NOTE: This article applies to iOS devices only.
Apple has introduced changes in iOS 16.3 that more aggressively offers to save app passwords if Apple’s local “Keychain” is selected for Password AutoFill. On shared devices, passwords saved to local storage are a security and PHI risk.
This occurs when Apple’s Keychain plugin is enabled in Settings > Passwords > Password Options.
IMPORTANT: Be sure to uncheck the Keychain option (in red) to avoid unwanted local password storage.
When checked, iOS displays a dialog after authenticating to some apps such as Epic Rover.
The saved passwords are visible in Settings > Passwords to any future user of the device.
When Locker is checked but Keychain is unchecked, the above behavior is suppressed and passwords are not saved locally. Only the “Keychain” plugin will cause iOS to prompt to save passwords locally.
Remediation
Apple offers two methods to disable the Keychain plugin:
- Use an MDM restriction to disable AutoFill entirely. This will also disable GroundControl’s AutoFill feature.
- Visit each device and manually uncheck the Keychain entry in Settings > Passwords > Password Options. The Imprivata GroundControl Locker entry should remain checked to use GroundControl Password AutoFill features.
Unfortunately, Apple offers no way for apps such as GroundControl to detect this situation, so GroundControl can neither warn users nor report on device state. Although GroundControl can determine if its own AutoFill plugin is enabled or not, it cannot determine the state of Apple’s Keychain plugin.
Imprivata has reported this issue to Apple and encourages affected customers to also report this issue to Apple.