More information here: https://support.apple.com/en-us/HT202303 The 30 second version is that icloud uses encrypts your data directly on your device before sending it to icloud, and none of the pieces needed to decrypt that data live on their servers. For that reason it's pretty safe, and MUCH MUCH MUCH safer than reusing a weak password.

For me, 1password is still worth the premium because I can have shared 'vaults' with my wife so she can see my passwords, 1password uses an additional 'security key' that you enter when you install your account on a new device that is figured into the encryption which makes even the password 'password' VERY secure, and I like that they have browser plugins for stuff that isn't apple, and it works on my windowz and linux computers.

I'm an equal opportunity hater and can poke at apple just as fast as M$ and linux, but I will say that I will NEVER have an andoid phone. The fact that the file system is encrypted by default and Apple flat refused to give the FBI hacked firmware as it opens Pandora's box meant a lot to me. I'm not saying it's bullet proof, but ask any law enforcement about the difference between android and apple when it comes to using a cellbright and they will tell you that the iphone security is worlds better.

At this point, I've extended my off topic posting long enough, so I probably won't say anything further, but, I did want to share useful information that will help other builders as I always try to do on this forum.

I agree with schu about the security on Apple devices, but am concerned about one item in his post. He is absolutely correct that the text "password" stored as a password on an iPhone would be well-secured and highly inaccessible to a hacker (as he stated), meaning that it would be exceedingly difficult for someone to decrypt the information store to retrieve that password. But it is absolutely NOT a "secure" password to use for ANYTHING.

For years, I received a summary report on the most-often-used (and hacked) passwords, and every single time, the words "password" and "Password" show up on that list. Likewise "12345678" and "qwerty" show up somewhere on that list (along with "asdfgh" and other sets of adjacent keys on the keyboard). Pretty much any "easily guessed" password falls into that category as well (wife or kids names, dog or cat names, etc.).

I once "hacked" into a pretty secure system (at the request of the business owner) by looking around his office, and using the name on the transom of the boat in a picture framed above his desk as the password. It was the first thing I tried - 10 seconds into the process. Needless to say, he was quite embarrassed... That boat was his pride and joy, but it's name was a lousy choice for a password because it was obvious and easily guessed.

Jim, you missed what I said, I said "1password uses an additional 'security key' that you enter when you install your account on a new device that is figured into the encryption which makes even the password 'password' VERY secure". In other words, in the 1password world, 'password' is also combined with 'A3-LV56YH-34FEGW-SDFE34-6CM99-ASDFE-HJKU78' (the security key) to encrypt. I am not recommending 'password' I'm saying that 1password has additional layers of protection to protect against even that.