Browser Safari from Apple has long become an integral part of the ecosystem of devices on macOS And iOS. One of its key features is the built-in password manager − iCloud Keychain, which automatically saves logins, passwords, credit card information and even two-factor authentication codes. But how exactly does this system work? Can you trust her with sensitive information, and what should you do if access to your saved passwords suddenly disappears?

In this article we will look at all aspects of working with passwords in Safari: from basic setup to advanced features like generating complex passwords and syncing between devices. You will learn how export passwords to an encrypted file for backup (the function that Apple hid from users for a long time), how to restore access if the device is lost, and why sometimes Safari refuses to save passwords on certain sites. We will also reveal little-known vulnerabilities and give specific recommendations for protection against phishing and leaks.

How Safari saves passwords: how iCloud Keychain works

The password storage system is based on Safari lies the technology iCloud Keychain — encrypted storage integrated into operating systems Apple. When you enter your username and password on the site, the browser prompts you to save them in Keychain. This data is encrypted using 256-bit AES and become attached to yours Apple ID, which allows you to synchronize them between iPhone, iPad, Mac and even Windows-PC (when installing iCloud for Windows).

It is important to understand that passwords are not stored on Apple servers in clear text. Instead, the model is used end-to-end encryption: Encryption keys are generated on your device and are never transmitted to Apple. This means that even if attackers hack the company's servers, they won't be able to decrypt your passwords without access to your device or backup.

  • 🔐 Local storage: Passwords are stored in the system Keychain on each device (for example, in ~/Library/Keychains/ on Mac).
  • ☁️ Sync via iCloud: Data is transferred between devices in encrypted form using the protocol HTTPS.
  • 🔄 Autocomplete: Safari uses machine learningto only offer passwords on trusted sites.
  • 🛡️ Phishing protection: The system warns you if you enter a password on a fake site.

However, this system also has weaknesses. For example, if you lose access to all your devices Apple (or forget your password Apple ID), recover passwords from iCloud Keychain there will be impossible — they cannot be reset through support, as some other password managers do. Therefore, it is critical to configure backup (we'll talk about it later).

📊 How often do you use password autofill in Safari?
  • Constantly
  • Only on trusted sites
  • Nearby, but I prefer to enter manually
  • I never trust the browser

Where to find saved passwords in Safari on Mac and iPhone

Access to saved passwords in Safari can be obtained in several ways - through browser settings, system tools, or even a voice assistant Siri. Let's consider all the options.

On macOS (Ventura, Sonoma and older)

  1. Open Safari and go to menu Safari → Preferences (or click ⌘ + ,).
  2. Select a tab Passwords (you will need to enter your account password Mac or Touch ID).
  3. You will see a list of all saved logins. Double-click on the entry to view or edit the password.

On iPhone or iPad (iOS 17 and later)

  1. Open Settings and go to the section Passwords and accounts (on older versions - Passwords and keys).
  2. Select Passwords for sites and applications (confirmation required Face ID/Touch ID or device password).
  3. Scroll the list or use search to find the entry you're looking for.

Also on Mac you can use the system application bunch of keys (Keychain Access), which is in Programs → Utilities. Not only passwords from Safari, but also certificates, keys SSH, data Wi-Fi and other sensitive information. To find the password:

  1. Open Keychain Access.
  2. Enter the site name in the search bar.
  3. Double click on the entry and check the box Show password and enter the system password.
💡

If you often forget passwords, turn on the "Suggest strong passwords" option in Safari preferences (Passwords tab). The browser will automatically generate and save unique combinations up to 20 characters long.

Exporting and importing passwords: how to make a backup copy

Apple for a long time did not provide users with the ability to export passwords from iCloud Keychain to the file, citing security reasons. However, with the release macOS Monterey (2021) and iOS 15 This function has finally become available - albeit with serious limitations. For example, you can export passwords only in CSV format, which is not secure by default.

To export passwords to Mac:

  1. Open Safari Settings → Passwords.
  2. Click on the three dots at the bottom of the window and select Export passwords.
  3. Confirm the action with Touch ID or account password.
  4. Select a location to save the file (the default is Documents).

The file will be saved in the format .csv with name Passwords.csv. Attention: this file not encrypted and contains all your passwords in clear text! To protect it:

  • 🔒 Immediately after export, archive the file with a password (for example, via Terminal team zip -e passwords.zip Passwords.csv).
  • 🗑️ Remove the original one CSV-file after archiving.
  • 💾 Store the archive on an encrypted disk or in a secure cloud (for example, Proton Drive).

To import passwords from CSV:

  1. B Safari Settings → Passwords click on the three dots and select Import passwords.
  2. Specify the path to the file .csv (it must be in the format URL,Username,Password).
  3. Confirm import.
⚠️ Attention: Import passwords from third party managers (for example, 1Password or LastPass) may result in duplicate entries. It is recommended to clear before importing iCloud Keychain from outdated data.
Format Is Safari supported? Security level Notes
.csv Yes (export/import) ❌ Low (plain text) Requires manual encryption
.kdbx (KeePass) No ✅ High (AES-256) Can be converted via KeePassXC
.1pif (1Password) No ✅ High Requires conversion to CSV
.json (Bitwarden) No ⚠️ Average Can be imported via BitwardenCSV → Safari

Problems saving passwords: Why Safari doesn't offer to save data

Sometimes Safari Refuses to save passwords on certain sites, despite the autofill feature being enabled. There may be several reasons:

  • 🚫 The site prohibits saving: Some resources (for example, banking portals) add the attribute to the page code autocomplete="off" or autocomplete="new-password", blocking saving.
  • 🔄 Outdated version of Safari: B macOS Mojave and older, bugs with auto-completion may occur.
  • 🛠️ Damaged Keychain: If the system keychain is damaged, Safari will not be able to save new passwords.
  • 📱 iCloud Limitations: When syncing is disabled on your device iCloud Keychain, passwords are only saved locally.

To force a password to be saved on a problematic site:

  1. Enter your username and password manually.
  2. After successful authorization, open Safari Settings → Passwords.
  3. Click + (plus) at the bottom of the list and enter the data manually.

If the problem occurs on all sites, try resetting Keychain:

  1. Open Keychain Access.
  2. From the menu, select Keychain First Aid (on new versions - Keychain → Options → Reset Keychain to Default).
  3. Confirm the action (reboot required).
⚠️ Attention: Reset Keychain will delete all saved passwords, certificates and keys on your device! Before the procedure, be sure to export the backup copy.
How to bypass autocomplete="off" on websites?

Some extensions for Safari (for example, AutoFill Passwords) allow you to ignore the attribute autocomplete="off". You can also use scripts to Tampermonkey, which force autocomplete to be enabled. However, this may violate the site's security policy and lead to account blocking.

Password security in Safari: vulnerabilities and protection methods

Despite statements Apple about a high level of security iCloud Keychain, the system is not without vulnerabilities. In 2022, researchers from Google Project Zero discovered a critical flaw that allows attackers steal passwords from Safari without physical access to the device. Vulnerability (named CVE-2022-22620) exploited a processing error WebKit and was only corrected in iOS 15.4 And macOS 12.3.

Other potential risks:

  • 🕵️ Phishing attacks: Attackers can create fake login pages that Safari will be perceived as trusted.
  • 🔓 iCloud leak: If your Apple ID compromised, the attacker can gain access to all synchronized passwords.
  • 📱 Local access: On an unlocked device, anyone can export passwords via Settings (unless additional protection is configured).

To minimize risks:

  1. Enable two-factor authentication (2FA) for Apple ID through Settings → [Your name] → Password and security.
  2. Use a strong password for your Mac account (at least 12 characters with mixed case and special characters).
  3. Disable autofill for banking sites: B Safari Settings → Autofill add such sites to exceptions.
  4. Check your list of saved passwords regularly for the presence of suspicious entries (may indicate hacking).

It is also recommended to use hardware security keys (For example, YubiKey) for critical accounts. Although Safari does not support WebAuthn as wide as Chrome or Firefox, some sites (for example, Google or GitHub) allow you to bind a physical key as a second factor.

💡

Even if you trust iCloud Keychain, never store passwords from cryptocurrency wallets or high-profile corporate systems there. For such cases, use offline managers like KeePass.

Sync Passwords Between Devices: Setup and Troubleshooting

One of the main features iCloud Keychain — ability to synchronize passwords between all devices Apple. However, sometimes this process fails: passwords do not appear on the new iPhone, are duplicated or disappear after a system update. Let's figure out how to set up synchronization and fix common errors.

To enable synchronization:

  1. On Mac: System Preferences → Apple ID → iCloud → turn on Keychain.
  2. On iPhone/iPad: Settings → [Your Name] → iCloud → Passwords & Keys → turn on Sync this iPhone.

If passwords are not synced:

  • 🔄 Check your internet connection on all devices.
  • Please wait up to 24 hours - sometimes synchronization is delayed.
  • 📱 Update devices to the latest software (in Settings → General → Software Update).
  • 🔑 Sign out and sign back into iCloud on the problematic device.

If passwords are duplicated:

  1. Open Safari Settings → Passwords.
  2. Find duplicates and remove outdated entries.
  3. Click Done and wait for synchronization.

To diagnose problems with iCloud Keychain can be used sync log:

  1. On Mac open Console (from folder Utilities).
  2. In the search bar, enter keychain or icloud.
  3. Look for errors with tags ERROR or FAIL.

☑️ Check password synchronization

Done: 0 / 4

Alternatives to Safari's built-in password manager

Although iCloud Keychain convenient for ecosystem users Apple, it is inferior in functionality to specialized password managers. For example, it does not contain:

  • 🔗 Sharing passwords (as in 1Password or Bitwarden).
  • 📈 Security audit (checks for duplicate or weak passwords).
  • 🌐 Cross-platform support (for example, for Android or Linux).
  • 🔐 TOTP support (two-factor authentication codes, as in Authy).

If you need these features, consider the alternatives:

Password Manager Free plan Sync with Safari Unique features
1Password No (14-day trial) Yes (extension) Travel Mode, Family Sharing, Leak Audit
Bitwarden Yes (with restrictions) Yes (extension) Open-source, YubiKey support, TOTP generator
KeePass Yes (completely) Via plugins Offline storage, plugins for any OS
LastPass Yes (with restrictions) Yes (extension) Emergency access, dark web monitoring

To transfer passwords from Safari to a third party manager:

  1. Export them to CSV (as described above).
  2. Import the file into the new manager (most services have an option Import from CSV).
  3. Remove duplicates and check data integrity.

If you decide to completely abandon iCloud Keychain, disable it in settings iCloud and delete all saved passwords via Safari Settings → Passwords (click Delete everything).

FAQ: Frequently asked questions about passwords in Safari

Is it possible to recover passwords from iCloud Keychain if I have lost all my devices?

No. Apple does not provide the ability to recover passwords from iCloud Keychain without access to at least one trusted device. The only way is to restore them from a backup (if you exported CSV or made a backup Mac through Time Machine).

Why does Safari offer to save your password but doesn't autofill itLater?

This may happen due to:

  • Changed URL site (for example, from http on https).
  • JavaScript disabled on the login page.
  • Conflict with browser extensions (try disabling them in Safari Settings → Extensions).

Solution: Delete the saved password and enter it again.

How to protect an exported CSV file with passwords?

Use one of these methods:

  1. Encryption via Terminal:
    openssl enc -aes-256-cbc -salt -in Passwords.csv -out Passwords.enc

    (you will need to enter a password for encryption).

  2. Archiving with password:
    zip -e secure.zip Passwords.csv
  3. Storage in an encrypted container (For example, VeraCrypt).
Can iCloud Keychain be used on Windows?

Yes, but with restrictions. Install iCloud for Windows from Microsoft Store, enable the option Passwords in settings iCloud, and they will become available in the browser Chrome or Edge via extension iCloud Passwords. However, autocomplete will not work on all sites.

What to do if Safari saves the wrong password?

Follow these steps:

  1. Open Safari Settings → Passwords.
  2. Find the problematic site and delete the entry.
  3. Visit the site again, enter the correct data and save it.
  4. If the error persists, clear the Safari cache (Safari → Clear history).