There are no active ads.


iOS 8 Has a Major Flaw That Shows Part of Your Password in Auto-Complete

by Todd Haselton | September 29, 2014September 29, 2014 1:00 pm PST


Heads up: if you’re particularly concerned about passwords, and we all should be, you might want to pay attention to this flaw that was recently discovered in iOS 8. Apparently the autocomplete feature for the new QuickType keyboard in iOS 8 is a littleĀ too good.

iGen.FrĀ recently noticed that, while in Safari, a user might be prompted to enter his or her password using a new “autocomplete password” option that pops up at the top of the keyboard. Obviously this could be convenient for some people but it’s also dangerous if someone picks up your phone and suddenly has access to all of the sites with saved information in Safari. Cached passwords can be a security issue on all platforms, but this is worse. One member of Apple’s support forums recently posted an example where auto-complete actually recommends part of the actual password, revealing it to anyone who has the phone.

The user said his or her password is typically OrangeJuice!2 and that autocomplete has been suggesting he type “OrangeJuice,” into the password space, which is the bulk of his or her password. A would-be hacker could easily get the last two digits, which makes the password that much less secure. The poster noticed that this happens inside Safari but also in other places like Notes. We haven’t been able to replicate it on the Facebook Safari page or inside of our banking app, but there’s proof it exists.

Right now the best option to maintain your privacy is to simply turn off QuickType. You can do this by visiting Settings > General and then turning off “Predictive” on your iOS 8 device. Here’s a look at the flaw in action, as submitted to Apple’s support forums:


Todd Haselton

Todd Haselton has been writing professionally since 2006 during his undergraduate days at Lehigh University. He started out as an intern with...