Many of us are guilty of a cardinal cybersecurity sin: reusing old passwords. In a 2025 survey of 2,300 adults, more than half of respondents admitted to recycling an existing password when updating accounts with companies that have disclosed data breaches.
Apple's Solution
Apple wants to fix this bad habit by flagging and automatically updating compromised or weak passwords through its new Passwords app feature. The update was announced at the tech giant's June developers conference.
Apple is automating the process of updating weak, old passwords in its upcoming iOS 27 software release. Following the release, users won't have to manually update each password; Apple can do it automatically for eligible accounts. You won't need to sign into each individual app and waste time.
In the developer demo shown at the conference, the iPhone displayed a "Fix Passwords" button at the top that a user needed to tap to change multiple passwords in listed apps at once. Then Apple said it would use its artificial intelligence and Safari to update the password in the background and notify users through an update stating "Security upgraded."
How It Works
The Passwords app will operate through Apple's processing system for artificial intelligence known as Private Cloud Compute, which says it will not retain any of your data, including via logging or for debugging. The final version of this feature will not be released until the fall iOS 27 software update, but users can try the iOS 27 developer beta now.
Expert Opinions
Bill Budington, a senior staff technologist for nonprofit digital rights group Electronic Frontier Foundation, expressed cautious optimism about the feature. "I would want to see how it's implemented, and also what it looks like when it comes out," he said.
Budington noted that there are other ways to protect data in the meantime. "We know the secure way to generate passwords. Those are built into password managers already," he explained. These password managers generate unique, random-looking passwords for new accounts and store them all without requiring users to remember each one.
Integration and Trust
It remains unclear how the new Apple feature will integrate with third-party password apps people already use. Additionally, there is the larger question of trusting Apple's AI to decide which passwords need an upgrade and what constitutes a strong password. Apple defines a weak password as one that is "easily guessed or used multiple times," but its effectiveness at distinguishing weak from strong passwords remains to be seen.
When AI creates a password, it is not always the strong safeguard it is supposed to be. In one PCMag test, Google Gemini generated weak passwords even when prompted to create strong ones.
Potential Impact
Overall, this could be an important step forward for people who use the same password on every app. "If you have the same password on five different sites, and even one of them implements bad security ... then all five sites are vulnerable to attacks using those credentials," Budington explained about why reusing passwords is so insecure. "If people are using this because they were not using anything else before, I think that's definitely a huge improvement," he added.
