You can use an Apple tool to find and replace your weakest passwords, along with those found in security breaches or that you reuse across sites.
Despite the rise of two-factor authentication, password security remains a top priority. Unless your password is unique, relatively long, and hasn’t been found in a database breach as plain text, you should probably change it. For some sites, you might not have changed the password in years–or ever. (Conversely, if any password for a given site you use is unique, long, and unbreached, there’s no valid reason to change it.)
Apple offers a tool to help you fix your worst passwords. Security Recommendations can be found in iOS/iPadOS in Settings > Passwords. In macOS, find it in System Settings > Passwords (Ventura); or System Preferences > Passwords (Monterey); or Safari > Preferences/Settings > Passwords (all macOS versions). It’s easiest to manage on macOS, so the examples below come from Ventura.
The recommendations are divided into High Priority Recommendations and Other Recommendations. For me, I had 18 in the former category and 68 in the other. (If you don’t have any High Priority Recommendations, it may just show a list.) It’s not clear why Apple promotes some entries into the high-priority category. With my account, items listed as high priority include a financial site, a government (.gov) site, and several Apple sites. The other sites included don’t necessarily have anything in common–possibly the shortness of the password or how commonly used a word in the password was.Warnings listed by Apple
Here’s what you’ll see as warnings in both high-priority and standard-priority entries:
Commonly used password: Passwords identified as commonly used come from the result of years of password leaks. Passwords used by many people can now be easily found on the Internet by anyone, much less criminals or other attackers. Apple notes, “Many people use this password, which makes it easy to guess.” I’ve found a number of test accounts in this category—accounts I set up and never used or that were set up for me temporarily.
