-
Notifications
You must be signed in to change notification settings - Fork 0
/
wwdc18-notes-automatic-strong-passwords.html
888 lines (442 loc) · 32.3 KB
/
wwdc18-notes-automatic-strong-passwords.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
<!doctype html>
<html class="theme-next mist use-motion" lang="zh-Hans">
<head>
<meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
<meta http-equiv="Cache-Control" content="no-transform" />
<meta http-equiv="Cache-Control" content="no-siteapp" />
<link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />
<link href="//fonts.googleapis.com/css?family=Lato:300,300italic,400,400italic,700,700italic&subset=latin,latin-ext" rel="stylesheet" type="text/css">
<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css" />
<link href="/css/main.css?v=5.1.0" rel="stylesheet" type="text/css" />
<meta name="keywords" content="roczhang" />
<link rel="alternate" href="/atom.xml" title="Roc Zhang's Blog" type="application/atom+xml" />
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico?v=5.1.0" />
<meta name="description" content="WWDC18 - Session 204 笔记 在 iOS 12 中,Apple 将自动建议与使用强唯一密码的功能带入了 App 内,通过 QuickType bar 大幅简化了用户设置账户与登陆的繁琐操作。本 session 介绍了如何优化应用如何适配密码、安全码和其他自动填充功能,带给用户更安全与无缝的体验。">
<meta property="og:type" content="article">
<meta property="og:title" content="WWDC18 Notes - Automatic Strong Passwords and Security Code AutoFill">
<meta property="og:url" content="http://www.roczhang.com/wwdc18-notes-automatic-strong-passwords.html">
<meta property="og:site_name" content="Roc Zhang's Blog">
<meta property="og:description" content="WWDC18 - Session 204 笔记 在 iOS 12 中,Apple 将自动建议与使用强唯一密码的功能带入了 App 内,通过 QuickType bar 大幅简化了用户设置账户与登陆的繁琐操作。本 session 介绍了如何优化应用如何适配密码、安全码和其他自动填充功能,带给用户更安全与无缝的体验。">
<meta property="og:image" content="https://www.roczhang.com/images/wwdc18-notes-automatic-strong-passwords/1.png">
<meta property="og:image" content="https://www.roczhang.com/images/wwdc18-notes-automatic-strong-passwords/3.png">
<meta property="og:image" content="https://www.roczhang.com/images/wwdc18-notes-automatic-strong-passwords/2.png">
<meta property="article:published_time" content="2018-06-13T21:28:15.000Z">
<meta property="article:modified_time" content="2018-11-10T07:02:11.562Z">
<meta property="article:author" content="Roc Zhang">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://www.roczhang.com/images/wwdc18-notes-automatic-strong-passwords/1.png">
<script type="text/javascript" id="hexo.configurations">
var NexT = window.NexT || {};
var CONFIG = {
root: '/',
scheme: 'Mist',
sidebar: {"position":"left","display":"post","offset":12,"offset_float":0,"b2t":false,"scrollpercent":false},
fancybox: true,
motion: true,
duoshuo: {
userId: 'undefined',
author: '博主'
},
algolia: {
applicationID: '',
apiKey: '',
indexName: '',
hits: {"per_page":10},
labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
}
};
</script>
<link rel="canonical" href="http://www.roczhang.com/wwdc18-notes-automatic-strong-passwords.html"/>
<title> WWDC18 Notes - Automatic Strong Passwords and Security Code AutoFill | Roc Zhang's Blog </title>
<meta name="generator" content="Hexo 4.2.1"></head>
<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-128981660-1', 'auto');
ga('send', 'pageview');
</script>
<div class="container sidebar-position-left page-post-detail ">
<div class="headband"></div>
<header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
<div class="header-inner"><div class="site-brand-wrapper">
<div class="site-meta ">
<div class="custom-logo-site-title">
<a href="/" class="brand" rel="start">
<span class="logo-line-before"><i></i></span>
<span class="site-title">Roc Zhang's Blog</span>
<span class="logo-line-after"><i></i></span>
</a>
</div>
<h1 class="site-subtitle" itemprop="description"></h1>
</div>
<div class="site-nav-toggle">
<button>
<span class="btn-bar"></span>
<span class="btn-bar"></span>
<span class="btn-bar"></span>
</button>
</div>
</div>
<nav class="site-nav">
<ul id="menu" class="menu">
<li class="menu-item menu-item-home">
<a href="/" rel="section">
<i class="menu-item-icon fa fa-fw fa-home"></i> <br />
首页
</a>
</li>
<li class="menu-item menu-item-categories">
<a href="/categories" rel="section">
<i class="menu-item-icon fa fa-fw fa-th"></i> <br />
分类
</a>
</li>
<li class="menu-item menu-item-archives">
<a href="/archives" rel="section">
<i class="menu-item-icon fa fa-fw fa-archive"></i> <br />
归档
</a>
</li>
<li class="menu-item menu-item-me">
<a href="/me" rel="section">
<i class="menu-item-icon fa fa-fw fa-user"></i> <br />
关于我
</a>
</li>
</ul>
</nav>
</div>
</header>
<main id="main" class="main">
<div class="main-inner">
<div class="content-wrap">
<div id="content" class="content">
<div id="posts" class="posts-expand">
<article class="post post-type-normal " itemscope itemtype="http://schema.org/Article">
<link itemprop="mainEntityOfPage" href="http://www.roczhang.com/wwdc18-notes-automatic-strong-passwords.html">
<span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
<meta itemprop="name" content="Roc Zhang">
<meta itemprop="description" content="">
<meta itemprop="image" content="/images/avatar.png">
</span>
<span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
<meta itemprop="name" content="Roc Zhang's Blog">
</span>
<header class="post-header">
<h2 class="post-title" itemprop="name headline">
WWDC18 Notes - Automatic Strong Passwords and Security Code AutoFill
</h2>
<div class="post-meta">
<span class="post-time">
<span class="post-meta-item-icon">
<i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">发表于</span>
<time title="创建于" itemprop="dateCreated datePublished" datetime="2018-06-14T05:28:15+08:00">
2018-06-14
</time>
</span>
<span class="post-category" >
<span class="post-meta-divider">|</span>
<span class="post-meta-item-icon">
<i class="fa fa-folder-o"></i>
</span>
<span class="post-meta-item-text">分类于</span>
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
<a href="/categories/Code/" itemprop="url" rel="index">
<span itemprop="name">Code</span>
</a>
</span>
</span>
<span class="post-comments-count">
<span class="post-meta-divider">|</span>
<span class="post-meta-item-icon">
<i class="fa fa-comment-o"></i>
</span>
<a href="/wwdc18-notes-automatic-strong-passwords.html#comments" itemprop="discussionUrl">
<span class="post-comments-count disqus-comment-count"
data-disqus-identifier="wwdc18-notes-automatic-strong-passwords.html" itemprop="commentCount"></span>
</a>
</span>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<p><a href="https://developer.apple.com/videos/play/wwdc2018/204/" target="_blank" rel="external">WWDC18 - Session 204</a> 笔记 </p>
<p>在 iOS 12 中,Apple 将自动建议与使用强唯一密码的功能带入了 App 内,通过 QuickType bar 大幅简化了用户设置账户与登陆的繁琐操作。本 session 介绍了如何优化应用如何适配密码、安全码和其他自动填充功能,带给用户更安全与无缝的体验。</p>
<p><img src="https://www.roczhang.com/images/wwdc18-notes-automatic-strong-passwords/1.png" alt="cover"> </p>
<a id="more"></a>
<h2 id="Password-AutoFill-自动密码填充"><a href="#Password-AutoFill-自动密码填充" class="headerlink" title="Password AutoFill 自动密码填充"></a>Password AutoFill 自动密码填充</h2><p>在 iOS 11 中,Apple 引入了自动填充密码。此功能可以让用户通过点击键盘上方的 QuickType bar 快速完成用户名与密码输入过程。首先是对此功能的概要重述,重点包括:</p>
<ol>
<li>设置 Associated domains 关联域。iCloud Keychain Password Manager 中的密码是基于 Web 上的 domain 域(如 apple.com)来存储的。因此,就需要将 App 与 Web 上的域关联起来。关于 Password AutoFill 的详细功能,可见 <a href="https://developer.apple.com/videos/play/wwdc2017/206/" target="_blank" rel="external">WWDC 17 - Session 206 - Introducing Password AutoFill for Apps</a>。 </li>
<li>标记好 Content types。在 iOS 11 中,<code>UITextContentType</code> 中添加了新类型:<code>username</code> 及 <code>password</code>。只要给输入框设定好正确的 <code>textContentType</code> 即可。如:<figure class="highlight swift"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line"><span class="comment">// For user name text field</span></div><div class="line"><span class="keyword">let</span> userTextField = <span class="type">UITextField</span>()</div><div class="line">userTextField.textContentType = .username</div><div class="line"></div><div class="line"><span class="comment">// For password text field</span></div><div class="line"><span class="keyword">let</span> passwordTextField = <span class="type">UITextField</span>() </div><div class="line">passwordTextField.textContentType = .password</div></pre></td></tr></table></figure>
</li>
</ol>
<h3 id="改进"><a href="#改进" class="headerlink" title="改进"></a>改进</h3><ol>
<li>在 iOS 11.3 中,WKWebView 支持了自动填入密码,如果登录界面使用 Web 技术实现会很有帮助。</li>
<li>在 iOS 12 中,从 App Store 中下载的其他密码管理应用也可以提供信息实现自动输入功能。只要开发者适配了 iCloud Keychain Password Manager 的 AutoFill,其他第三方密码管理应用也同样能够得到支持。如果你在开发密码管理应用,可以浏览 <a href="https://developer.apple.com/videos/play/wwdc2018/721/" target="_blank" rel="external">WWDC 18 - Session 721 - Implementing AutoFill Credential Provider Extensions</a>。</li>
</ol>
<h3 id="Password-Saving-密码保存"><a href="#Password-Saving-密码保存" class="headerlink" title="Password Saving 密码保存"></a>Password Saving 密码保存</h3><p>在 iOS 12 中,Apple 提供了在 App 内新账户登录时保存密码凭证的功能。从而使得用户在所有设备上都能通过 iCloud Keychain 登录你的 App 或网站。保存密码的工作原理是:</p>
<ol>
<li>推断登陆场景;</li>
<li>基于关联 domain 检查资质;</li>
<li>查找用户名和密码字段;</li>
<li>检测登陆操作;</li>
<li>提示用户保存或更新密码。</li>
</ol>
<p>为确保兼容此功能,我们需要检查的事件有:</p>
<ol>
<li>为相关的输入框标记好 content type 内容类型;</li>
<li>当登录事件发生时,将用户名与密码输入框从 view hierarchy 中移除。这样 Autofill 便能够检测到登录事件正在进行。可以通过 dismiss 掉登录场景的 View Controller 实现;</li>
<li>确保值在上述移除工作完成之后再清除登录输入框中的内容,这样 Autofill 才能读到数据并将其保存;</li>
<li>检查 Autofill 保存的密码关联的是否为正确的 domain。可以通过保存后在设置界面中查看保存结果,如不正确,可通过 Web credentials associated domain service 覆盖其保存的位置。</li>
<li>如果之前手动通过 <code>SecAddSharedWebCredential()</code> 保存,现在可能不在需要使用它了.</li>
</ol>
<p>总结关键点在于:</p>
<ol>
<li>将 app 关联 domain;</li>
<li>为输入域做好标记;</li>
<li>确保登陆检测。</li>
</ol>
<h2 id="Automatic-Strong-Passwords-自动强密码"><a href="#Automatic-Strong-Passwords-自动强密码" class="headerlink" title="Automatic Strong Passwords 自动强密码"></a>Automatic Strong Passwords 自动强密码</h2><p>Automatic String Passwords 提供生成建议用户名、密码与保存功能,通过几次点击便可以完成注册,将注册过程变得更加容易与安全。<br><img src="https://www.roczhang.com/images/wwdc18-notes-automatic-strong-passwords/3.png" alt="automaticStrongPasswords"></p>
<p>Automatic Strong Passwords 的工作原理与上述的 Password Saving 工作原理大致相似:</p>
<ol>
<li>推断 View Controller 类型;</li>
<li>基于关联的 domians 检查资质;</li>
<li>检测相关的注册表单元素,如用户名输入框与密码输入框;</li>
<li>提供建议用户名;</li>
<li>键入强密码;</li>
<li>用户注册后保存。</li>
</ol>
<p>对此功能的兼容性检查表也与上述的 Password Saving 类似。<br>为配合此功能,在 iOS 12 中,<code>UITextContentType</code> 新增了 <code>.newPassword</code> 类型,我们需要标记好自己 App 中的新密码输入框与密码确认输入框为 .newPassword。</p>
<h3 id="对修改密码表单的注意事项:"><a href="#对修改密码表单的注意事项:" class="headerlink" title="对修改密码表单的注意事项:"></a>对修改密码表单的注意事项:</h3><ol>
<li>用户名与新密码文本框应该在同一屏上;</li>
<li>用户名文本框可以是只读的;</li>
<li>在注册中的最佳实践同样适用于此。</li>
</ol>
<h3 id="默认生成密码的格式"><a href="#默认生成密码的格式" class="headerlink" title="默认生成密码的格式"></a>默认生成密码的格式</h3><ol>
<li>长度为20个字符;</li>
<li>包括大字母、小写字幕、数字与连字符;</li>
<li>超过 71 位的熵;</li>
<li>设计上旨在与大多数服务兼容。</li>
</ol>
<p>自动生成的密码例子:<code>funrus-Hommez-kajzp7</code>。</p>
<p>当然,考虑到不同的后端规则,也可以自定义自动生成强密码的格式。可以通过密码规则语言来定义规则,如:<br><figure class="highlight swift"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">let</span> newPasswordTextField = <span class="type">UITextField</span>()</div><div class="line">...</div><div class="line"><span class="keyword">let</span> rulesDescriptor = <span class="string">"allowed: upper, lower, digit; required: [$];"</span> newPasswordTextField.passwordRules = <span class="type">UITextInputPasswordRules</span>(descriptor: rulesDescriptor)</div></pre></td></tr></table></figure></p>
<p>还可以使用新的密码规则验证工具 - <a href="https://developer.apple.com/password-rules/" target="_blank" rel="external">Password Rules Validation Tool</a>。</p>
<h2 id="Security-Code-AutoFill-验证码自动填充"><a href="#Security-Code-AutoFill-验证码自动填充" class="headerlink" title="Security Code AutoFill 验证码自动填充"></a>Security Code AutoFill 验证码自动填充</h2><p>对于 iOS 12 之前用户来说,收到短信验证码都需要人肉记忆,再手动输入到文本框中。iOS 12 与 macOS Mojave 中终于带来了自动输入验证码功能。同样在 <code>UITextContentType</code> 中新增了一种 <code>.oneTimeCode</code> 的类型。但由于依赖系统键盘 QuickType 输入,所以对于哪些取代系统键盘使用自定义界面输入验证码的场景无法使用。同时,在所以已支持的语言环境中都可用。验证码自动填充功能同样能够在 Safari Web 页面中使用。非常棒的一点是如果用户尝试在 Mac 上通过 Safari 登录,iPhone 上收到的验证码信息将会被自动安全的传递到 Mac 上,以实现在 Mac 上同样能够轻点一下自动填充验证码。</p>
<p>此次自动输入的功能在 Safari 中同样有效,具体属性符对应如下: </p>
<table>
<thead>
<tr>
<th>Attribute</th>
<th>iOS 12 (UITextContentType)</th>
<th>Safari (input autocomplete=”value”)</th>
</tr>
</thead>
<tbody>
<tr>
<td>UserName</td>
<td>.username</td>
<td>username</td>
</tr>
<tr>
<td>Existing Password</td>
<td>.password</td>
<td>current-password</td>
</tr>
<tr>
<td>New Password (for Automatic Strong Passwords)</td>
<td>.newPassword</td>
<td>new-password</td>
</tr>
<tr>
<td>One Time Code (for Security Code AutoFill)</td>
<td>.oneTimeCode</td>
<td>one-time-code</td>
</tr>
</tbody>
</table>
<h2 id="Federated-authentication-联合身份验证"><a href="#Federated-authentication-联合身份验证" class="headerlink" title="Federated authentication 联合身份验证"></a>Federated authentication 联合身份验证</h2><p>对于要支持使用第三方服务(如社交媒体账号)登录的情况,iOS 12 中引入了新的 API: <code>ASWebAuthenticationSession</code>。联合身份验证过程如下图所示:<br><img src="https://www.roczhang.com/images/wwdc18-notes-automatic-strong-passwords/2.png" alt="federatedAuthentication"><br>使用 ASWebAuthenticationSession 的好处在于:更快的登陆流程、支持密码自动输入与验证码自动输入以及简单明了的基于 block 形式的 API。具体用法如下所示:<br><figure class="highlight swift"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">import</span> AuthenticationServices</div><div class="line"><span class="keyword">guard</span> <span class="keyword">let</span> oauthURL = <span class="type">URL</span>(string: <span class="string">"https://www.example.com/oauth/..."</span>) <span class="keyword">else</span> {</div><div class="line"><span class="keyword">return</span></div><div class="line">}</div><div class="line"><span class="keyword">self</span>.authenticationSession = <span class="type">ASWebAuthenticationSession</span>(url: oauthURL, callbackURLScheme:</div><div class="line"><span class="literal">nil</span>) { (callbackURL, error) <span class="keyword">in</span></div><div class="line"><span class="keyword">guard</span> error == <span class="literal">nil</span>, <span class="keyword">let</span> callbackURL = callbackURL <span class="keyword">else</span> {</div><div class="line">}</div><div class="line"><span class="comment">// Process error.</span></div><div class="line"><span class="keyword">return</span></div><div class="line"><span class="comment">// Process token.</span></div><div class="line">}</div><div class="line"><span class="keyword">self</span>.authenticationSession.start()</div></pre></td></tr></table></figure></p>
<h2 id="New-password-management-features-密码管理新功能"><a href="#New-password-management-features-密码管理新功能" class="headerlink" title="New password management features 密码管理新功能"></a>New password management features 密码管理新功能</h2><p>iCloud Keychain Password Manager 中带了了一些与密码管理有关的新功能。如:通过询问 Siri 密码自动跳转到密码查看页以快速查看、密码内容支持通过 AirDrop 分享给他人、iOS 12 与 macOS Mojave 中的密码查看列表界面也经过了重新的设计、以及对在多个网站中使用相同密码的情况给予用户警告、tvOS 应用可以通过附近的 iOS 设备完成自动密码输入。</p>
<h2 id="Summary-总结"><a href="#Summary-总结" class="headerlink" title="Summary 总结"></a>Summary 总结</h2><p>在 iOS 12 与 macOS Mojave 中提供的这些密码相关功能非常强大,尽管许多功能可能能够自动适配工作,我们仍需要测试自己的 app 来保证良好兼容。<br>同时,联想到近两天再次频繁爆出的国内大网站被脱裤的消息,开发者对安全问题都应该更加重视。适配 Automatic Strong Passwords 相比其他 feature 来说适配工作量并不会非常多,但能够非常明显的提升用户操作的连贯体验与安全性。</p>
</div>
<div>
</div>
<div>
</div>
<div>
</div>
<footer class="post-footer">
<div class="post-nav">
<div class="post-nav-next post-nav-item">
<a href="/wwdc18-notes-what-is-new-in-cocoa-touch.html" rel="next" title="WWDC18 Notes - What's New in Cocoa Touch">
<i class="fa fa-chevron-left"></i> WWDC18 Notes - What's New in Cocoa Touch
</a>
</div>
<span class="post-nav-divider"></span>
<div class="post-nav-prev post-nav-item">
<a href="/across-senior-year.html" rel="prev" title="跨越大四">
跨越大四 <i class="fa fa-chevron-right"></i>
</a>
</div>
</div>
</footer>
</article>
<div class="post-spread">
</div>
</div>
</div>
<div class="comments" id="comments">
<div id="disqus_thread">
<noscript>
Please enable JavaScript to view the
<a href="https://disqus.com/?ref_noscript" target="_blank" rel="noopener">comments powered by Disqus.</a>
</noscript>
</div>
</div>
</div>
<div class="sidebar-toggle">
<div class="sidebar-toggle-line-wrap">
<span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
<span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
<span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
</div>
</div>
<aside id="sidebar" class="sidebar">
<div class="sidebar-inner">
<ul class="sidebar-nav motion-element">
<li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap" >
文章目录
</li>
<li class="sidebar-nav-overview" data-target="site-overview">
站点概览
</li>
</ul>
<section class="site-overview sidebar-panel">
<div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
<img class="site-author-image" itemprop="image"
src="/images/avatar.png"
alt="Roc Zhang" />
<p class="site-author-name" itemprop="name">Roc Zhang</p>
<p class="site-description motion-element" itemprop="description"></p>
</div>
<nav class="site-state motion-element">
<div class="site-state-item site-state-posts">
<a href="/archives">
<span class="site-state-item-count">23</span>
<span class="site-state-item-name">日志</span>
</a>
</div>
<div class="site-state-item site-state-categories">
<a href="/categories/index.html">
<span class="site-state-item-count">4</span>
<span class="site-state-item-name">分类</span>
</a>
</div>
</nav>
<div class="feed-link motion-element">
<a href="/atom.xml" rel="alternate">
<i class="fa fa-rss"></i>
RSS
</a>
</div>
<div class="links-of-author motion-element">
<span class="links-of-author-item">
<a href="https://github.com/RocZhang9673" target="_blank" title="GitHub">
<i class="fa fa-fw fa-github"></i>
GitHub
</a>
</span>
<span class="links-of-author-item">
<a href="https://twitter.com/roczhang9673" target="_blank" title="Twitter">
<i class="fa fa-fw fa-twitter"></i>
Twitter
</a>
</span>
<span class="links-of-author-item">
<a href="http://weibo.com/u/3210801545" target="_blank" title="Weibo">
<i class="fa fa-fw fa-weibo"></i>
Weibo
</a>
</span>
</div>
</section>
<!--noindex-->
<section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
<div class="post-toc">
<div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#Password-AutoFill-自动密码填充"><span class="nav-number">1.</span> <span class="nav-text">Password AutoFill 自动密码填充</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#改进"><span class="nav-number">1.1.</span> <span class="nav-text">改进</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#Password-Saving-密码保存"><span class="nav-number">1.2.</span> <span class="nav-text">Password Saving 密码保存</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Automatic-Strong-Passwords-自动强密码"><span class="nav-number">2.</span> <span class="nav-text">Automatic Strong Passwords 自动强密码</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#对修改密码表单的注意事项:"><span class="nav-number">2.1.</span> <span class="nav-text">对修改密码表单的注意事项:</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#默认生成密码的格式"><span class="nav-number">2.2.</span> <span class="nav-text">默认生成密码的格式</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Security-Code-AutoFill-验证码自动填充"><span class="nav-number">3.</span> <span class="nav-text">Security Code AutoFill 验证码自动填充</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Federated-authentication-联合身份验证"><span class="nav-number">4.</span> <span class="nav-text">Federated authentication 联合身份验证</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#New-password-management-features-密码管理新功能"><span class="nav-number">5.</span> <span class="nav-text">New password management features 密码管理新功能</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#Summary-总结"><span class="nav-number">6.</span> <span class="nav-text">Summary 总结</span></a></li></ol></div>
</div>
</section>
<!--/noindex-->
</div>
</aside>
</div>
</main>
<footer id="footer" class="footer">
<div class="footer-inner">
<div class="copyright" >
© 2016 -
<span itemprop="copyrightYear">2024</span>
<span class="with-love">
<i class="fa fa-heart"></i>
</span>
<span class="author" itemprop="copyrightHolder">Roc Zhang</span>
</div>
<div class="powered-by">
由 <a class="theme-link" href="https://hexo.io" target="_blank" rel="noopener">Hexo</a> 强力驱动
</div>
<div class="theme-info">
主题 -
<a class="theme-link" href="https://github.com/iissnan/hexo-theme-next" target="_blank" rel="noopener">
NexT.Mist
</a>
</div>
</div>
</footer>
<div class="back-to-top">
<i class="fa fa-arrow-up"></i>
</div>
</div>
<script type="text/javascript">
if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
window.Promise = null;
}
</script>
<script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>
<script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
<script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
<script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
<script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
<script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
<script type="text/javascript" src="/js/src/utils.js?v=5.1.0"></script>
<script type="text/javascript" src="/js/src/motion.js?v=5.1.0"></script>
<script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.0"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.0"></script>
<script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.0"></script>
<script id="dsq-count-scr" src="https://roczhang.disqus.com/count.js" async></script>
<script type="text/javascript">
var disqus_config = function () {
this.page.url = 'http://www.roczhang.com/wwdc18-notes-automatic-strong-passwords.html';
this.page.identifier = 'wwdc18-notes-automatic-strong-passwords.html';
this.page.title = 'WWDC18 Notes - Automatic Strong Passwords and Security Code AutoFill';
};
var d = document, s = d.createElement('script');
s.src = 'https://roczhang.disqus.com/embed.js';
s.setAttribute('data-timestamp', '' + +new Date());
(d.head || d.body).appendChild(s);
</script>
<script>
var cloudTieConfig = {
url: document.location.href,
sourceId: "",
productKey: "a79c1aa145ae437d8c58e9e10aa1c84a",
target: "cloud-tie-wrapper"
};
</script>
<script src="https://img1.ws.126.net/f2e/tie/yun/sdk/loader.js"></script>
</body>
</html>