> Considering this service would be operated and owned by Apple, likely to have a deeper integration across its iOS, iPadOS, and MacOS platforms, and doesn't have the same track record of security breaches as competitors, it should make for a compelling alternative for many users.
Is the reason for fewer security breaches perhaps that the data wasn't as valuable to attackers (until now) ?
It looks to be a new surface on iCloud Keychain, which has existed and been deeply integrated into Apple OSes for a long time. It doesn't seem intuitively too likely this would make it a much more appealing target than it is already.
I really tried to like their new non-native app, and if it works well I could probably live with it, but it was so buggy and glitchy, even to the point where browser auto-fill often just... wouldn't. That's a basic feature.
I switched to iCloud Passwords a few months ago and I'm very happy with the product. Looks like this Passwords app is a nice new GUI over the top of that same database.
Same here. I switched from 1P to Passwords a while back, then switched back when I got a free 1P account from my job. I'd already started thinking about returning to Passwords, though. Much as I wish I could love 1Password, the current app is a mess. I have a Mac Studio without Touch ID and the "unlock with Apple Watch" feature almost never works. They also refuse to allow unlocking with YubiKeys (see https://www.reddit.com/r/1Password/comments/ttt2m0/yubikey_i...) for reasons I consider specious.
1P has some wonderful work-oriented features we use constantly. I don't like the direction it's going for personal stuff.
If 1P was aiming to get attention of an average consumer, Apple might start eating their lunch. SSH key manager is great, but the amount of people who needs it is very small compared to general market.
Might sound like a technicality, but: iCloud Keychain can store the passphrase but can't store the key itself. You still need an encrypted private key on-disk to use this: https://apple.stackexchange.com/a/250572 .
1Password saves the key itself in the encrypted vault and implements an SSH agent that can then interact with OpenSSH etc. and provide key operations, like how a physical dongle would function.
Ah, that is a very important distinction. Thanks for clarifying! For my purposes, the passphrase storage works fine, but I can see how the vault could be a useful feature.
I feel like the people who throw out “Sherlocking” are the same ones who also whine whenever they have to install third-party software for whatever the OS doesn’t do out of the box.
Surprised to see Forget LastPass, as if it's the current incumbent. It very much isn't, at least in my perception. LastPass disgraced itself into irrelevance back in 2022.
Wow. Each to their own I suppose. We have a corporate account and I think 1Password is pretty fantastic. Additionally, all of our employees are given family accounts, that include 5 individuals, for free. I highly recommend 1Password to everyone I know.
It's zdnet and the headline is designed as clickbait. LastPass is likely the most recognizable brand (LastPass claims #1 on their homepage) and among the knowledgable, it absolutely has among the highest recognition not to mention clickbait-worthiness.
The article text mentions 1Password as the first listed PWM product.
Off-topic comment to urge any LastPass users before Sept 16 2022 to please look into parent post's link. LastPass said accounts deleted before June 21 2022 were not affected if that's still up to date.
If I understand:
Attackers got access to LastPass's account data backups directly and in bulk. 2FA doesn't help here.
While LastPass since increased their password rounds for new accounts to 100k+, many users especially long-time users had them set well below and never updated. Reports of 5000 rounds, 500 rounds, ... even 1 round.
URLs were not encrypted. If you had sensitive URLs, I think you have to treat them as compromised. If you had crypto exchange logins or high-value URLs, I'd imagine you might attract extra attention.
I would guess the reality is companies like 1Password make almost all their revenue through B2B relationships. I doubt Apple will encroach too much in that space (lack of sales reps/support etc.)
Curious to see how this ends up impacting competitor's businesses or not though! If Apple gives themselves access to a bunch of integrations and APIs no one else can that sounds like they would be abusing their monopoly power...
This needs to be multiplatform for it to be a viable option for the more tech inclined. I run all three major desktop operating systems plus iOS, so I use Bitwarden
It is available across the two major desktop operating systems, but you'd have to read the article to find that out.
> The Passwords app is free to download, available across iOS 18, iPadOS 18, and MacOS 15, and will also work with the Vision Pro and Windows computers, says Apple.
No Linux or Android, which makes it useless for anybody having any devices running those. And since nobody wants to use two password managers, it remains a better solution to use a truly multi-platform one.
Linux isn't even relevant in this context with it's <1% DWM install base. Android, yes you have a point, though a Mac and Android is a strange combination.
What's strange in it? I've been using macs and android phones for over a decade. And a lot of tech savvy people do the same. Macbooks have been a solid dev platform for a while, and do not really require any mobile platform preference.
> though a Mac and Android is a strange combination.
Probably so, but there is one demographic well represented here that does this routinely: Developers. Macs are the default and often mandatory computers issued to developers at tech companies (I strongly disagree with this approach and think employees should get the platform they are most comfortable on, but Macs only is the current state of things in most places).
So many use Macs because of work, but have Android phones due to reasons I won't articulate here, mostly due to time but also with the audience on this article I expect it would melt down into an argument about which flavor of ice cream is better (metaphorically, not literally). Suffice it to say, Android users would agree with the reasons, Apple users will say you shouldn't be doing those things anyway, and we'll have to agree to disagree.
For me it's pragmatic; MacBooks are or have been the best laptops, and Android phones have been the best value for money while also being less locked down. IPhones are just really expensive luxury devices imo. My phone will probably break for some reason out of my control within a few years of getting it, or it'll become outdated, so I want to get the best hardware + software combination I can for around ~$400USD
I don't see how that could possibly be true objectively, it's my impression that neither platform has any intrinsic hardware qualities that allow it to last longer, but with a Pixel I do have more control over how long I can keep it running if it doesn't succumb to irreparable physical damage.
Anecdotally, it's also my subtle impression that iPhone users are more inclined to update frequently regardless of how much longevity they could get out of it. I just buy my phone and keep it operational for as long as possible, only buying another if my current one is physically inoperable, and I feel like I'd get to that point more quickly with an iPhone, since parts are more expensive and not as readily available.
Main thing is iPhones get security updates for about 8 years. My iPhone 6S is still fine. Pixel in particular will now get 7 years, but this wasn't the case in the past. Random other Android phones don't have good support, and even third-party repairs might be harder.
That's a fair point, and the 6s is a great piece of hardware imo. I just find it frustrating that after security updates stop for my mac, I can definitely keep using software that's always worked on it, supposing I have the executable and any third-party backend services are still running. On my old iPad 3, since the App Store is the central software distributor, more and more apps have been pulled off of it at the discretion of the publisher. It was never really that useful of a device to begin with, but to use the same software, I'd need to buy a new piece of hardware, despite new iPads offering practically nothing substantial in terms of added value (for me) since mine came out. They're nice I guess, but not hundreds or thousands of dollars nice when I likely wouldn't use them for anything different.
The Android one puzzles me a bit. We were Android + Mac for a very long time, more than a decade. I've switched to iOS over the last few years, but my wife remains a dedicated Android user. I don't really want to switch from BitWarden, but if I did Passwords would be a non-starter for us because of this.
I suppose that Apple really considers the iPhone to be the center of its customer's lives, with a Mac or Windows computer... rather than my view, of my computer being the center and my phone tertiary.
I think you might have it the wrong way round, and that you're a good example of why they do it.
You actually care about your computer, and if software isn't available for your OS then you're unlikely to ever switch OS to use it.
But you could be persuaded to move to iPhone, and maybe if enough new Apple services (which aren't available on Android) tempt your wife then she might make her next phone an iPhone, too?
Apple cares more about persuading people to switch from Android to iPhone than about Windows to Mac. But I also suspect there are many more Windows+iPhone people than Mac+Android.
The existence of a port does not guarantee future support of a port. Safari used to run on Windows. They're also somewhat notorious for trash quality Windows ports.
Unless Apple treats every major OS as a first class citizen for this password management app, this becomes another form of ecosystem/vendor lock-in. Have all your passwords securely stored in our app? Thinking about buying an Android phone? Think again.
Of the major tech companies, Apple probably has the worst track record of not playing nice with other platforms, walled gardens and all. Passwords are needed on all platforms. Apple would be the last company I would trust to ensure that I would be able to access my passwords anywhere I may need them.
I actually read the article and didn't see this at first. It's mentioned at the very bottom, right above the "featured stuff" and unrelated article below it, and after a lot of text about what Passwords does that Keychain already did.
My approach has been to move all of the critical secrets out of the vendor device and embed it in a keyboard. It then works with anything that accepts a keyboard.. I'll be releasing this as open source (hardware & software) soon:
Sadly, proly not till next year. I'm funding this myself and hardware is hard. Embedding it into a case has a whole lotta mechanical engineering challenges as well.
The desktop and tablet version will be released this year though.
Yeah, I miss the real physical keyboards. I started with the Palm Treo smart phone in 2001 and stuck with Palm till they died. Better even than blackberry keyboards.
I've found it easier to use Keychain as my "master database" and selectively copy passwords as needed into whatever browsers on non-Apple devices, granted it's not super often. Also, often I can directly use my phone to authenticate another device (passkeys, TOTP, or custom solutions).
I always feel like these password solutions are there to lock you into their platform. I would never use Apples nor Mozillas password solutions personally.
The way Google's password manager covers websites anywhere I'm logged into Chrome plus native Android apps anywhere I'm logged into Google Play is super convenient though (albeit total lock-in, I won't argue that). Some apps are even developed well enough that a password originally stored via Chrome will be suggested for the app, I guess by cross-referencing the origins in some mutual way. And payment card details will auto-fill pretty smoothly in a very similar way, as well.
It's fantastic, and for some reason I trust OS/browser developers to do this more safely than a company focused on password management that has to figure out OS APIs, write browser extensions, or rely on a clipboard that has nearly unbounded read access.
I love that. Unsolicited but quite possibly authentic email from my bank? No auto-fill means no-go, start over from a known URL. It would be funny if this behavior isn't a guarantee in certain adverse conditions.
> anywhere I'm logged into Chrome plus native Android apps anywhere I'm logged into Google Play is super convenient though
Android's autofill framework is open to everyone to use, and every third-party password manager has a Chrome plugin. I use Bitwarden with exactly this experience, but across Firefox and Chrome and Android.
Interesting! If I used Firefox (et al.) more, and if my passwords stored by Google aren't available there but they would be if stored in Bitwarden, this new-to-me information just might lead me to switch. But I do still intuitively put more trust in Google to not make a mistake; I am ready to be convinced of the opposite, though.
Yes Mozilla's does - to Firefox. There are cases I need to use Safari or a Chrome based browser. This is the main reason I got 1password in the first place.
So does Apple make it easy to export even now, just one click on the menu in the System Settings. I assume having an app would make it easier.
So you have two password managers one for Firefox and the other for apps. What happens if you have an app login that is also a web site? Two entries of the same thing?
I used 1Password for years. Last year I decided to try out Apple's built-in manager (for which this new app is a pretty frontend for a feature that already existed). I was able to export all my passwords out of 1P and import them into 1P. Then my company gave us all free personal 1P accounts, and I decided to migrate back. I exported all my data out of Apple's password manager and imported it 1Password, then ran a script to de-dupe entries.
There's not much else to add: it just worked. I wish all "lock in" were that open.
Typo there: I was able to export all my passwords out of 1P and import them into Passwords. I think people got the gist from the context, but just in case.
It is very hard to move from iCloud Keychain to KeePassXC.
Export functionality does not exist in the "Passwords" section of the settings on iPhone. It is also not available in the iCloud for Web. So, I had to go through all my passwords and reset them + create new entries in KeePassXC, one by one, which is very annoying. :-)
I don’t quite understand how this will be different from what built in iPhone password manager.
Something I’d really like: let my iPhone act as a Bluetooth (obviously encryption will be necessary!) or USB keyboard, and have it hold my passwords/type them. That way I could keep my passwords all in one place, and manage them locally. Currently I use keepass when not on iOS, which is fine, but I don’t really want to have to expose my whole passwords file to a Windows machine, since they are traditionally infested with malware (and apparently MS is flirting with including their own first party malware).
The offline device with a plugin usb keyboard that "types" in your username and password is exactly what i've wanted forever. There are some devices people have made and posted online. I made a POC with an old android phone once but never got past that stage.
I investigated the bluetooth encryption and it didn't really seem up to the task. You could create a dongle that lived on wifi though that would do the same.
could you post a link or 2 of the DIY devices? very interesting since this kind of device obviously needs a lot of integration into the PWM software ecosystem.
I think it depends on the password, Bluetooth encryption would probably be fine for, like, my forums passwords. If anyone within, like, 50 feet of me right now wants to break into my Hackernews account… IDK, my dog does seem like a real jerk actually, so if I make any dumb posts let’s assume that she’s stolen my passwords.
A dedicated device would be nice and, actually, keeping your passwords on something that never even has to touch the internet would be ideal. But my phone already has a nice big touchscreen to make it easier to pick a password. Reusing an old device could work but that’s limited.
i've thought of all kinds of iterations with varying levels of security. the phone with BT encryption would be fine in general but that would get picked apart for security if you actually tried to market it as secure.
the really secure way I was thinking is a small touch device that could be small enough to slide into your wallet or even as a device that would live in a phone case exposed on the back of your phone. then there would be a small yubi key like dongle that you'd plug in to whatever your target device is and it would communicate over wifi. that would be like the ultra paranoid version. then you could have the iphone/android app that communicates with the dongle, the one that uses BT encryption, the one that uses a USB cable from the phone to emulate a keyboard.. options are endless.
there's some features you could have like computer vision to recognize the login prompt. it's easy to get into an imaginative loop with the ideas.
I mean, my parents will immediately move to this from BitWarden.
There is still a place for password managers, but if I'm the LastPass CEO, writing is on the wall with this announcement... They will see a large exodus of customers that use Apple OS.
I think for a lot of the password managers out there, the majority of their revenue comes from Apple users. The ones that don't rely on Apple users will be fine.
Yeah there is a pretty good chance that once this rolls out I won't be using 1Password anymore.
I only use 1Password instead of native because I needed something that worked on Windows. Will need to see how well that works, but I just don't see a personal reason why I would not just use this when it works so much better on my iOS devices.
I think this will finally get me to switch from 1Password 7. I was never going to go to the new, subscription-only, electron-based 1Password, so its either hold out on 1P7 for as long as possible or look for something new.
Pointless if it doesnt have cross platform. Apple devices already basically have a password manager, the main reason more people don't use it it is because it doesnt also work on android or windows, not because it's not a standalone app called Passwords.
Hardly. While not everyone is entirely within the Apple eco-system a huge number of people are that go beyond the necessary critical mass. Apple already built this into the OS they just kept it under the clunky Settings UI - so seems like a logical and low-effort move.
If the Family Sharing aspects are well done I'd happily say goodbye to my 1Password subscription.
Being in system settings makes sense to me. Having the place to see the same stuff on macOS be Safari’s settings window is the bizarre part.
Regardless, I’ve been using it for years now. Works fine. Better UI will be nice assuming this doesn’t come with a bunch of updates that somehow manage to make it work less-well.
My approach has been to move it out of the vendor OS entirely and embedd it in the keyboard. I'll be releasing this as open source (hardware & software) soon:
No connection other than being a fan. I started working on my (simpler) approach before precursor was launched and think there is a place for both, but I'm a big fan of all the work he and his team are doing.
Agreed, for me it needs a solid webapp too. I reference personal credentials on my corp laptop and can't/won't login to anything that's in the system and am unable to install any unauthorized apps.
I also don't get why pay for a password manager when there is a free one from a trustworthy entity, Mozilla Firefox, that works on android, windows, linux, iOS and MacOS.
But what features are unique to the payed ones? The Firefox one already checks if your accounts was found on a leak, it has the complete set of feature you would expect to "CRUD" your passwords, integrates with the virtual keyboards in iOS and Android so it's easy to fill login forms on any app and by virtue of being part of the browser has perfect integration with the browser, autogenerates random passwords for you and finally it syncs all your passwords across all your devices (plus all the other things that firefox sync syncs). And again, works on all relevant platforms no exceptions.
Being locked into the eco system is my main reason for avoiding Apple products. Switching from an iPhone to an Android phone was painless for me because I didn't use any of the Apple services (iMessage, iCloud, Passwords). If I had to simultaneously switch from Passwords to Bitwarden would've been time consuming and annoying.
It works on Mac -and- Windows? Goodbye 1Password! The browser extension has been SO buggy for me on Safari ever since v8, I'm SO excited that I might finally be able to ditch it. I even mentioned it in a comment before[0]. Looks like the day has come!
I started using Keychain pretty much primarily this year (other than 1Password at work) and it works pretty seamlessly for me (granted Apple devices only). Even the Chrome extension works quickly as if it were a native part of Chrome.
Glad they're splitting it out of System Settings into a dedicated app.
I've also started migrating family members to it. It'll be way easier for the less technical people since it's already tightly integrated in the devices and OS they use everyday.
Does the Chrome extension still require you to enter a six digit code every day to even use it? When I tried it this was incredibly annoying and I switched back to 1password shortly after.
Not sure that it's every day but I haven't been too bothered by it. It's not unlike the security policies where I work. So needing to type in a OTP isn't out of my normal routine.
It’s important, otherwise that means any locally-running binary (maven, npm) can steal all of your passwords, since they are in clear on your computer.
MacOS asks when “Terminal” wants to access the Downloads or Documents or the Contacts, etc.
However it asks once, across all Terminal programs, for the entire lifetime. So if you’ve ever used “find ~/Documents -…”, then Maven can access it too.
My opinion about this is that we’ll progressively go towards a Dockerization of the builds, which is the only one that gives developers confidence about the sandboxing.
It should be required by SOC2/PII certifications, though. As in, I already think I’ve seen an insurance ask something like “Are accounting documents present on a machine where compilation is executed” or maybe it was “Is it possible to install new programs on machines where sensitive documents are managed?”
Yeah. But even for Mac it's always been more of a technical utility app. When I say that it feels more akin to Disk Utility than the Notes app (in terms of who it's meant for).
These days it even shows you a popup that asks something along the lines of "are you sure you want this app and not the iCloud Keychain tab in System Preferences".
FireFox doesn't work with KeyChain, at least, not the last time I checked (which was a few years ago, admittedly). There's an extension that goes one way (read only), but that's of course relying on an unknown entity.
This is welcome. Central password management really should be an OS feature. Drives me crazy that every browser I use has a different credentials store and sync service.
One of my biggest feature wishes finally come true. A few updates back they made the Passwords section in Settings one level less deep, and I was very frustrated they realized it should be easily accessible but didn’t bother making it a standalone app when Keychain existed on Mac.
I'll be trying this out, but moving me from Bitwarden will prove quite a feat - especially since it was the best option for me after trying over 10 password managers while I was still window shopping for one.
Electron apps are usually (not always necessarily) sluggish and don’t support native UI paradigms or keyboard shortcuts or navigation. The Bitwarden desktop app is one of the bad ones.
Disk space for one. The Bitwarden macOS application is around 390 MB. For comparison, Firefox is 388 MB. They're usually much worse from a CPU and RAM perspective too.
Mainly depends on which platforms you use. If you’re using Bitwarden on Android and/or Linux, then this isn’t a replacement. If you’re on Apple’s iOS/iPadOS/macOS or are on Windows, you can use this. These are also native apps, unlike Bitwarden’s Electron monstrosity on the desktop.
Bitwarden has been lagging in implementing any consumer features for some years now (custom item types has been on the roadmap for six years and is still not done). Except for secure notes in Bitwarden, I don’t think you’d miss anything else in this app. Bitwarden is spending money and focus on the enterprise, just like 1Password has been. For the consumer segment, neither of these are good enough now.
> Bitwarden has been lagging in implementing any consumer features for some years now...
This is actually the reason why I like Bitwarden. They don't seem to be constantly trying to push unwanted features on me. I've always been a fan of the first "rule" of the Unix Philosophy: do one thing well.
You think people will migrate from LastPass to 1password or do you think this just limits new inbound.
Also if those two apps didn't have a product feature map way ahead of apple then they were doomed from the get go. They must have known something like this was a significant business threat if not existential risk...
It's worth noting that this is Windows only, and needs you to install the iCloud native client there (which might not be an option on managed devices).
It doesn't work as a standalone Chrome extension in the way that 1Password or Bitwarden do, for example.
So… this new app does most of what the depreciated “Keychain” app did, except now it’s got a iOS-looking UI. Huzzah, I guess, the “passwords” section in the iOS-restyled system prefs sure wasn’t substituting for Keychain for me. Passwords doesn’t appear to handle secure notes, though, and I still have a few of those, too.
I still really hate the iOS-restyled system prefs. Tiny unresizable text, a long vertical scroll. I can’t find a damn thing in it and just use the search bar every time and feel faintly annoyed about it.
I noticed a "Notes" section in password items. So, I guess in theory you could utilize those.
But my biggest one is wanting to store secure files. Think copies of a drivers license, signed documents or various certs and keys. That's not being covered here either for me sadly. It's not a super common situation for me so I can probably find an alternative app for that purpose.
Edit: Also for notes, I'd just password protect something in the Notes app. But that's just me.
For iOS & Mac https://thevault-app.com does exactly that for me. Storing PDFs, or just plain images of passport, drivers license etc (in addition to passwords). It’s a bit on the technical site (eg, also has cmd: prefix for terminal commands etc)
for this requirement i choose to use encrypted sparse files (can be created with the disk manager app) which i store on the icloud. is only of use if you happen to have a laptop with you as mounting them is not supported in iOS
Can’t you just paste the DL image into a Note and then password protect it?
I frankly just have photos of DL and insurance cards in my photos with tags to make finding them easy. Although note with the text searchable images that’s largely not even needed.
I don’t get what the security concern in. My photo reel is way more secure than my actual wallet.
Oh, you can? I should look into that then, thanks. I’ve vaguely settled on Notes as “I guess this is the least shitty replacement for the specific way Evernote fit I to my life” but have never actually sat down with its manual to see what it can actually do.
Hopefully Adobe won’t decide to start shitting a bunch of authorization credentials into private Notes the way they took over the Private Notes section of Keychain.
Record and transcribe a live call directly from the Phone app.21 You can also search call history more easily, dial smarter, and switch SIM cards seamlessly.
Where did you get that impression from? The WWDC keynote mentioned recording calls on iPhone (with transcription) and said that the other end would be notified when you start recording.
Oh really? Unfortunately i didn’t see the keynote this time and i didn’t see this in any online summaries. Didn’t expect they’d do it this time! Ive been asking for it in prev years. But does it record audio? This is good if you get to keep audio!
And put all the eggs into the same basket? No, thanks. I prefer to spread critical responsibilities among a small group of "little tech" companies that offer clear and concise data portability among them.
If this supports OTP, and ideally profiles, I'd likely cancel my 1Password subscription. I've been waiting for Apple to release something like this for a long time and surprised it took them this long.
iOS already supports OTP, it’s just buried in Settings > Passwords > Set up verification code. Once you do that, it’s seamless - it autofills in all my site and works beautifully in chrome/edge/firefox even in my PCs
Keychain has been built into all apple devices for ages, and all support OTP and seamless sharing across all your devices. Genuinely interested to know why you have been using 1Password when apple will already do it all for you? Did you not know?
766 comments
[ 3.1 ms ] story [ 516 ms ] threadIs the reason for fewer security breaches perhaps that the data wasn't as valuable to attackers (until now) ?
The new SSH key manager feature is an example of something Apple's unlikely to address for years, if ever. https://developer.1password.com/docs/ssh/manage-keys/
I switched to iCloud Passwords a few months ago and I'm very happy with the product. Looks like this Passwords app is a nice new GUI over the top of that same database.
1P has some wonderful work-oriented features we use constantly. I don't like the direction it's going for personal stuff.
1Password saves the key itself in the encrypted vault and implements an SSH agent that can then interact with OpenSSH etc. and provide key operations, like how a physical dongle would function.
It's almost double the price per user so my company switched to Bitwarden.
We're a Mac shop and if Apple can make it even more affordable then we would definitely consider switching again.
https://en.wikipedia.org/wiki/LastPass#2022_customer_data_an...
The article text mentions 1Password as the first listed PWM product.
If I understand:
Attackers got access to LastPass's account data backups directly and in bulk. 2FA doesn't help here.
While LastPass since increased their password rounds for new accounts to 100k+, many users especially long-time users had them set well below and never updated. Reports of 5000 rounds, 500 rounds, ... even 1 round.
URLs were not encrypted. If you had sensitive URLs, I think you have to treat them as compromised. If you had crypto exchange logins or high-value URLs, I'd imagine you might attract extra attention.
[edit for typos].
2017: Design flaws in LastPass two factor authentication. http://www.martinvigo.com/design-flaws-lastpass-2fa-implemen...
2016: More LastPass security vulnerabilities. https://palant.de/2016/09/16/more-last-pass-security-vulnera...
2015: Even the LastPass will be stolen. http://www.martinvigo.com/even-the-lastpass-will-be-stolen-d...
Curious to see how this ends up impacting competitor's businesses or not though! If Apple gives themselves access to a bunch of integrations and APIs no one else can that sounds like they would be abusing their monopoly power...
> The Passwords app is free to download, available across iOS 18, iPadOS 18, and MacOS 15, and will also work with the Vision Pro and Windows computers, says Apple.
Probably so, but there is one demographic well represented here that does this routinely: Developers. Macs are the default and often mandatory computers issued to developers at tech companies (I strongly disagree with this approach and think employees should get the platform they are most comfortable on, but Macs only is the current state of things in most places).
So many use Macs because of work, but have Android phones due to reasons I won't articulate here, mostly due to time but also with the audience on this article I expect it would melt down into an argument about which flavor of ice cream is better (metaphorically, not literally). Suffice it to say, Android users would agree with the reasons, Apple users will say you shouldn't be doing those things anyway, and we'll have to agree to disagree.
Anecdotally, it's also my subtle impression that iPhone users are more inclined to update frequently regardless of how much longevity they could get out of it. I just buy my phone and keep it operational for as long as possible, only buying another if my current one is physically inoperable, and I feel like I'd get to that point more quickly with an iPhone, since parts are more expensive and not as readily available.
I suppose that Apple really considers the iPhone to be the center of its customer's lives, with a Mac or Windows computer... rather than my view, of my computer being the center and my phone tertiary.
You actually care about your computer, and if software isn't available for your OS then you're unlikely to ever switch OS to use it.
But you could be persuaded to move to iPhone, and maybe if enough new Apple services (which aren't available on Android) tempt your wife then she might make her next phone an iPhone, too?
Apple cares more about persuading people to switch from Android to iPhone than about Windows to Mac. But I also suspect there are many more Windows+iPhone people than Mac+Android.
The other major password managers are on Linux, and Apple will need to support Linux for this new offering to be interesting to me.
Of the major tech companies, Apple probably has the worst track record of not playing nice with other platforms, walled gardens and all. Passwords are needed on all platforms. Apple would be the last company I would trust to ensure that I would be able to access my passwords anywhere I may need them.
https://github.com/PhilippC/keepass2android
https://www.anomie.tech/products/anigma/ce/
The desktop and tablet version will be released this year though.
It's fantastic, and for some reason I trust OS/browser developers to do this more safely than a company focused on password management that has to figure out OS APIs, write browser extensions, or rely on a clipboard that has nearly unbounded read access.
At least on iOS, this works for any password manager.
Android's autofill framework is open to everyone to use, and every third-party password manager has a Chrome plugin. I use Bitwarden with exactly this experience, but across Firefox and Chrome and Android.
and where do you store your passwords for apps?
I use KeePassXC to store passwords for apps.
So you have two password managers one for Firefox and the other for apps. What happens if you have an app login that is also a web site? Two entries of the same thing?
There's not much else to add: it just worked. I wish all "lock in" were that open.
Something I’d really like: let my iPhone act as a Bluetooth (obviously encryption will be necessary!) or USB keyboard, and have it hold my passwords/type them. That way I could keep my passwords all in one place, and manage them locally. Currently I use keepass when not on iOS, which is fine, but I don’t really want to have to expose my whole passwords file to a Windows machine, since they are traditionally infested with malware (and apparently MS is flirting with including their own first party malware).
I investigated the bluetooth encryption and it didn't really seem up to the task. You could create a dongle that lived on wifi though that would do the same.
https://www.google.com/search?q=password+manager+with+usb+ke...
https://github.com/tejado/Authorizer
https://hackaday.com/2020/02/08/usb-password-keeper-runs-on-...
https://www.amazon.com/OnlyKey-Stealth-Black-Case-Communicat...
https://www.anomie.tech/products/anigma/ce/
A dedicated device would be nice and, actually, keeping your passwords on something that never even has to touch the internet would be ideal. But my phone already has a nice big touchscreen to make it easier to pick a password. Reusing an old device could work but that’s limited.
the really secure way I was thinking is a small touch device that could be small enough to slide into your wallet or even as a device that would live in a phone case exposed on the back of your phone. then there would be a small yubi key like dongle that you'd plug in to whatever your target device is and it would communicate over wifi. that would be like the ultra paranoid version. then you could have the iphone/android app that communicates with the dongle, the one that uses BT encryption, the one that uses a USB cable from the phone to emulate a keyboard.. options are endless.
there's some features you could have like computer vision to recognize the login prompt. it's easy to get into an imaginative loop with the ideas.
There is still a place for password managers, but if I'm the LastPass CEO, writing is on the wall with this announcement... They will see a large exodus of customers that use Apple OS.
I only use 1Password instead of native because I needed something that worked on Windows. Will need to see how well that works, but I just don't see a personal reason why I would not just use this when it works so much better on my iOS devices.
If the Family Sharing aspects are well done I'd happily say goodbye to my 1Password subscription.
Regardless, I’ve been using it for years now. Works fine. Better UI will be nice assuming this doesn’t come with a bunch of updates that somehow manage to make it work less-well.
https://www.anomie.tech/products/anigma/ce/
As mentioned in another news article on the topic:
> It also syncs with PCs via the iCloud for Windows app.
* https://www.theverge.com/2024/6/10/24175505/apple-password-a...
and in the keynote itself:
* https://www.youtube.com/watch?v=RXeOiIDNNek&t=59m32s
I guess Apple does not think that 2024 will be the Year of the Linux Desktop.
If password managers could interfere with password fields in Firefox without its help, malware could do that, too.
Or is there a generic password manager API on Windows that Apple doesn’t implement?
1: https://en.wikipedia.org/wiki/Usage_share_of_web_browsers
* https://www.youtube.com/watch?v=RXeOiIDNNek&t=56m32s
I mean, why else would Apple invest in something like this. They became the richest company in the world by increasing lock-in in every step.
[0]: https://news.ycombinator.com/item?id=36427945
Glad they're splitting it out of System Settings into a dedicated app.
I've also started migrating family members to it. It'll be way easier for the less technical people since it's already tightly integrated in the devices and OS they use everyday.
However it asks once, across all Terminal programs, for the entire lifetime. So if you’ve ever used “find ~/Documents -…”, then Maven can access it too.
My opinion about this is that we’ll progressively go towards a Dockerization of the builds, which is the only one that gives developers confidence about the sandboxing.
It should be required by SOC2/PII certifications, though. As in, I already think I’ve seen an insurance ask something like “Are accounting documents present on a machine where compilation is executed” or maybe it was “Is it possible to install new programs on machines where sensitive documents are managed?”
Bitwarden has been lagging in implementing any consumer features for some years now (custom item types has been on the roadmap for six years and is still not done). Except for secure notes in Bitwarden, I don’t think you’d miss anything else in this app. Bitwarden is spending money and focus on the enterprise, just like 1Password has been. For the consumer segment, neither of these are good enough now.
This is actually the reason why I like Bitwarden. They don't seem to be constantly trying to push unwanted features on me. I've always been a fan of the first "rule" of the Unix Philosophy: do one thing well.
But it might make other people who don't use a password manager start using one.
Also if those two apps didn't have a product feature map way ahead of apple then they were doomed from the get go. They must have known something like this was a significant business threat if not existential risk...
It doesn't work as a standalone Chrome extension in the way that 1Password or Bitwarden do, for example.
I still really hate the iOS-restyled system prefs. Tiny unresizable text, a long vertical scroll. I can’t find a damn thing in it and just use the search bar every time and feel faintly annoyed about it.
But my biggest one is wanting to store secure files. Think copies of a drivers license, signed documents or various certs and keys. That's not being covered here either for me sadly. It's not a super common situation for me so I can probably find an alternative app for that purpose.
Edit: Also for notes, I'd just password protect something in the Notes app. But that's just me.
I frankly just have photos of DL and insurance cards in my photos with tags to make finding them easy. Although note with the text searchable images that’s largely not even needed.
I don’t get what the security concern in. My photo reel is way more secure than my actual wallet.
Hopefully Adobe won’t decide to start shitting a bunch of authorization credentials into private Notes the way they took over the Private Notes section of Keychain.
Record and transcribe a live call directly from the Phone app.21 You can also search call history more easily, dial smarter, and switch SIM cards seamlessly.