Apple’s new iOS 8 predictive keyboard, QuickType, is suggesting what most users don’t want: their passwords. The error happens when users start typing the first three letters of passwords used in other programs, apps or on websites they’ve frequented. It doesn’t appear to be common or easily duplicated, so most users may not even notice.
The security flaw was first reported on Igen.fr after security researcher Stefan Esser tweeted about the problem:
W T F – iOS 8’s fancy typing prediction offers one of my passwords as prediction. (Not a regular word)
— Stefan Esser (@i0n1c) September 23, 2014
Stefan’s not the only one who has concerns about the issue — another user has taken to Apple’s discussion forum to share the same error. Wrote ramiroegueta:
Let’s say my user name is AppleUser and my pass is OrageJuice!2, every time I enter AppleUser Quick Type suggest [to] me OrangeJuice, the worst part is that [it] also suggests [to] me other passwords from other services and old passwords that I already change[d], I found this while trying to login to an OWA web portal, but it happens on any text input, like Notes.
For most users, this doesn’t pose a large security threat, but if you share your iPad or iPhone with friends and family, they can potentially see your passwords when typing. If you want to turn off the predictive features, disable QuickType by setting “Predictive” to OFF in Settings > General > Keyboard.