Apple claim that iCloud can store passwords “only locally” seems to be false

An Apple support document describing the company’s new iCloud Keychain makes a surprising claim that it can sync passwords across devices without ever storing them in the cloud.

If true, this would be an important advance in password management, allowing users to create long, complicated passwords on one device and have the passwords automatically sync to their other devices, but without storing data on Apple’s servers.

Today, most password managers sync data across devices by storing the data in a cloud service. There are ways to sync passwords directly among devices without cloud storage, for example with a Wi-Fi sync option in the latest versions of 1Password. However, this requires some extra steps that reduce the convenience a good password manager offers.

Unfortunately, Apple’s claim that it’s solved this problem does not appear to be true. It may simply be a factual error in the Apple support document, but since this represents Apple’s official word on how iCloud Keychain works, we had to test it out.

SOURCE: arstechnica.com

Information Security Buzz