apple/password-manager-resources apple/password-manager-resources

  • Stars
    star
    4,010
  • Rank 10,327 (Top 0.3 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 4 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
apple/password-manager-resources
github

apple

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A place for creators and users of password managers to collaborate on resources to make password management better.

Password Manager Resources

Welcome!

The Password Manager Resources project exists so creators of password managers can collaborate on resources to make password management better for users. Resources currently consist of data, or "quirks", as well as code.

"Quirk" is a term from web browser development that refers to a website-specific, hard-coded behavior to work around an issue with a website that can't be fixed in a principled, universal way. In this project, it has the same meaning. Although ideally, the industry will work to eliminate the need for all of the quirks in this project, there's value in customizing behaviors to ensure better user experience. The current quirks are:

  • Password Rules: Rules to generate compatible passwords with websites' particular requirements.
  • Shared Credentials: Groups of websites known to use the same credential backend, which can be used to enhance suggested credentials to sign in to websites.
  • Change Password URLs: To drive the adoption of strong passwords, it's useful to be able to take users directly to websites' change password pages.
  • Websites Where 2FA Code is Appended to Password: Some websites use a two-factor authentication scheme where the user must append a generated code to their password when signing in.

Having password managers collaborate on these resources has three high-level benefits:

  1. By sharing resources, all password managers can improve their quality with less work than it'd take for any individual password manager to achieve the same effect.
  2. By publicly documenting website-specific behaviors, password managers can offer an incentive for websites to use standards or emerging standards to improve their compatibility with password managers; it's no fun to be called out on a list!
  3. By improving the quality of password managers, we improve user trust in them as a concept, which benefits everyone.

We encourage you to incorporate the data from this project into your password manager, but kindly ask that you please contribute any quirks you have back to the project so that all users of participating password managers can benefit from your discoveries and testing.

The Resources, In Detail

Password Rules

Many password managers generate strong, unique passwords for people so that they aren't tempted to create their passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't compatible with a website, a person not only has a bad experience but a reason to be tempted to create their password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.

The file quirks/password-rules.json contains a JSON object mapping domains to known good password rules for generating compatible passwords for use on that website. The Password Rules language is a human- and machine-readable way to concisely write and read the rules to generate a compatible password on a website. quirks/password-rules.json is the quirks version of the passwordRules attribute, which is currently an open WHATWG proposal and supported in Safari. The same language is part of native iOS application development API. If a website changes its password requirements to be general enough to not warrant quirks, or if it adopts the passwordRules attribute to accurately communicate its requirements to password managers and web browsers, it should be removed from this list.

When a domain is listed in quirks/password-rules.json, it means that that domain and all of its subdomains use the rule. For example, a rule for example.com will match URLs on example.com as well as *.example.com. A rule for a.example.com will match URLs on a.example.com as well as *.a.example.com, but will not match other subdomains of example.com such as b.example.com.

A rule that should only be applied to the exact domain stated as a key should have the exact-domain-match-only key set to a value of true. The absence of the exact-domain-match-only key means that it is false.

Password Rules Language Parser

An implementation of a parser for the Password Rules language that's written in JavaScript can be found in tools/PasswordRulesParser.js. It can be used as a reference implementation, interpreted in build systems to convert data/password-rules.json to an application-specific format, or interpreted at application runtime wherever it's possible to execute JavaScript (e.g. using the JavaScriptCore framework on Apple platforms).

A third-party parser implementation that's written in Rust is also available.

Shared Credentials

The files quirks/shared-credentials.json and quirks/shared-credentials-historical.json express relationships between groups of websites that share credentials. The -historical file describes such relationships that were valid in the past but either are not valid today or we don't have a high degree of confidence are valid today.

Information in quirks/shared-credentials.json can be used by password managers to offer contextually relevant accounts to users on first.website, even if credentials were previously saved for second.website. This list should not be used as part of any user experience that releases user credentials to a website without the user's explicit review and consent. In general, saved credentials should only be suggested to users with site-bound scoping. This list is appropriate for allowing a credential saved for website A to appear on website B if the website the credential was saved for is clearly stated.

There are existing proposals to allow different domains to declare an affiliation with each other, which could be a way for websites to solve this problem themselves, given browser and password manager adoption of such a proposal. Until and perhaps beyond then, it is useful to have these groupings of websites to make password filling suggestions more useful.

Information in quirks/shared-credentials-historical.json can be used by password managers to suppress password reuse warnings across websites, given that website A and website B once were known to share credentials in the past.

The Contributing document goes into detail on the format of these files.

Change Password URLs

The file quirks/change-password-URLs.json contains a JSON object mapping domains to URLs where users can change their password. This is the quirks version of the Well Known URL for Changing Passwords. If a website adopts the Change Password URL, it should be removed from this list.

Websites Where 2FA Code is Appended to Password

The file quirks/websites-that-append-2fa-to-password.json contains a JSON array of domains which use a two-factor authentication scheme where the user must append a generated code to their password when signing in. This list of websites could be used to prevent auto-submission of signin forms, allowing the user to append the 2FA code without frustration. It can also be used to suppress prompting to update a saved password when the submitted password is prefixed by the already-stored password.

Contributing

Please review how to contribute if you would like to submit a pull request.

Asking Questions and Discussing Ideas

If you have any questions you'd like to ask publicly, or ideas you'd like to discuss, please raise a GitHub issue or send a message in the project's Slack instance. Anyone participating in the project is welcome to join the Slack instance by emailing the project's maintainers at Apple and asking for an invitation. Please include your GitHub user name when you do this.

Project Maintenance

Project maintenance involves, but is not limited to, adding clarity to incoming issues and reviewing pull requests. Project maintainers can approve and merge pull requests. Reviewing a pull request involves judging that a proposed contribution follows the project's guidelines, as described by the guide to contributing. If you are interested in becoming a project maintainer, please email the project maintainers at Apple with the following information:

  • Your name
  • Your GitHub user name
  • Any organizations you're affiliated with that are related to password management, including professionally
  • Links to examples of pull requests submitted, review feedback given, and comments on issues that demonstrate why you'd be a good project maintainer

Ideally, you'd provide somewhere between five and eight examples. The purpose of this note is to remind the Apple maintainers of who you are; ideally, before sending this message, we already know you from your great contributions!

Project maintainers are expected to always follow the project's Code of Conduct, and help to model it for others.

Project Governance

Although we expect this to happen very infrequently, Apple reserves the right to make changes, including changes to data format and scope, to the project at any time.

More Repositories

1

swift

The Swift Programming Language
C++
65,899
star
2

ml-stable-diffusion

Stable Diffusion with Core ML on Apple Silicon
Python
16,002
star
3

swift-evolution

This maintains proposals for changes and user-visible enhancements to the Swift Programming Language.
Markdown
15,013
star
4

foundationdb

FoundationDB - the open source, distributed, transactional key-value store
C++
13,947
star
5

turicreate

Turi Create simplifies the development of custom machine learning models.
C++
11,153
star
6

darwin-xnu

The Darwin Kernel (mirror). This repository is a pure mirror and contributions are currently not accepted via pull-requests, please submit your contributions via https://developer.apple.com/bug-reporting/
C
10,558
star
7

swift-package-manager

The Package Manager for the Swift Programming Language
Swift
9,592
star
8

ml-ferret

Python
7,576
star
9

swift-nio

Event-driven network application framework for high performance protocol servers & clients, non-blocking.
Swift
7,274
star
10

swift-algorithms

Commonly used sequence and collection algorithms for Swift
Swift
5,622
star
11

swift-corelibs-foundation

The Foundation Project, providing core utilities, internationalization, and OS independence
Swift
5,189
star
12

swift-protobuf

Plugin and runtime library for using protobuf with Swift
Swift
4,446
star
13

coremltools

Core ML tools contain supporting tools for Core ML model conversion, editing, and validation.
Python
3,974
star
14

ml-mgie

Python
3,682
star
15

tensorflow_macos

TensorFlow for macOS 11.0+ accelerated using Apple's ML Compute framework.
Shell
3,643
star
16

swift-collections

Commonly used data structures for Swift
Swift
3,434
star
17

pkl

A configuration as code language with rich validation and tooling.
Java
3,360
star
18

swift-argument-parser

Straightforward, type-safe argument parsing for Swift
Swift
3,163
star
19

sourcekit-lsp

Language Server Protocol implementation for Swift and C-based languages
Swift
3,110
star
20

swift-log

A Logging API for Swift
Swift
2,931
star
21

swift-syntax

A set of Swift libraries for parsing, inspecting, generating, and transforming Swift source code.
Swift
2,887
star
22

swift-async-algorithms

Async Algorithms for Swift
Swift
2,695
star
23

swift-markdown

A Swift package for parsing, building, editing, and analyzing Markdown documents.
Swift
2,586
star
24

HomeKitADK

C
2,456
star
25

ml-ane-transformers

Reference implementation of the Transformer architecture optimized for Apple Neural Engine (ANE)
Python
2,431
star
26

swift-corelibs-libdispatch

The libdispatch Project, (a.k.a. Grand Central Dispatch), for concurrency on multicore hardware
C
2,420
star
27

swift-format

Formatting technology for Swift source code
Swift
2,261
star
28

homebrew-apple

Ruby
2,227
star
29

swift-foundation

The Foundation project
Swift
2,088
star
30

cups

Apple CUPS Sources
C
1,828
star
31

sample-food-truck

SwiftUI sample code from WWDC22
Swift
1,695
star
32

ml-fastvit

This repository contains the official implementation of the research paper, "FastViT: A Fast Hybrid Vision Transformer using Structural Reparameterization" ICCV 2023
Python
1,693
star
33

ml-cvnets

CVNets: A library for training computer vision networks
Python
1,664
star
34

swift-book

The Swift Programming Language book
Markdown
1,616
star
35

swift-numerics

Advanced mathematical types and functions for Swift
Swift
1,602
star
36

ml-hypersim

Hypersim: A Photorealistic Synthetic Dataset for Holistic Indoor Scene Understanding
Python
1,495
star
37

swift-crypto

Open-source implementation of a substantial portion of the API of Apple CryptoKit suitable for use on Linux platforms.
C
1,400
star
38

swift-docker

Docker Official Image packaging for Swift
Dockerfile
1,331
star
39

ml-neuman

Official repository of NeuMan: Neural Human Radiance Field from a Single Video (ECCV 2022)
Python
1,233
star
40

swift-openapi-generator

Generate Swift client and server code from an OpenAPI document.
Swift
1,142
star
41

swift-system

Low-level system calls and types for Swift
Swift
1,137
star
42

swift-corelibs-xctest

The XCTest Project, A Swift core library for providing unit test support
Swift
1,120
star
43

swift-docc

Documentation compiler that produces rich API reference documentation and interactive tutorials for your Swift framework or package.
Swift
1,093
star
44

swift-llbuild

A low-level build system, used by Xcode and the Swift Package Manager
C++
1,067
star
45

swift-atomics

Low-level atomic operations for Swift
Swift
1,004
star
46

swift-testing

Swift
981
star
47

servicetalk

A networking framework that evolves with your application
Java
881
star
48

swift-http-types

Version-independent HTTP currency types for Swift
Swift
815
star
49

swift-llvm

LLVM
815
star
50

swift-driver

Swift compiler driver reimplementation in Swift
Swift
764
star
51

swift-protobuf-plugin

Moved to apple/swift-protobuf
757
star
52

swift-lldb

This is the version of LLDB that supports the Swift programming language & REPL.
C++
673
star
53

swift-clang

C++
673
star
54

unityplugins

C#
645
star
55

ml-mobileone

This repository contains the official implementation of the research paper, "An Improved One millisecond Mobile Backbone".
Swift
641
star
56

ml-gaudi

602
star
57

ml-aim

This repository provides the code and model checkpoints of the research paper: Scalable Pre-training of Large Autoregressive Image Models
Python
602
star
58

swift-metrics

Metrics API for Swift
Swift
602
star
59

axlearn

Python
564
star
60

swift-distributed-actors

Peer-to-peer cluster implementation for Swift Distributed Actors
Swift
562
star
61

ARKitScenes

This repo accompanies the research paper, ARKitScenes - A Diverse Real-World Dataset for 3D Indoor Scene Understanding Using Mobile RGB-D Data and contains the data, scripts to visualize and process assets, and training code described in our paper.
Python
552
star
62

sample-backyard-birds

Swift
506
star
63

device-management

Device management schema data for MDM.
506
star
64

ccs-calendarserver

The Calendar and Contacts Server.
Python
470
star
65

ml-facelit

Official repository of FaceLit: Neural 3D Relightable Faces (CVPR 2023)
Python
457
star
66

swift-3-api-guidelines-review

Swift
452
star
67

swift-org-website

Swift.org website
SCSS
438
star
68

GCGC

Jupyter Notebook
436
star
69

swift-nio-http2

HTTP/2 support for SwiftNIO
Swift
405
star
70

swift-tools-support-core

Contains common infrastructural code for both SwiftPM and llbuild.
Swift
390
star
71

swift-nio-ssh

SwiftNIO SSH is a programmatic implementation of SSH using SwiftNIO
Swift
364
star
72

swift-nio-ssl

TLS Support for SwiftNIO, based on BoringSSL.
C
345
star
73

ml-gmpi

Official PyTorch implementation of GMPI (ECCV 2022, Oral Presentation)
Python
329
star
74

example-package-dealer

Example package for use with the Swift Package Manager
Swift
319
star
75

swift-collections-benchmark

A benchmarking tool for Swift Collection algorithms
Swift
316
star
76

example-package-playingcard

Example package for use with the Swift Package Manager
Swift
308
star
77

swift-docc-render

Web renderer for Swift-DocC documentation.
JavaScript
300
star
78

indexstore-db

Index database library for use with sourcekit-lsp
C++
299
star
79

swift-playdate-examples

A technical demonstration of Embedded Swift running on Playdate by Panic
Swift
295
star
80

swift-docc-plugin

Swift Package Manager command plugin for Swift-DocC
Swift
295
star
81

ml-hierarchical-confusion-matrix

Neo: Hierarchical Confusion Matrix Visualization (CHI 2022)
TypeScript
292
star
82

ml-gsn

Python
284
star
83

swift-llbuild2

A fresh take on a low-level build system API.
Swift
280
star
84

swift-source-compat-suite

The infrastructure and project index comprising the Swift source compatibility suite.
Python
278
star
85

sample-cloudkit-sharing

Swift
275
star
86

swift-xcode-playground-support

Logging and communication to allow Swift toolchains to communicate with Xcode.
Swift
270
star
87

swift-experimental-string-processing

An early experimental general-purpose pattern matching engine for Swift.
Swift
263
star
88

ml-sigma-reparam

Python
255
star
89

swift-standard-library-preview

Swift
253
star
90

swift-nio-transport-services

Extensions for SwiftNIO to support Apple platforms as first-class citizens.
Swift
252
star
91

swift-stress-tester

Stress testing utilities for Swift's tooling
Swift
207
star
92

swift-service-discovery

A service discovery API for Swift.
Swift
203
star
93

swift-certificates

An implementation of X.509 for Swift
Swift
195
star
94

swift-nio-examples

examples of how to use swift-nio
Swift
195
star
95

swift-cluster-membership

Distributed Membership Protocol implementations in Swift
Swift
191
star
96

swift-aoc-starter-example

Swift starter project for solving Advent of Code challenges.
Swift
189
star
97

sample-cloudkit-coredatasync

Swift
187
star
98

swift-distributed-tracing

Instrumentation library for Swift server applications
Swift
186
star
99

pfl-research

Simulation framework for accelerating research in Private Federated Learning
Python
186
star
100

swift-internals

HTML
182
star