Happy Apple is doing this but till Passwords goes through several releases I suspect 1Password 8 will remain our App for passwords, bank, credit card, etc data.
I agree with others who are reluctant to save passwords on any app that stores its data in the cloud. I’m not sure I’m ready to use Keychain as convenient as it appears to be. Since a few posters mentioned Apple’s better security, could someone share with a non-expert like me how the Apple Keychain is more secure than the other password managers out there?
I’ve been using mSecure for years mostly because I can sync my devices via WiFi, but auto-renewing subscriptions as with mSecure keep me looking around. The LastPass breach really stressed me.
I agree with others who are reluctant to save passwords on any app that stores its data in the cloud. I’m not sure I’m ready to use Keychain as convenient as it appears to be. Since a few posters mentioned Apple’s better security, could someone share with a non-expert like me how the Apple Keychain is more secure than the other password managers out there?
I’ve been using mSecure for years mostly because I can sync my devices via WiFi, but auto-renewing subscriptions as with mSecure keep me looking around. The LastPass breach really stressed me.
Cheers!
It’s not. Keychain can be synced via your iCloud account so if someone has access yo your username and password, and can spoof your 2FA, they can get your synced keychain. Of course, you don’t have to sync your keychain to iCloud but that means you have to manually keep all your devices updated with your passwords manually. I certainly don’t want to do that.
I use 1Password. Originally it was synced locally or by iCloud or Dropbox. Now they ALSO offer an online sync option via their website, which is great if you share accounts and other info in a different vault with other family members on your plan.
For many years I was doing it as a hybrid system where my Private vault was only synced locally but my shared vaults were synced with family members but I’ve since let that go because 1Password isn’t securing my account with just a username and password; it’s also using a Secret Key which is randomly generated on a device — not online, and AgileBits doesn’t have a copy of it. If you lose one part of that 3 part system your account is forever inaccessible.
Aw yes! This will probably be my favorite update. Every day I’ve been going to Settings, then to passwords and searching for the right domain to get or set a password.
Having separate passwords for each service, it’s now hundreds of them, and having an app is wonderful. Finally!
No doubt it will be unusual by me, just as Apple Keychain is. I refuse to enable stupid 2FA, so I can't use Keychain. However, I can use 1Password (an older version that has no absurd subscription attached to it). Since 1Password still works for me, it largely doesn't matter what Apple does, but I would prefer to obliteration of 2FA at some point in the future. I refuse to be possibly locked out of a particular device only because I don't have the means (device or others) for that 2FA to work. Passwords are enough for me, regardless of what the 2FA worshippers and security experts have to say. I want control to do as I please. 2FA takes some of my freedom away, and I don't like that.
‘Stupid 2FA’
until you get hacked when you won’t find it stupid at all
I started using Apple Keychain back in the days of MobileMe, then Apple nixed the feature and I switched to 1Password. Even when they brought back the ability to sync passwords Keychain's interface was clunky, outdated and limited compared to 1Password so kept using it. As 1password got over priced and clunky I migrated to BitWarden but am less than enamored with its interface.
It sounds like Apple is *finally* creating a decent password app for Mac that lets you sync, store more than passwords, etc. Hopefully this will let me quit 3rd party apps completely.
No doubt it will be unusual by me, just as Apple Keychain is. I refuse to enable stupid 2FA, so I can't use Keychain. However, I can use 1Password (an older version that has no absurd subscription attached to it). Since 1Password still works for me, it largely doesn't matter what Apple does, but I would prefer to obliteration of 2FA at some point in the future. I refuse to be possibly locked out of a particular device only because I don't have the means (device or others) for that 2FA to work. Passwords are enough for me, regardless of what the 2FA worshippers and security experts have to say. I want control to do as I please. 2FA takes some of my freedom away, and I don't like that.
Right there with you. 1Password, no subscription for me either! I'm not paying for the same software for the rest of my life.
So you store all your passwords in an app that doesn’t get security updates? What could possibly go wrong?
It doesn’t need updated. It’s not cloud or internet based.
So your device/computer isn’t connected to the internet? The world keeps moving, and a password saver that isn’t maintained is going to become more and more vulnerable to attack as everything changes around it. Anything so directly related to security needs to be maintained to keep one step ahead (or behind, really) of attackers who are looking for vulnerabilities, and the people doing that maintenance probably don’t want to work for free.
I've been using KeePassXC for a couple of years now. I keep the password database on my local NAS, and even though it's not available on the internet, the database syncs when I come home. Strongbox, the iOS client, is still the only app I've ever bought for my iPhones.
No doubt it will be unusual by me, just as Apple Keychain is. I refuse to enable stupid 2FA, so I can't use Keychain. However, I can use 1Password (an older version that has no absurd subscription attached to it). Since 1Password still works for me, it largely doesn't matter what Apple does, but I would prefer to obliteration of 2FA at some point in the future. I refuse to be possibly locked out of a particular device only because I don't have the means (device or others) for that 2FA to work. Passwords are enough for me, regardless of what the 2FA worshippers and security experts have to say. I want control to do as I please. 2FA takes some of my freedom away, and I don't like that.
‘Stupid 2FA’
until you get hacked when you won’t find it stupid at all
There are sassy talk-back folks like you in every forum. I've been using computers since the 70's and I've never been "hacked." Of course, whenever I say that in feisty debates like this, those same sassy, self-professed Experts of Internet Security then always quip, "it's only a matter of time."
LOL. As if 53-year-old me will be around more than I've already been alive.
No, I'm happy to take my chances. It's my life. My choice. And that choice includes no bothersome 2FA.
Figure out a better way that won't potentially lock me out, and I might consider embracing that new security method. I'm open to change. I'm just not open to change that increases my worry or makes to spend more money or effort. I don't need to take the risk of being potentially locked out of something important or urgent when trying to login on a computer and finding I forgot my iPhone at home. Not on your life! With a password, I am never locked out because there is no second factory of authorization required.
I agree with others who are reluctant to save passwords on any app that stores its data in the cloud. I’m not sure I’m ready to use Keychain as convenient as it appears to be. Since a few posters mentioned Apple’s better security, could someone share with a non-expert like me how the Apple Keychain is more secure than the other password managers out there?
I’ve been using mSecure for years mostly because I can sync my devices via WiFi, but auto-renewing subscriptions as with mSecure keep me looking around. The LastPass breach really stressed me.
Cheers!
It’s not. Keychain can be synced via your iCloud account so if someone has access yo your username and password, and can spoof your 2FA, they can get your synced keychain.
Not if you turn off web access to iCloud. Then 2FA won't matter. But Keychain will still sync between your devices.
Comments
I’ve been using mSecure for years mostly because I can sync my devices via WiFi, but auto-renewing subscriptions as with mSecure keep me looking around. The LastPass breach really stressed me.
I use 1Password. Originally it was synced locally or by iCloud or Dropbox. Now they ALSO offer an online sync option via their website, which is great if you share accounts and other info in a different vault with other family members on your plan.
For many years I was doing it as a hybrid system where my Private vault was only synced locally but my shared vaults were synced with family members but I’ve since let that go because 1Password isn’t securing my account with just a username and password; it’s also using a Secret Key which is randomly generated on a device — not online, and AgileBits doesn’t have a copy of it. If you lose one part of that 3 part system your account is forever inaccessible.
until you get hacked when you won’t find it stupid at all
It sounds like Apple is *finally* creating a decent password app for Mac that lets you sync, store more than passwords, etc. Hopefully this will let me quit 3rd party apps completely.
LOL. As if 53-year-old me will be around more than I've already been alive.
No, I'm happy to take my chances. It's my life. My choice. And that choice includes no bothersome 2FA.
Figure out a better way that won't potentially lock me out, and I might consider embracing that new security method. I'm open to change. I'm just not open to change that increases my worry or makes to spend more money or effort. I don't need to take the risk of being potentially locked out of something important or urgent when trying to login on a computer and finding I forgot my iPhone at home. Not on your life! With a password, I am never locked out because there is no second factory of authorization required.