apple/password-manager-resources apple/password-manager-resources

  • Stars
    star
    4,144
  • Rank 10,450 (Top 0.3 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created over 4 years ago
  • Updated 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
apple/password-manager-resources
github

apple

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A place for creators and users of password managers to collaborate on resources to make password management better.

Password Manager Resources

Welcome!

The Password Manager Resources project exists so creators of password managers can collaborate on resources to make password management better for users. Resources currently consist of data, or "quirks", as well as code.

"Quirk" is a term from web browser development that refers to a website-specific, hard-coded behavior to work around an issue with a website that can't be fixed in a principled, universal way. In this project, it has the same meaning. Although ideally, the industry will work to eliminate the need for all of the quirks in this project, there's value in customizing behaviors to ensure better user experience. The current quirks are:

  • Password Rules: Rules to generate compatible passwords with websites' particular requirements.
  • Shared Credentials: Groups of websites known to use the same credential backend, which can be used to enhance suggested credentials to sign in to websites.
  • Change Password URLs: To drive the adoption of strong passwords, it's useful to be able to take users directly to websites' change password pages.
  • Websites Where 2FA Code is Appended to Password: Some websites use a two-factor authentication scheme where the user must append a generated code to their password when signing in.

Having password managers collaborate on these resources has three high-level benefits:

  1. By sharing resources, all password managers can improve their quality with less work than it'd take for any individual password manager to achieve the same effect.
  2. By publicly documenting website-specific behaviors, password managers can offer an incentive for websites to use standards or emerging standards to improve their compatibility with password managers; it's no fun to be called out on a list!
  3. By improving the quality of password managers, we improve user trust in them as a concept, which benefits everyone.

We encourage you to incorporate the data from this project into your password manager, but kindly ask that you please contribute any quirks you have back to the project so that all users of participating password managers can benefit from your discoveries and testing.

The Resources, In Detail

Password Rules

Many password managers generate strong, unique passwords for people so that they aren't tempted to create their passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't compatible with a website, a person not only has a bad experience but a reason to be tempted to create their password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.

The file quirks/password-rules.json contains a JSON object mapping domains to known good password rules for generating compatible passwords for use on that website. The Password Rules language is a human- and machine-readable way to concisely write and read the rules to generate a compatible password on a website. quirks/password-rules.json is the quirks version of the passwordRules attribute, which is currently an open WHATWG proposal and supported in Safari. The same language is part of native iOS application development API. If a website changes its password requirements to be general enough to not warrant quirks, or if it adopts the passwordRules attribute to accurately communicate its requirements to password managers and web browsers, it should be removed from this list.

When a domain is listed in quirks/password-rules.json, it means that that domain and all of its subdomains use the rule. For example, a rule for example.com will match URLs on example.com as well as *.example.com. A rule for a.example.com will match URLs on a.example.com as well as *.a.example.com, but will not match other subdomains of example.com such as b.example.com.

A rule that should only be applied to the exact domain stated as a key should have the exact-domain-match-only key set to a value of true. The absence of the exact-domain-match-only key means that it is false.

Password Rules Language Parser

An implementation of a parser for the Password Rules language that's written in JavaScript can be found in tools/PasswordRulesParser.js. It can be used as a reference implementation, interpreted in build systems to convert data/password-rules.json to an application-specific format, or interpreted at application runtime wherever it's possible to execute JavaScript (e.g. using the JavaScriptCore framework on Apple platforms).

A third-party parser implementation that's written in Rust is also available.

Shared Credentials

The files quirks/shared-credentials.json and quirks/shared-credentials-historical.json express relationships between groups of websites that share credentials. The -historical file describes such relationships that were valid in the past but either are not valid today or we don't have a high degree of confidence are valid today.

Information in quirks/shared-credentials.json can be used by password managers to offer contextually relevant accounts to users on first.website, even if credentials were previously saved for second.website. This list should not be used as part of any user experience that releases user credentials to a website without the user's explicit review and consent. In general, saved credentials should only be suggested to users with site-bound scoping. This list is appropriate for allowing a credential saved for website A to appear on website B if the website the credential was saved for is clearly stated.

There are existing proposals to allow different domains to declare an affiliation with each other, which could be a way for websites to solve this problem themselves, given browser and password manager adoption of such a proposal. Until and perhaps beyond then, it is useful to have these groupings of websites to make password filling suggestions more useful.

Information in quirks/shared-credentials-historical.json can be used by password managers to suppress password reuse warnings across websites, given that website A and website B once were known to share credentials in the past.

The Contributing document goes into detail on the format of these files.

Change Password URLs

The file quirks/change-password-URLs.json contains a JSON object mapping domains to URLs where users can change their password. This is the quirks version of the Well Known URL for Changing Passwords. If a website adopts the Change Password URL, it should be removed from this list.

Websites Where 2FA Code is Appended to Password

The file quirks/websites-that-append-2fa-to-password.json contains a JSON array of domains which use a two-factor authentication scheme where the user must append a generated code to their password when signing in. This list of websites could be used to prevent auto-submission of signin forms, allowing the user to append the 2FA code without frustration. It can also be used to suppress prompting to update a saved password when the submitted password is prefixed by the already-stored password.

Contributing

Please review how to contribute if you would like to submit a pull request.

Asking Questions and Discussing Ideas

If you have any questions you'd like to ask publicly, or ideas you'd like to discuss, please raise a GitHub issue or send a message in the project's Slack instance. Anyone participating in the project is welcome to join the Slack instance by emailing the project's maintainers at Apple and asking for an invitation. Please include your GitHub user name when you do this.

Project Maintenance

Project maintenance involves, but is not limited to, adding clarity to incoming issues and reviewing pull requests. Project maintainers can approve and merge pull requests. Reviewing a pull request involves judging that a proposed contribution follows the project's guidelines, as described by the guide to contributing. If you are interested in becoming a project maintainer, please email the project maintainers at Apple with the following information:

  • Your name
  • Your GitHub user name
  • Any organizations you're affiliated with that are related to password management, including professionally
  • Links to examples of pull requests submitted, review feedback given, and comments on issues that demonstrate why you'd be a good project maintainer

Ideally, you'd provide somewhere between five and eight examples. The purpose of this note is to remind the Apple maintainers of who you are; ideally, before sending this message, we already know you from your great contributions!

Project maintainers are expected to always follow the project's Code of Conduct, and help to model it for others.

Project Governance

Although we expect this to happen very infrequently, Apple reserves the right to make changes, including changes to data format and scope, to the project at any time.

More Repositories

1

swift

The Swift Programming Language
C++
66,491
star
2

ml-stable-diffusion

Stable Diffusion with Core ML on Apple Silicon
Python
16,831
star
3

swift-evolution

This maintains proposals for changes and user-visible enhancements to the Swift Programming Language.
Markdown
15,085
star
4

foundationdb

FoundationDB - the open source, distributed, transactional key-value store
C++
14,444
star
5

turicreate

Turi Create simplifies the development of custom machine learning models.
C++
11,197
star
6

darwin-xnu

The Darwin Kernel (mirror). This repository is a pure mirror and contributions are currently not accepted via pull-requests, please submit your contributions via https://developer.apple.com/bug-reporting/
C
10,558
star
7

pkl

A configuration as code language with rich validation and tooling.
Java
10,223
star
8

swift-package-manager

The Package Manager for the Swift Programming Language
Swift
9,637
star
9

ml-ferret

Python
8,415
star
10

swift-nio

Event-driven network application framework for high performance protocol servers & clients, non-blocking.
Swift
7,274
star
11

corenet

CoreNet: A library for training deep neural networks
Jupyter Notebook
6,968
star
12

swift-algorithms

Commonly used sequence and collection algorithms for Swift
Swift
5,885
star
13

swift-corelibs-foundation

The Foundation Project, providing core utilities, internationalization, and OS independence
C
5,269
star
14

swift-protobuf

Plugin and runtime library for using protobuf with Swift
Swift
4,561
star
15

coremltools

Core ML tools contain supporting tools for Core ML model conversion, editing, and validation.
Python
4,401
star
16

ml-mgie

Python
3,853
star
17

tensorflow_macos

TensorFlow for macOS 11.0+ accelerated using Apple's ML Compute framework.
Shell
3,672
star
18

swift-collections

Commonly used data structures for Swift
Swift
3,651
star
19

ml-depth-pro

Depth Pro: Sharp Monocular Metric Depth in Less Than a Second.
Python
3,436
star
20

swift-argument-parser

Straightforward, type-safe argument parsing for Swift
Swift
3,289
star
21

sourcekit-lsp

Language Server Protocol implementation for Swift and C-based languages
Swift
3,160
star
22

swift-syntax

A set of Swift libraries for parsing, inspecting, generating, and transforming Swift source code.
Swift
3,064
star
23

swift-log

A Logging API for Swift
Swift
2,931
star
24

swift-async-algorithms

Async Algorithms for Swift
Swift
2,895
star
25

swift-markdown

A Swift package for parsing, building, editing, and analyzing Markdown documents.
Swift
2,669
star
26

ml-ane-transformers

Reference implementation of the Transformer architecture optimized for Apple Neural Engine (ANE)
Python
2,527
star
27

swift-corelibs-libdispatch

The libdispatch Project, (a.k.a. Grand Central Dispatch), for concurrency on multicore hardware
C
2,467
star
28

HomeKitADK

C
2,456
star
29

swift-format

Formatting technology for Swift source code
Swift
2,341
star
30

swift-foundation

The Foundation project
Swift
2,302
star
31

homebrew-apple

Ruby
2,240
star
32

cups

Apple CUPS Sources
C
1,926
star
33

axlearn

An Extensible Deep Learning Library
Python
1,840
star
34

ml-fastvit

This repository contains the official implementation of the research paper, "FastViT: A Fast Hybrid Vision Transformer using Structural Reparameterization" ICCV 2023
Python
1,826
star
35

ml-cvnets

CVNets: A library for training computer vision networks
Python
1,777
star
36

sample-food-truck

SwiftUI sample code from WWDC22
Swift
1,738
star
37

swift-numerics

Advanced mathematical types and functions for Swift
Swift
1,669
star
38

swift-book

The Swift Programming Language book
Markdown
1,666
star
39

ml-4m

4M: Massively Multimodal Masked Modeling
Python
1,590
star
40

swift-testing

A modern, expressive testing package for Swift
Swift
1,582
star
41

ml-hypersim

Hypersim: A Photorealistic Synthetic Dataset for Holistic Indoor Scene Understanding
Python
1,495
star
42

swift-crypto

Open-source implementation of a substantial portion of the API of Apple CryptoKit suitable for use on Linux platforms.
C
1,441
star
43

swift-openapi-generator

Generate Swift client and server code from an OpenAPI document.
Swift
1,423
star
44

swift-docker

Docker Official Image packaging for Swift
Dockerfile
1,331
star
45

ml-neuman

Official repository of NeuMan: Neural Human Radiance Field from a Single Video (ECCV 2022)
Python
1,256
star
46

swift-system

Low-level system calls and types for Swift
Swift
1,166
star
47

swift-docc

Documentation compiler that produces rich API reference documentation and interactive tutorials for your Swift framework or package.
Swift
1,140
star
48

swift-corelibs-xctest

The XCTest Project, A Swift core library for providing unit test support
Swift
1,138
star
49

swift-llbuild

A low-level build system, used by Xcode and the Swift Package Manager
C++
1,072
star
50

swift-atomics

Low-level atomic operations for Swift
Swift
1,050
star
51

servicetalk

A networking framework that evolves with your application
Java
910
star
52

swift-http-types

Version-independent HTTP currency types for Swift
Swift
902
star
53

swift-llvm

LLVM
813
star
54

swift-driver

Swift compiler driver reimplementation in Swift
Swift
784
star
55

swift-protobuf-plugin

Moved to apple/swift-protobuf
755
star
56

unityplugins

C#
721
star
57

swift-embedded-examples

A collection of example projects using Embedded Swift
Swift
713
star
58

ml-mobileone

This repository contains the official implementation of the research paper, "An Improved One millisecond Mobile Backbone".
Swift
709
star
59

ml-aim

This repository provides the code and model checkpoints of the research paper: Scalable Pre-training of Large Autoregressive Image Models
Python
693
star
60

swift-lldb

This is the version of LLDB that supports the Swift programming language & REPL.
C++
674
star
61

swift-clang

C++
672
star
62

ml-gaudi

611
star
63

ml-mobileclip

This repository contains the official implementation of the research paper, "MobileCLIP: Fast Image-Text Models through Multi-Modal Reinforced Training" CVPR 2024
Python
605
star
64

swift-metrics

Metrics API for Swift
Swift
602
star
65

swift-distributed-actors

Peer-to-peer cluster implementation for Swift Distributed Actors
Swift
591
star
66

ARKitScenes

This repo accompanies the research paper, ARKitScenes - A Diverse Real-World Dataset for 3D Indoor Scene Understanding Using Mobile RGB-D Data and contains the data, scripts to visualize and process assets, and training code described in our paper.
Python
589
star
67

device-management

Device management schema data for MDM.
580
star
68

sample-backyard-birds

Swift
544
star
69

ml-facelit

Official repository of FaceLit: Neural 3D Relightable Faces (CVPR 2023)
Python
472
star
70

ccs-calendarserver

The Calendar and Contacts Server.
Python
470
star
71

swift-3-api-guidelines-review

Swift
455
star
72

swift-org-website

Swift.org website
SCSS
450
star
73

GCGC

Jupyter Notebook
438
star
74

ml-mdm

Train high-quality text-to-image diffusion models in a data & compute efficient manner
Python
433
star
75

swift-nio-http2

HTTP/2 support for SwiftNIO
Swift
405
star
76

swift-tools-support-core

Contains common infrastructural code for both SwiftPM and llbuild.
Swift
390
star
77

swift-nio-ssh

SwiftNIO SSH is a programmatic implementation of SSH using SwiftNIO
Swift
389
star
78

swift-playdate-examples

An Embedded Swift game running on Playdate by Panic
Swift
386
star
79

swift-nio-ssl

TLS Support for SwiftNIO, based on BoringSSL.
C
345
star
80

ml-gmpi

[ECCV 2022, Oral Presentation] Official PyTorch implementation of GMPI
Python
339
star
81

example-package-dealer

Example package for use with the Swift Package Manager
Swift
335
star
82

security-pcc

Private Cloud Compute (PCC)
Swift
334
star
83

swift-collections-benchmark

A benchmarking tool for Swift Collection algorithms
Swift
333
star
84

swift-homomorphic-encryption

Homomorphic Encryption library and applications in Swift
Swift
330
star
85

example-package-playingcard

Example package for use with the Swift Package Manager
Swift
323
star
86

indexstore-db

Index database library for use with sourcekit-lsp
C++
315
star
87

swift-docc-render

Web renderer for Swift-DocC documentation.
JavaScript
307
star
88

ml-hierarchical-confusion-matrix

Neo: Hierarchical Confusion Matrix Visualization (CHI 2022)
TypeScript
302
star
89

swift-docc-plugin

Swift Package Manager command plugin for Swift-DocC
Swift
301
star
90

swift-migration-guide

Markdown
294
star
91

ml-sigma-reparam

Python
292
star
92

pfl-research

Simulation framework for accelerating research in Private Federated Learning
Jupyter Notebook
289
star
93

ml-gsn

Python
284
star
94

swift-llbuild2

A fresh take on a low-level build system API.
Swift
281
star
95

swift-source-compat-suite

The infrastructure and project index comprising the Swift source compatibility suite.
Python
280
star
96

swift-xcode-playground-support

Logging and communication to allow Swift toolchains to communicate with Xcode.
Swift
279
star
97

sample-cloudkit-sharing

Swift
275
star
98

swift-experimental-string-processing

An early experimental general-purpose pattern matching engine for Swift.
Swift
270
star
99

swift-matter-examples

An Embedded Swift Matter application running on ESP32-C6
Swift
266
star
100

pkl-go

Pkl bindings for the Go programming language
Go
263
star