meaning a breach of one site means a breach of all. A password manager is the only effective way to have truly unique passwords across multiple sites.

Tell me about it. 9 digits. Must have cap, lowercase, number and symbol and not been used in the past 4 passwords and on top of that must be changed every 90 days. FTSE250 company. I don’t think I’m alone!

 

[Pagemakers]

After a few days of use I wonder why Apple didn’t add a “don’t ask again” when it permanently suggests passwords for sites you don’t want it to suggest passwords for