password-manager-resources

This is a collaborative project started by Apple where password manager developers share data files that help their tools work better with real websites. The core idea is that the web is full of quirks: individual websites have unusual requirements or behaviors that no universal rule can handle, and it makes more sense for the industry to pool that knowledge in one place than for each password manager to rediscover it independently.

The project contains four main data files. The first maps website domains to password rules, describing the exact requirements a site has for passwords (minimum length, required character types, and so on) so that a password manager can generate a compatible password on the first try. The second groups websites that share the same login backend, so that if you saved a password for site A, your password manager can suggest it when you visit the related site B. The third lists direct URLs to each website's change-password page, making it easier for password managers to send users there when promoting a password upgrade. The fourth covers websites that append a two-factor authentication code to the end of the password during login, a non-standard pattern that password managers need to know about to avoid breaking the login flow.

Alongside the data files, the project includes a JavaScript parser for the Password Rules language so that developers can read and apply the rules in their own tools. A Rust parser maintained by a third party is also available.

The target audience is developers building password managers or browsers with autofill features, though the data is openly published so anyone can inspect which sites have unusual password policies. Apple uses this data directly in Safari and iOS autofill. The project encourages contributors to submit discoveries back so that all participating tools benefit from the shared knowledge.