This seems to be highly likely. People are probably forgetting they signed into their Apple ID on the device at some point even if it was temporarily.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
ALL of my logins and passwords available on two family member's devices. WTF Apple?!
- Thread starter Muscovite
- Start date
- Sort by reaction score
I accept your point but that shouldn't lead to cross-contamination when two seperate appleid's are used.
It shouldn't, but as a rule of thumb, before I let someone else (3rd party or family) use a device I've used, I've reset it completely. I never just sign out and let them sign in. I imagine not everyone does that.
I just never let someone else use my device. Far simpler that way.
This is the way. Phones are very personal with how much personal and sensitive information they hold. The thought of letting someone else use my phone makes me very uncomfortable.
If you are using the same local user account then that behaviour is not necessarily incorrect, just needs to be made really clear.
I've done a bit of playing around on my Mac and if you do create a new account and then log in to an appleid and accept the default option of sync keychain then your icloud keychain is used to sync down to the local keychain.
If you then log out of iCloud on that machine, but choose to keep a local copy of the icloud keychain your passwords remain in that local account on the Mac.
If you then log in to another appleid in that local account you would then have a local keychain containing the first appleid's passwords, but now iCloud logged in to the second appleid, so you can now merge the keychains and end up with appleid 2 having access to their passwords and a copy of appleid 1's passwords.
There are messages about deleting or keeping data, but I can certainly see how you could unknowingly leave a copy of your keychain on a machine whilst helping set it up for someone
If you then log out of iCloud on that machine, but choose to keep a local copy of the icloud keychain your passwords remain in that local account on the Mac.
If you then log in to another appleid in that local account you would then have a local keychain containing the first appleid's passwords, but now iCloud logged in to the second appleid, so you can now merge the keychains and end up with appleid 2 having access to their passwords and a copy of appleid 1's passwords.
There are messages about deleting or keeping data, but I can certainly see how you could unknowingly leave a copy of your keychain on a machine whilst helping set it up for someone
We're not using the same local user account.
I suspect this is what I've done though how I've selected to leave the local data I've no idea. Obviously I know how I did it but not why
I should have known better.It's the only thing that can have happened, I think.
Having said that how on earth do I unravel it? If I delete her passwords from my devices won't that delete them from her devices? And vice versa. Maybe not because they are from her appleid?
And all this on 3 devices each
I haven't tested that yet.
Thanks for your experimentation
In terms of unravelling it you should be safe to delete her passwords from your keychain as she should be using her own keychain ( just one that got your passwords copied in to it at some point). You can try deleting ( or creating) one on your appleid/device and checking that it doesn't update on her appleid/device just be absolutely confident you're not sharing the same icloud keychain before you clear the lot!We're not using the same local user account.
I suspect this is what I've done though how I've selected to leave the local data I've no idea. Obviously I know how I did it but not why
It's the only thing that can have happened, I think.
Having said that how on earth do I unravel it? If I delete her passwords from my devices won't that delete them from her devices? And vice versa. Maybe not because they are from her appleid?
And all this on 3 devices each
I haven't tested that yet.
Thanks for your experimentation
Thanks. I'll test with one or two deletions first and see if they affect her.
I see no reason why we'd be using the same keychain but how do I make sure? My brain's gone foggy
Let me know how it goes.Thanks. I'll test with one or two deletions first and see if they affect her.
I see no reason why we'd be using the same keychain but how do I make sure? My brain's gone foggy
I'm traveling and cannot duplicate the merged keychain in the office right now ( until Jan 4ish 2022! ).
Following this thread with great interest.
I’m pretty sure that this entirely hinges on what you mean by “log into my gmail.” There is an entire spectrum of ways you can do that on an iPhone. Off the top of my head, the most invasive and comprehensive way (assuming each person has their own iCloud account like you said) would be adding the account to Accounts and syncing everything (including Notes, Contacts and whatnot). The least invasive way I can think of would be logging into Gmail in a private Safari tab and then closing it afterwards.
Basically, there are some ways of logging into Gmail (or, more precisely, your Google account) that will deeply imbed your entire Google account into the iOS device. I don’t fully understand it, but can tell when it’s happened because you’ll be automatically logged in (or at least able to choose an already-present Google account) when downloading a new Google-owned app. Do not log in to your Google Account on any Google-owned app such as Gmail, Google Drive, Google Maps, Google Calendar, Google Smart Lock, etc. (on a shared device… if you care about your privacy). I have found that doing so always causes this to happen.
I’m like 80% sure that signing into Gmail via gmail(.)com on a Safari private tab would not add your entire Google account to the device like that. You may have to sign in each time, but it wouldn’t be that inconvenient if you’re using a password manager (especially one with FaceID unlock enabled). There might be more convenient ways to pull it off, too. Other browsers such as Firefox may let you log in to Gmail in non-private windows without adding your Google account to the device.
Btw, idk what you’re currently doing OP but to anyone reading this I highly recommend just using Apple’s Mail App instead of the Gmail App if you have a Gmail or Google Workspace account. iOS 15 added excellent new mail privacy features, whereas the Gmail app is bound to be a privacy nightmare. I have 2 separate paid Google Workspace accounts that use custom domains, and then regular Gmail accounts on top of that, and I’ve been using solely the Apple Mail app on my iPhone for years with no issues. Maybe I’m missing something but I just don’t see any reason to use Gmail instead of Mail.
The only problem I have with the Mail app is that, even in iOS 15, it still does not give you any sort of indication that an email address is spoofed if you receive a spoofed email. Gmail (at least on the web) will detect spoofing (which is incredibly easy) and give you some sort of yellow warning like “Be careful with this message.”
Basically, there are some ways of logging into Gmail (or, more precisely, your Google account) that will deeply imbed your entire Google account into the iOS device. I don’t fully understand it, but can tell when it’s happened because you’ll be automatically logged in (or at least able to choose an already-present Google account) when downloading a new Google-owned app. Do not log in to your Google Account on any Google-owned app such as Gmail, Google Drive, Google Maps, Google Calendar, Google Smart Lock, etc. (on a shared device… if you care about your privacy). I have found that doing so always causes this to happen.
I’m like 80% sure that signing into Gmail via gmail(.)com on a Safari private tab would not add your entire Google account to the device like that. You may have to sign in each time, but it wouldn’t be that inconvenient if you’re using a password manager (especially one with FaceID unlock enabled). There might be more convenient ways to pull it off, too. Other browsers such as Firefox may let you log in to Gmail in non-private windows without adding your Google account to the device.
Btw, idk what you’re currently doing OP but to anyone reading this I highly recommend just using Apple’s Mail App instead of the Gmail App if you have a Gmail or Google Workspace account. iOS 15 added excellent new mail privacy features, whereas the Gmail app is bound to be a privacy nightmare. I have 2 separate paid Google Workspace accounts that use custom domains, and then regular Gmail accounts on top of that, and I’ve been using solely the Apple Mail app on my iPhone for years with no issues. Maybe I’m missing something but I just don’t see any reason to use Gmail instead of Mail.
The only problem I have with the Mail app is that, even in iOS 15, it still does not give you any sort of indication that an email address is spoofed if you receive a spoofed email. Gmail (at least on the web) will detect spoofing (which is incredibly easy) and give you some sort of yellow warning like “Be careful with this message.”
Last edited:
I've deleted some of hers from my devices and a load of mine from her devices and so far no ill effects
So, in the end -
1. Apple never called back. Just never did.
2. I went into “Passwords” on my wife’s phone and had to delete all of MY logins one by one, then did the same on my son’s.
Hasn’t happened ever since, must say.
PS I didn’t use Google’s password sync whatever, was a Safari user exclusively. And, again, when I was looking at the saved login/passwords on her phone, it was everything, Google logins and everything else. So it’s not Google.
1. Apple never called back. Just never did.
2. I went into “Passwords” on my wife’s phone and had to delete all of MY logins one by one, then did the same on my son’s.
Hasn’t happened ever since, must say.
PS I didn’t use Google’s password sync whatever, was a Safari user exclusively. And, again, when I was looking at the saved login/passwords on her phone, it was everything, Google logins and everything else. So it’s not Google.
Last edited:
How did you fix, please?
Is it just deleting each password (of others) one by one from each person's any one device?
Yes - delete the passwords from a device logged in to account that you don’t want them on. That will delete them from that keychain.
You should then obviously change the passwords affected to keep the details secure going forward
I had this issue just happen to me in March, 2023. I bought my wife an iPhone 13 from the Apple Store and used some gift cards that were on my apple account to pay for the iPhone. I think this may be key because somehow, immediately after, on my iPhone 12, I got the message bar in the settings app "Get Ready for your New iPhone" so Apple had already linked the phone to my account from the time of purchase. I never logged into or used the phone at all with my own Apple ID. My wife and I were already set up as iCloud family members. Both phones are running iOS 16.
As soon as she set up the brand new iPhone 13 and logged in using her Apple ID. She started to log into apps and noticed my login credentials suggested through keychain. When checking her saved passwords, all of her previously saved passwords were there as well as all of mine. They had completely merged. I, unfortunately, did not get any of her passwords on my keychain.
After researching as much as I could I proceeded like Muscovite details above by deleting my passwords one by one from her keychain. All, again, seems good in the world.
As soon as she set up the brand new iPhone 13 and logged in using her Apple ID. She started to log into apps and noticed my login credentials suggested through keychain. When checking her saved passwords, all of her previously saved passwords were there as well as all of mine. They had completely merged. I, unfortunately, did not get any of her passwords on my keychain.
After researching as much as I could I proceeded like Muscovite details above by deleting my passwords one by one from her keychain. All, again, seems good in the world.
Last edited:
Not the reason. This is just marketing automation. The phone could've been given to anyone and would not have any issues, unless...
The reason.
Being a member of iCloud family doesn't result in keychains being shared.
I think you are correct with thinking that Apple linked the device to your account when you bought it on your account. However, this still shouldn't have resulted in your keychain being delivered to the device with no further intervention.
Do you and your wife both use the same device unlock codes, or does she know yours to enter it?
Your keychain is encrypted with your device passcode so it should have needed to be entered on the new device to unlock it.
So I am wondering if Apple 'helpfully' linked the new device to your account, which made it possible to sync the keychain and then your device passcode was entered, which then made it accessible on the new device.
I think you are correct with thinking that Apple linked the device to your account when you bought it on your account. However, this still shouldn't have resulted in your keychain being delivered to the device with no further intervention.
Do you and your wife both use the same device unlock codes, or does she know yours to enter it?
Your keychain is encrypted with your device passcode so it should have needed to be entered on the new device to unlock it.
So I am wondering if Apple 'helpfully' linked the new device to your account, which made it possible to sync the keychain and then your device passcode was entered, which then made it accessible on the new device.
I’ve just noticed this recently too. A load of my partner’s password suggestions for various websites started appearing. So I took a look at my keychain. It looks like all of them. The ONLY device we’ve shared is that I gave her my old Watch S4 (totally wiped/reset/disassociated), which she gave me back last month when getting an S8. I set it back up for me and had a weird situation where the watch was ‘mine’ but only accepted her old passcode, not the new one I entered. I reset again and seemed fine.
Now passwords are shared. We do have family sharing but have since 2020.
It does seem to be a family sharing / device issue.
I also noticed a (new?) feature in settings > passwords called ‘family passwords’. I wondered whether this had something to do with it initially but can’t see anything populated or crossed over in there.
Anyway. Really annoying and really stupid.
Now passwords are shared. We do have family sharing but have since 2020.
It does seem to be a family sharing / device issue.
I also noticed a (new?) feature in settings > passwords called ‘family passwords’. I wondered whether this had something to do with it initially but can’t see anything populated or crossed over in there.
Anyway. Really annoying and really stupid.
'Family Passwords' is a relatively new feature to allow you to purposely share specific passwords with members of your family, but you do have to explicitly choose and share each keychain entry.
As mentioned keychains are encrypted so they cannot be read except by a device on your Apple ID and after entering the passcode of the device that encrypted it.
By the sounds of your description their passcode was entered onto the watch after it was attached to your account, which indicates that it wasn't fully reset at that point and entering that passcode decrypted their keychain and allowed it to merge with yours.
However, that definitely is unwanted and incorrect behaviour as you'd not expect that to be the result so I would report it to AppleCare as it sounds like you've found an edge case that fulfils the security requirements for sharing keys, but not the user permission