How to View and Manage Compromised Passwords on Your iPhone

Your iPhone constantly checks your saved passwords against known data leaks to alert you of any compromised accounts.

iCloud Keychain continues to improve with features that rival dedicated third-party password managers, and one of its most valuable capabilities is password monitoring. If you’ve received a notification on your iPhone or iPad warning that one of your saved passwords has appeared in a data leak, you’ve seen password monitoring in action.

Learn how your iPhone detects compromised passwords and what to do when it alerts you about one of your accounts.

How Your iPhone Monitors Your Saved Passwords

Password monitoring is a built-in feature of Apple’s iCloud Keychain service, which stores and autofills account information on your Apple devices. End-to-end encryption keeps your sensitive data hidden from everyone, including Apple. Unfortunately, your web accounts sometimes suffer data leaks that are out of your control. This can result in your usernames and passwords leaking in public data dumps.

Fortunately, iCloud Keychain’s password monitoring feature can detect when this happens and let you know.

According to Apple, your iPhone or iPad continuously checks the passwords you’ve saved in your Password AutoFill keychain against a list of passwords that have appeared in known leaks. When one of your passwords matches a password found in a data leak, your iPhone will send you a notification with the title Compromised Passwords. It will also list that account in the Security Recommendations page in Settings.

It’s a frightening notification, but remember: it doesn’t mean that someone has gained access to one of your accounts or even that someone is trying to log in. It simply indicates that your password has appeared in a data leak and, therefore, your account is vulnerable.

Additionally, such a notification doesn’t mean there’s an Apple data leak. Practically, it means you should immediately change the password on the account or accounts in question to prevent potential security issues in the future.

How Secure Is Password Monitoring?

The idea of your iPhone regularly sending your passwords to Apple’s servers might sound scary, but your iCloud Keychain is already stored and end-to-end encrypted there. The password monitoring process uses some additional cryptography to share as little information as possible with Apple.

Some of the best password managers for your iPhone include similar features that detect data leaks and weak passwords. Part of deciding which service to use—or if you should stick with Apple’s free, built-in option—is determining which company you trust most with some of your most sensitive data. Certainly, there are other features you should look out for when selecting a password manager.

How to View Compromised Passwords and What to Do About Them

The easiest way to view your vulnerable accounts is to tap the Compromised Password notification, which opens the Settings app to the Security Recommendations page. However, you can easily go there anytime to view compromised passwords on your iPhone. Here’s how:

1. First, open the Settings app on your iPhone or iPad.
2. Then, tap Passwords in the list.
3. After that, you’ll need to verify your identity using Face ID or Touch ID to proceed to the next page.
4. Once you’ve been verified to access the Passwords page, choose Security Recommendations above the list of saved passwords.

At the top, you’ll see a list of items labeled High Priority—this includes passwords that your iPhone knows have appeared in data leaks. They’re the accounts you should focus on securing first. The bottom section, Other Recommendations, contains reused and weak passwords that haven’t appeared in leaks but could be stronger or more secure.

How to Manage Compromised Passwords in Your Keychain

To change the password for a vulnerable account, follow these steps:

1. Open Settings and tap Passwords. You’ll need to verify your identity using Touch ID or Face ID to proceed to the Passwords page.
2. Then, tap Security Recommendations.
3. Choose the account you’d like to change.
4. On the account detail page, tap Change Password on Website.
5. Your iPhone will open the related website, where you can log in by autofilling your username and password.
6. Then, use the website’s account management tools to change your password. Tap the Use Strong Password option to accept the system’s randomly generated password suggestion. You could create a strong password yourself, but this feature takes the guesswork out of it and saves it automatically.

Know When to Change Your Leaked Passwords

Compromised password detection is a valuable feature of your iOS device’s built-in Keychain. It’ll help you discover weak and reused passwords and alert you when your data is potentially at risk. Beyond password monitoring, you should also consider setting up an account recovery key for your Apple ID account to further protect yourself from online threats.