Before, if you had passwords labeled as compromised or weak in Apple Passwords, you had to click each one individually and go to the corresponding website to change them manually. Not a conducive workflow if you have hundreds with a red warning label.
In iOS 27, available now as a developer beta, users can just make one tap, and a fixed-model agentic AI will go to each website on your behalf and change a weak or compromised password for you. Nothing else is required from the user, and there’s zero prompting.
This is the kind of thing that actually moves the needle on security for regular people. The security audit is useless if fixing it is a chore.
The passkey transition is coming, but it's slow than anyone hoped. Until then, friction is the enemy of good security hygiene, and Apple just removed a lot of it.