Bug in Passwords app: passwords without username compromised

Question

Bug in Passwords app: passwords without username compromised

Since I updated to macOS 15.4, in my passwords app, every single password without username is marked as compromised. These passwords don't appear in the security section in the app; yet, when we search the password, it is marked as compromised. When I try to add a new password without username it is marked as compromised. However, when I add the very same password with a username, the warning doesn't appear. Anyone experiencing the same problem? Do you think these passwords are really compromised?

MacBook Air (M1, 2020)

Posted on Apr 5, 2025 7:31 AM

Reply

Answer 1

Owl-53

Level 10

97,191 points

Apr 6, 2025 5:03 AM in response to FaniFenialina

Following the example from @Barney-15E

Using Sequoia 15.4 and the Password application

Using, " None " as the associated Name

Used the suggested Strong Password offered to generate the Alpha Numerical password " gosvar-zynmoS-tafbe0 "

It does not get Flagged

Go figure

If you believe this is a " Bug " by a definition by Apple

Start now and open an Apple Support Ticket as they are Apple Employees who deal will these types of issues .

Product Feedback - and make it known to Apple regarding this issue

Reply

Answer 2

Apr 6, 2025 4:30 PM in response to Pbeiler1

Pbeiler1 wrote:

My iOS 18.4 app incorrectly tells me I am using the password elsewhere. These falsely flagged items do not show in the security section. This did not show in the the previous iOS version.

Although my problem isn't exactly that, my falsely flagged items do not appear in the security section too! Have you written a product feedback to let Apple know of this bug Product Feedback - Apple? And what do you think? Do you think these passwords falsely flagged are really compromised?

Reply

Answer 3

Apr 5, 2025 8:58 AM in response to Barney-15E

The same password; the only difference: the first screenshot doesn't have username and the password is compromised; in the moment I add a username (second screenshot), the password is no longer flagged as compromised.

Reply

Answer 4

Apr 6, 2025 3:50 AM in response to FaniFenialina

Update: The same is happening in the Passwords app on iOS 18.4

Reply

Answer 5

Apr 27, 2025 5:56 AM in response to FaniFenialina

UPDATE: I discovered that I had a password without username that was really compromised (I checked on other platforms; that password appeared in the security section too) and, because I had already deleted that account, I moved that password to the deleted section. As soon as I did that, all the passwords without username that were earlier flagged as compromised were normal again. So, I think this is happening when we already have a password that was really compromised ou easy to guess.

Reply

Answer 6

fosk_93

Level 1

8 points

Apr 29, 2025 10:30 AM in response to FaniFenialina

I’m experiencing an issue where any password I create that uses my primary email address is automatically flagged as “compromised” by Apple’s password security system—regardless of the strength or complexity of the password.

To test this, I tried creating passwords using a different email address as the username, and those were not flagged. This leads me to believe that the issue may be linked to my specific email address rather than the password itself.

Anyone has the same? I am on Apple M1 Sequoia 15.4.1

Thanks

Reply

Answer 7

Apr 29, 2025 10:40 AM in response to fosk_93

The bug I'm having is not the same as yours but maybe they have a similar origin. Before you update to 18.4 or 18.4.1 you already had a password associated with that email flagged as compromised?

Because I noticed this yesterday: "UPDATE: I discovered that I had a password without username that was really compromised (I checked on other platforms; that password appeared in the security section too) and, because I had already deleted that account, I moved that password to the deleted section. As soon as I did that, all the passwords without username that were earlier flagged as compromised were normal again. So, I think this is happening when we already have a password that was really compromised ou easy to guess."

In my case, erasing that password from the Passwords app solved the problem.

Reply

Answer 8

Barney-15E

Level 10

120,162 points

Apr 5, 2025 7:43 AM in response to FaniFenialina

I just created one without a username and used the strong password suggestion. It didn't get flagged.

Reply

Answer 9

Barney-15E

Level 10

120,162 points

Apr 5, 2025 9:30 AM in response to FaniFenialina

I believed you when you said it the first time.

I cannot replicate it and I have no idea what other things might be necessary to generate that warning.

Reply

Answer 10

Pbeiler1

Level 1

15 points

Apr 6, 2025 11:58 AM in response to FaniFenialina

My iOS 18.4 app incorrectly tells me I am using the password elsewhere. These falsely flagged items do not show in the security section. This did not show in the the previous iOS version.

Reply

Answer 11

Apr 27, 2025 6:01 AM in response to Pbeiler1

Do you know if, when you updated to iOS 18.4, you already had any password without a username that was truly flagged as reused?

Reply

Quick Links

Bug in Passwords app: passwords without username compromised