What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

iOS 8 Security Flaw Shows Parts of Your Password in Autocomplete

dgstorm

Editor in Chief
Joined
Jul 27, 2011
Messages
619
Reaction score
144
quicktype-turn-off.jpg

A security researcher recently discovered something a bit frightening in iOS 8. Apparently, when you have the QuickType predictive feature activated in iOS 8, it will actually suggest parts of your password as part of its predictive typing feature. Here's a quote with an example,

As an example, iDownload Blog notes that one user in Apple’s Support Communities has claimed that their keyboard has started “offering ‘OrangeJuice’ as a suggestion each time he would type in ‘AppleUser’ because QuickType remembered the ‘OrangeJuice!2′ password he previously used to log in to Outlook Web App.” Even worse, the user reported that QuickType would even suggest “other passwords from other services and old passwords that I already changed.”

Ouch! This is a major security issue. If someone gets hold of your device, they can probably fool around with it long enough to get it to tell them part of your password. Obviously this is something that Apple is probably working on in one of their updates they plan to release, but in the mean-time, you should turn off the QuickType predictive feature, just to be safe.

To do that you need to turn “Predictive” to OFF in the Settings > General > Keyboard.

Source: BGR
 
Hmm. A major issue if you let other's use your device, or don't lock your device. Otherwise the window of opportunity is between the time you set your device down and the time it auto-locks.

If you're not in the habit of setting your device down and leaving it unattended where unscrupulous others dwell, the issue is less important.

Of course, there is always the device snatcher. They could try going straight to your Apple ID sign-in and try to figure out that password. A good reason to head to the nearest computer or your other device and do a remote wipe. Since they can't guess while off the internet, you've got a good chance of killing the iPad before they have your password. Assuming that password is not 1 2 3 4. (movie Spaceballs reference)

Still, a security problem is a problem, and I hope Apple addresses it soon.
 
Unless if you have a passcode or aren't careless your as good as gold. I think this is a bit more convenient, but I would prefer it if it would be a separate feature in iOS.

Anyways I don't like predictive text so I'm on the safe side here.
 

Most reactions

Latest posts

Back
Top