People deserve to have a convenient and secure experience when using their favorite apps or online websites. You can help improve the safety of your online account offerings with improved password management tools and security recommendations, two-factor authentication improvements, and more. Here’s how you can use the latest tools and frameworks on Apple platforms to provide a better sign-in and account management workflow for people who use your apps and websites.

Discover improved password management tools and security recommendations

Passwords are a part of the modern online world — but that doesn't mean they have to be a pain point for people using your app or website. All Apple platforms support iCloud Keychain, a built-in password manager that syncs passwords across your devices. With macOS Big Sur and iOS 14, iCloud Keychain also provides a prioritized list of security recommendations for saved passwords, including those which have appeared in a third-party data breach.

iCloud Keychain’s Security Recommendations make people aware of account security risks. The new Account Authentication Modification Extension provides a simple and efficient upgrade experience for when your app needs an account upgrade. The extension offers a one-tap upgrade to convert a password-based account to use Sign in with Apple or to change the password for an account to a new, unique, strong password. You can also add the upgrades within your app using the AuthenticationServices Framework API.

One-tap account security upgrades

Watch now

Enhance SMS-delivered code security with domain-bound codes

Your website or app may offer additional login security in the form of SMS-delivered codes. On iPhone, Security Code AutoFill makes it easy for people to quickly supply these codes by offering them in the QuickType bar; on a Mac running macOS Big Sur or later, Mac Catalyst and AppKit apps can take advantage of this feature as well.

And to make it harder for an attacker to trick someone into entering their one-time code into a phishing site, SMS-delivered codes delivered to devices running iOS 14 and macOS Big Sur can also be associated with specific web domains. When you use a domain-bound code, AutoFill will suggest the code if — and only if — the domain is a match for the website or one of your app’s associated domains.

If you currently offer SMS as an authentication method, we strongly recommend adopting this standard to provide a more secure experience for people using your website or app.

Learn more about enhancing SMS-delivered code security with domain-bound codes

Adopt Password and Security Code AutoFill in Mac apps

With macOS Big Sur, apps can now take advantage of Password and Security Code AutoFill. Discover how to implement AutoFill in your Mac app and help people enter their information into fields easily, privately, and securely.

AutoFill everywhere

Watch now

Get the most out of Sign in with Apple

Sign in with Apple makes it easy for people to sign in to your apps and websites with the Apple ID they already have. Discover how you can fully integrate Sign in with Apple into your app using secure requests, and by handling state changes and server notifications.

Get the most out of Sign in with Apple

Watch now

Explore WebAuthentication with Face ID and Touch ID

With the the LocalAuthentication framework, it’s easy to provide support for logging into an app using Face ID or Touch ID. Websites in Safari can provide that same functionality by using WebAuthentication for devices running iOS 14, iPadOS 14, or macOS Big Sur or later. Learn how you can help people avoid typing in lengthy passwords on your website in lieu of convenient and secure Face ID or Touch ID authentication on the web.

Meet Face ID and Touch ID for the web

Watch now

Incorporate Credential Provider Extensions for password manager apps

If you develop a password manager or other credential management app, you can make it easy for people to access saved and secure information through Password AutoFill on iOS and macOS Big Sur. Discover how you can use a Credential Provider Extension to display your app’s information as a sign-in resource when people log into a website or app.