Browser Safari from Apple has long become an integral part of the ecosystem of devices on macOS And iOS. One of its key features is the built-in password manager − iCloud Keychain, which automatically saves logins, passwords, credit card information and even two-factor authentication codes. But how exactly does this system work? Can you trust her with sensitive information, and what should you do if access to your saved passwords suddenly disappears?
In this article we will look at all aspects of working with passwords in Safari: from basic setup to advanced features like generating complex passwords and syncing between devices. You will learn how export passwords to an encrypted file for backup (the function that Apple hid from users for a long time), how to restore access if the device is lost, and why sometimes Safari refuses to save passwords on certain sites. We will also reveal little-known vulnerabilities and give specific recommendations for protection against phishing and leaks.
How Safari saves passwords: how iCloud Keychain works
The password storage system is based on Safari lies the technology iCloud Keychain — encrypted storage integrated into operating systems Apple. When you enter your username and password on the site, the browser prompts you to save them in Keychain. This data is encrypted using 256-bit AES and become attached to yours Apple ID, which allows you to synchronize them between iPhone, iPad, Mac and even Windows-PC (when installing iCloud for Windows).
It is important to understand that passwords are not stored on Apple servers in clear text. Instead, the model is used end-to-end encryption: Encryption keys are generated on your device and are never transmitted to Apple. This means that even if attackers hack the company's servers, they won't be able to decrypt your passwords without access to your device or backup.
- 🔐 Local storage: Passwords are stored in the system
Keychainon each device (for example, in~/Library/Keychains/on Mac). - ☁️ Sync via iCloud: Data is transferred between devices in encrypted form using the protocol
HTTPS. - 🔄 Autocomplete: Safari uses machine learningto only offer passwords on trusted sites.
- 🛡️ Phishing protection: The system warns you if you enter a password on a fake site.
However, this system also has weaknesses. For example, if you lose access to all your devices Apple (or forget your password Apple ID), recover passwords from iCloud Keychain there will be impossible — they cannot be reset through support, as some other password managers do. Therefore, it is critical to configure backup (we'll talk about it later).
- Constantly
- Only on trusted sites
- Nearby, but I prefer to enter manually
- I never trust the browser
Where to find saved passwords in Safari on Mac and iPhone
Access to saved passwords in Safari can be obtained in several ways - through browser settings, system tools, or even a voice assistant Siri. Let's consider all the options.
On macOS (Ventura, Sonoma and older)
- Open Safari and go to menu
Safari → Preferences(or click⌘ + ,). - Select a tab
Passwords(you will need to enter your account password Mac orTouch ID). - You will see a list of all saved logins. Double-click on the entry to view or edit the password.
On iPhone or iPad (iOS 17 and later)
- Open
Settingsand go to the sectionPasswords and accounts(on older versions -Passwords and keys). - Select
Passwords for sites and applications(confirmation requiredFace ID/Touch IDor device password). - Scroll the list or use search to find the entry you're looking for.
Also on Mac you can use the system application bunch of keys (Keychain Access), which is in Programs → Utilities. Not only passwords from Safari, but also certificates, keys SSH, data Wi-Fi and other sensitive information. To find the password:
- Open
Keychain Access. - Enter the site name in the search bar.
- Double click on the entry and check the box
Show passwordand enter the system password.
If you often forget passwords, turn on the "Suggest strong passwords" option in Safari preferences (Passwords tab). The browser will automatically generate and save unique combinations up to 20 characters long.
Exporting and importing passwords: how to make a backup copy
Apple for a long time did not provide users with the ability to export passwords from iCloud Keychain to the file, citing security reasons. However, with the release macOS Monterey (2021) and iOS 15 This function has finally become available - albeit with serious limitations. For example, you can export passwords only in CSV format, which is not secure by default.
To export passwords to Mac:
- Open
Safari Settings → Passwords. - Click on the three dots at the bottom of the window and select
Export passwords. - Confirm the action with
Touch IDor account password. - Select a location to save the file (the default is
Documents).
The file will be saved in the format .csv with name Passwords.csv. Attention: this file not encrypted and contains all your passwords in clear text! To protect it:
- 🔒 Immediately after export, archive the file with a password (for example, via
Terminalteamzip -e passwords.zip Passwords.csv). - 🗑️ Remove the original one
CSV-file after archiving. - 💾 Store the archive on an encrypted disk or in a secure cloud (for example, Proton Drive).
To import passwords from CSV:
- B
Safari Settings → Passwordsclick on the three dots and selectImport passwords. - Specify the path to the file
.csv(it must be in the formatURL,Username,Password). - Confirm import.
⚠️ Attention: Import passwords from third party managers (for example, 1Password or LastPass) may result in duplicate entries. It is recommended to clear before importing iCloud Keychain from outdated data.
| Format | Is Safari supported? | Security level | Notes |
|---|---|---|---|
.csv |
Yes (export/import) | ❌ Low (plain text) | Requires manual encryption |
.kdbx (KeePass) |
No | ✅ High (AES-256) | Can be converted via KeePassXC |
.1pif (1Password) |
No | ✅ High | Requires conversion to CSV |
.json (Bitwarden) |
No | ⚠️ Average | Can be imported via Bitwarden → CSV → Safari |
Problems saving passwords: Why Safari doesn't offer to save data
Sometimes Safari Refuses to save passwords on certain sites, despite the autofill feature being enabled. There may be several reasons:
- 🚫 The site prohibits saving: Some resources (for example, banking portals) add the attribute to the page code
autocomplete="off"orautocomplete="new-password", blocking saving. - 🔄 Outdated version of Safari: B
macOS Mojaveand older, bugs with auto-completion may occur. - 🛠️ Damaged Keychain: If the system keychain is damaged, Safari will not be able to save new passwords.
- 📱 iCloud Limitations: When syncing is disabled on your device
iCloud Keychain, passwords are only saved locally.
To force a password to be saved on a problematic site:
- Enter your username and password manually.
- After successful authorization, open
Safari Settings → Passwords. - Click
+(plus) at the bottom of the list and enter the data manually.
If the problem occurs on all sites, try resetting Keychain:
- Open
Keychain Access. - From the menu, select
Keychain First Aid(on new versions -Keychain → Options → Reset Keychain to Default). - Confirm the action (reboot required).
⚠️ Attention: Reset Keychain will delete all saved passwords, certificates and keys on your device! Before the procedure, be sure to export the backup copy.
How to bypass autocomplete="off" on websites?
Some extensions for Safari (for example, AutoFill Passwords) allow you to ignore the attribute autocomplete="off". You can also use scripts to Tampermonkey, which force autocomplete to be enabled. However, this may violate the site's security policy and lead to account blocking.
Password security in Safari: vulnerabilities and protection methods
Despite statements Apple about a high level of security iCloud Keychain, the system is not without vulnerabilities. In 2022, researchers from Google Project Zero discovered a critical flaw that allows attackers steal passwords from Safari without physical access to the device. Vulnerability (named CVE-2022-22620) exploited a processing error WebKit and was only corrected in iOS 15.4 And macOS 12.3.
Other potential risks:
- 🕵️ Phishing attacks: Attackers can create fake login pages that Safari will be perceived as trusted.
- 🔓 iCloud leak: If your
Apple IDcompromised, the attacker can gain access to all synchronized passwords. - 📱 Local access: On an unlocked device, anyone can export passwords via
Settings(unless additional protection is configured).
To minimize risks:
- Enable two-factor authentication (2FA) for Apple ID through
Settings → [Your name] → Password and security. - Use a strong password for your Mac account (at least 12 characters with mixed case and special characters).
- Disable autofill for banking sites: B
Safari Settings → Autofilladd such sites to exceptions. - Check your list of saved passwords regularly for the presence of suspicious entries (may indicate hacking).
It is also recommended to use hardware security keys (For example, YubiKey) for critical accounts. Although Safari does not support WebAuthn as wide as Chrome or Firefox, some sites (for example, Google or GitHub) allow you to bind a physical key as a second factor.
Even if you trust iCloud Keychain, never store passwords from cryptocurrency wallets or high-profile corporate systems there. For such cases, use offline managers like KeePass.
Sync Passwords Between Devices: Setup and Troubleshooting
One of the main features iCloud Keychain — ability to synchronize passwords between all devices Apple. However, sometimes this process fails: passwords do not appear on the new iPhone, are duplicated or disappear after a system update. Let's figure out how to set up synchronization and fix common errors.
To enable synchronization:
- On Mac:
System Preferences → Apple ID → iCloud→ turn onKeychain. - On iPhone/iPad:
Settings → [Your Name] → iCloud → Passwords & Keys→ turn onSync this iPhone.
If passwords are not synced:
- 🔄 Check your internet connection on all devices.
- ⏳ Please wait up to 24 hours - sometimes synchronization is delayed.
- 📱 Update devices to the latest software (in
Settings → General → Software Update). - 🔑 Sign out and sign back into iCloud on the problematic device.
If passwords are duplicated:
- Open
Safari Settings → Passwords. - Find duplicates and remove outdated entries.
- Click
Doneand wait for synchronization.
To diagnose problems with iCloud Keychain can be used sync log:
- On Mac open
Console(from folderUtilities). - In the search bar, enter
keychainoricloud. - Look for errors with tags
ERRORorFAIL.
☑️ Check password synchronization
Alternatives to Safari's built-in password manager
Although iCloud Keychain convenient for ecosystem users Apple, it is inferior in functionality to specialized password managers. For example, it does not contain:
- 🔗 Sharing passwords (as in 1Password or Bitwarden).
- 📈 Security audit (checks for duplicate or weak passwords).
- 🌐 Cross-platform support (for example, for Android or Linux).
- 🔐 TOTP support (two-factor authentication codes, as in Authy).
If you need these features, consider the alternatives:
| Password Manager | Free plan | Sync with Safari | Unique features |
|---|---|---|---|
| 1Password | No (14-day trial) | Yes (extension) | Travel Mode, Family Sharing, Leak Audit |
| Bitwarden | Yes (with restrictions) | Yes (extension) | Open-source, YubiKey support, TOTP generator |
| KeePass | Yes (completely) | Via plugins | Offline storage, plugins for any OS |
| LastPass | Yes (with restrictions) | Yes (extension) | Emergency access, dark web monitoring |
To transfer passwords from Safari to a third party manager:
- Export them to
CSV(as described above). - Import the file into the new manager (most services have an option
Import from CSV). - Remove duplicates and check data integrity.
If you decide to completely abandon iCloud Keychain, disable it in settings iCloud and delete all saved passwords via Safari Settings → Passwords (click Delete everything).
FAQ: Frequently asked questions about passwords in Safari
Is it possible to recover passwords from iCloud Keychain if I have lost all my devices?
No. Apple does not provide the ability to recover passwords from iCloud Keychain without access to at least one trusted device. The only way is to restore them from a backup (if you exported CSV or made a backup Mac through Time Machine).
Why does Safari offer to save your password but doesn't autofill itLater?
This may happen due to:
- Changed
URLsite (for example, fromhttponhttps). - JavaScript disabled on the login page.
- Conflict with browser extensions (try disabling them in
Safari Settings → Extensions).
Solution: Delete the saved password and enter it again.
How to protect an exported CSV file with passwords?
Use one of these methods:
- Encryption via Terminal:
openssl enc -aes-256-cbc -salt -in Passwords.csv -out Passwords.enc(you will need to enter a password for encryption).
- Archiving with password:
zip -e secure.zip Passwords.csv - Storage in an encrypted container (For example, VeraCrypt).
Can iCloud Keychain be used on Windows?
Yes, but with restrictions. Install iCloud for Windows from Microsoft Store, enable the option Passwords in settings iCloud, and they will become available in the browser Chrome or Edge via extension iCloud Passwords. However, autocomplete will not work on all sites.
What to do if Safari saves the wrong password?
Follow these steps:
- Open
Safari Settings → Passwords. - Find the problematic site and delete the entry.
- Visit the site again, enter the correct data and save it.
- If the error persists, clear the Safari cache (
Safari → Clear history).