Look For and Fix Duplicate Passwords In Safari

Storing your passwords in Safari is a good idea as it allows you to use strong unique passwords for each site you visit. But if you still have some old passwords that are used at more than one site, you need to change that. Safari will show you if you are using a password at more than one site. You can use these warnings to fix these before they become a problem.
Video Transcript / Captions
Closed captioning for this video is available on YouTube: Look For and Fix Duplicate Passwords In Safari.

Next to having weak passwords one of the worst things you can do for your online security is to reuse a password. The reason for this is simple. If you use the same password for multiple sites all it takes is for one of those sites to be compromised, for their database to be exposed and the password now to be out there. Chances are you're probably using your same email address as an ID, which is fine, across all these different sites. Now once that password is out there all it takes is some malicious bots to go out and try different websites with your ID and that password and they'll eventually get into one of those other accounts.

So even if you sign up for a site that's not important to you and they have all their data exposed in some sort of breach then it could mean that an account at another site, one that is important to you, is the one that's broken into. You can't rely on the news to keep you updated about these kinds of things because a lot of times these companies are really late in reporting this stuff. So it could be months after there's a data breach that you find out about it and your password has been out there this entire time.

The best way to protect yourself again this is to never use a duplicate password. Never use the same password at more than one site. Fortunately, Safari's password manager allows you to see where you're using duplicate passwords so you can correct this.

So here I am in Safari. I'm going to go into Safari Preferences and then go to Passwords. Then I'm going to go and enter my account password for my Mac here to get in and to see all my passwords. Now chances are you probably have a lot more passwords than this so it's probably going to be a long list to scroll through. If you want to see what a password looks like you can click on it and it will be revealed.

But you don't have to actually rely on looking at each one to figure out if there are any duplicates because you get this little notification here on the right side using Mac OS Mojave. If you click on it you can see that it's a duplicate password and where it's being used. In this case I'm using the same password in three places. Two accounts at my fake work site that I use for demos and a Twitter account that doesn't even exist that I just created and had it store the password in here.

So I can now go and correct this. The way that I would do that, of course, is to go to each of these websites and change my password for it until I'm left with only one. Or better still actually just replace the password in all the places where the password is being reused. So if you've got a duplicate now change it in all those locations. So the original password that's being used in three different places is no longer used anywhere. That's the safest way to do it.

Now if you use another password manager chances are that there's a way to look in there as well. I know One Password does give you a warning and shows you if you're reusing this password in another site. There's even a way to look these up and just see which ones are there. I'm sure all of the other password managers have similar functionality.

But if you're just using the Safari password storage which is fine and great you can use this little alert feature on the right to find out where you have duplicate passwords and you get rid of them so you're using only unique passwords everywhere. Of course you want to use strong passwords as well and wherever two factor authentication is available you want to use that also.

Comments: 10 Responses to “Look For and Fix Duplicate Passwords In Safari”

    Verne Westgate
    4 months ago

    If I change my password using the Safari password manager, will that change the password for use on my iPhone and iPad when I access that account? I often see the strong password recommended by Safari, but have ignored it because I want to be able to access the account on other devices without having to look it up each time.

    4 months ago

    Verne: If you are using iCloud Keychain then when you store a password on one device, it is available on all of your other devices.

    4 months ago

    Gary, Thanks so much for such a timely idea.
    I am trying to change my password at various sites and cannot figure out how to do so. Any thoughts? For instance I went to AA.com and pulled up my password but could not figure out how to change.
    Thanks so much

    4 months ago

    Cindy: Every site does it a little differently. For American Airlines, I was able to log in. Then I clicked on “Hello, Gary” at the top to get a small menu, and then I clicked “Your Account.” Then on that screen I clicked Edit Account. Then there was a menu item for “Information and Password.” Look for a link under Your Account on that page to “Change Your Password.”

    4 months ago

    Can I delete the account itself instead of changing the user name and/or password if I no longer want an account on a particular site? I have lots of old/no longer used sites.

    4 months ago

    Judy: Interesting question. I assume you mean go to the site and request that they delete your account, as opposed to just deleting the password from Safari. I would expect that they would simply deactivate your account, but the record of it (with password) would still be there. So I would still never ever use that password again anywhere at all, ever. Other times it may be difficult to figure out how to delete the account. But as long as you don’t use that password anywhere else, might as well try to get them to delete the account.

    4 months ago

    Sometimes the relevant site no longer exists or is no longer available. What to do in such a case, when changing the password for that site i not longer an option?

    4 months ago

    Theo: Nothing to do then except make sure that the password you previously used there is not being used anywhere else, ever. But that isn’t a problem if you are using unqiue passwords everywhere.

    4 months ago

    Is Keychain connected to the PW manager in Safari? Also, are my passwords use on my iPhone apps kept in Keychain (and presumably not stored in Safari PW manager? Thanks!

    4 months ago

    Ted: Keychain is used to store the passwords, yes.

Comments Closed.