Apple wants its Passwords app to log into your accounts and swap out weak credentials automatically. The convenience is real, but handing an AI agent the keys to your logins raises questions worth asking before you tap accept.
Apple used the final Worldwide Developers Conference of Tim Cook's tenure to announce a feature that sounds mundane and is anything but: starting with iOS 27, the built-in Passwords app will not just warn you about weak or breached credentials, it will go fix them for you.
The pitch, as Apple described it, is that "Passwords can now automatically fix these for users with just a tap." Under the hood, the company says it is "using Apple Intelligence and Safari to agentically take action on a user's behalf," navigating to a website, signing in, and upgrading the account to a stronger password. One tap, and the chore that most people never get around to handles itself.
For anyone who cares about how personal data is protected, this is worth slowing down on. The feature is genuinely useful, and it also represents a meaningful shift in what your device does with your most sensitive information.
What is actually happening
Apple's Passwords app already does the easy part. It checks your stored credentials against known data breaches and flags anything that has turned up in a leak or that is simply too weak to trust. That detection mechanism is standard practice now, and it works by comparing your credentials against databases of exposed passwords, similar to how services like Have I Been Pwned operate.
What the current version does not do is act on those warnings. Tap an alert today and you are sent to the account's settings page, where you change the password yourself. There is no way to fix several compromised logins at once, so most people see the red badge, sigh, and move on.
The iOS 27 update removes that friction by letting the software do the navigating and typing. After you approve the action, the system opens the relevant site, signs in with your existing credentials, walks through the password change flow, and stores the new strong password. The passwords it generates are solid by default, the kind of long random strings that password-strength checkers rate as taking centuries to crack.
Why this matters for your data
Automating a password change means your device is now performing authenticated actions on websites while pretending, in a technical sense, to be you. That is the definition of an agent: software taking real-world actions on your behalf rather than just showing you information.
The upside for ordinary users is significant. The single biggest reason people reuse passwords across dozens of sites is that changing them is tedious. Reused and breached credentials are the raw material for credential-stuffing attacks, where criminals take a password leaked from one service and try it everywhere else. Anything that makes it trivial to rotate weak passwords reduces that attack surface in a way that nagging alerts never managed to.
The questions sit on the other side of the ledger. An agent that can log into your accounts is, by design, a system that holds and uses your credentials in an active way. Apple's longstanding position is that this processing happens on-device or through its Private Cloud Compute infrastructure, which is built to keep data inaccessible even to Apple. That architecture matters here more than usual, because the alternative, sending your live login sessions through a cloud service, would be exactly the kind of central honeypot that privacy advocates warn about. Users who enable the feature are effectively trusting that Apple's privacy claims hold up in practice, not just in marketing.
There is also the practical question of reliability. In the brief demo Apple showed, the feature worked perfectly. Real websites are messier. Login flows differ from site to site, and many accounts now require multi-factor authentication, where a code is sent to your phone or generated by an app. How gracefully the agent handles an MFA prompt mid-change, or what happens when it half-completes a password rotation on a site it does not fully understand, are open questions. A failed automated change that leaves you locked out is a worse outcome than the original weak password.
The broader Apple AI picture
The password feature arrived as one piece of a larger AI push. This year's WWDC put Siri, now branded Siri AI, at the center, as Apple tries to deliver on the Apple Intelligence promises it made back in 2024 and largely failed to ship. The company also detailed smaller AI-enabled additions running on its Foundation Models, which were developed in collaboration with Google and its Gemini technology, including the ability to build shortcuts or Safari extensions through natural-language prompts and a Safari "Notify Me" tool that watches web pages for changes.
None of these are the kind of features that reset the AI industry. That appears to be the point. Francisco Jeronimo, IDC VP of client devices, told The Register that "the winning AI experience for consumers will not be the loudest or most technically complex. It will be the one that understands context, respects privacy, works reliably across apps, and reduces friction without forcing users to change behaviour."
That framing, privacy and reliability over raw model size, is the bet Apple is making, and it is the right lens for users to judge the password feature too.
What changes for you
iOS 27 reaches the public in the fall, with a developer beta available now. The dedicated Siri AI app is not in this release; that one comes with a waiting list. The agentic password fixing is positioned as a headline capability, but expect it to be limited to supported websites at launch rather than working everywhere.
If you use Apple's Passwords app, the sensible posture is cautious adoption. The feature solves a real problem, and rotating breached credentials quickly is good security hygiene. Before you let it run, confirm that MFA is set up on your important accounts independently, so that even a botched automated change does not leave an account exposed, and treat the per-account approval prompt as a real decision rather than a button to tap reflexively. The convenience is the selling point, but the credentials it touches are the keys to your digital life, and those are worth a moment's attention before you delegate them to an agent.
Comments
Please log in or register to join the discussion