[HN Gopher] Apple passwords deserve an app
___________________________________________________________________
Apple passwords deserve an app
Author : ttepasse
Score : 1197 points
Date : 2023-03-27 17:55 UTC (1 days ago)
(HTM) web link (cabel.com)
(TXT) w3m dump (cabel.com)
| tap-snap-or-nap wrote:
| At this point, the whole password based infrastructure needs a
| revamp.
| aquanext wrote:
| My best guess is that Apple won't do it because their plan is to
| phase out passwords entirely. That's what that whole FIDO
| Alliance (https://fidoalliance.org) is all about.
|
| And 1Password is part of that too:
| https://blog.1password.com/1password-is-joining-the-fido-all...
|
| I think that ultimately a password tool needs to be available on
| multiple platforms, like 1Password. Having it just be on Apple
| stuff just isn't gonna work for the many Windows and Linux
| machines I begrudgingly have to interact with.
| ttul wrote:
| 1Password knows that it will take centuries for passwords to
| disappear even if a password-less future is already here.
| Hamuko wrote:
| Passwordless future definitely wasn't here just 1-2 years
| ago. The management of WebAuthn Discoverable Credentials /
| Resident Keys was so fucking awful on every platform I tested
| them on.
|
| You want to clear your Resident Key for a website on Windows?
| Command-line.
| judge2020 wrote:
| 1Password has embraced it:
| https://blog.1password.com/passkeys-are-coming-to-1password/
|
| While I'm not sure how they've integrated it so far, I
| imagine browsers will either implement a plugin API for
| extensions to handle passkeys, or 1p can override the
| webauthn api and fallback to the browser when a website is
| authenticating.
| CryptoBanker wrote:
| Oh god please no
| tikkun wrote:
| While we're on the subject, other Apple things that deserve an
| app:
|
| Dashboard/status
|
| - I have a smart lock, and they have their own app, where all it
| really does is show the current status of the lock and let me
| toggle it. There are quite a few apps like this. It'd be nice if
| they could all be condensed into a dashboard/status app that
| could just tweak values and show current status. Apple Home
| attempts to do some of this.
|
| Notifications
|
| - It'd be nice if there was a notifications app, and I could set
| most of my apps to deliver their notifications to that app,
| instead of me directly. This would reduce notification overload
| and distraction.
| WorldMaker wrote:
| Have you tried Notification Summaries yet? That's sort of like
| a "deliver notifications to a separate app".
|
| In the notifications settings you create at least one Scheduled
| Notification Summary. I've currently got ones setup roughly
| every four hours during "core daylight hours" for me, plus I
| enable the "preview option" to read the next summary early if I
| need to. Then you add as many apps as you want to the
| Notification Summaries. All of the notifications for those apps
| during each time period get rolled up into a single Summary
| object in your notifications, only give a notification alert
| once for the entire group of them (at the scheduled time), and
| don't cause Watch notifications (if that's a
| distraction/overload you especially juggle as I do).
|
| At this point I've even got all my email notifications going
| into Summaries (which is why I turned on the preview for the
| next summary if I feel like I need a quick glance at recent
| email subject lines without opening my email app up).
|
| It is such a useful tool and not a lot of iOS users discover it
| in the settings. May also be an indicator that it could use its
| own app because discovery in the Settings app itself is hard.
| Maybe the Settings app is just doing too many things now and
| needs some sort of reorg or something.
| Spivak wrote:
| Isn't that first one Home/iHome/HomeKit whatever you wanna call
| it? If your lock doesn't support HomeKit there's a good chance
| Homebridge does.
| mirkodrummer wrote:
| I did a new mac setup recently and just discovered, after many
| years of use, that I cannot use 1 Password 7 anymore :( The app
| works it's just they're phasing out the browser "classic"
| extension with the excuse(?) it won't work with the new manifest
| v3, so a migration to 1 password 8 is required. I hate their
| subscription model and I think I'll self host bitwarden, but was
| also considering the system password manager, or the one builtin
| into Firefox. Problem is passwords won't leave the browser
| ecosystem in this way and it's more often than not that today you
| need to move password cross platform and cross device. So I don't
| see an apple password manager as the best solution, they usually
| stay inside their walled garden
| Jolter wrote:
| For your preferences, I'd propose Keepass. Maybe you've already
| looked into it.
| alana314 wrote:
| They don't make it clear on iOS which password manager you're
| using, which hurts both them and other password managers I think.
| The worst experience is not knowing where your password is or
| which account it's using. I had to turn off all apple password
| management in preferences, I've thought about going all-in on
| apple passwords but don't think it has all the features I want.
| stalfosknight wrote:
| That app is called Keychain Access on macOS.
| kup0 wrote:
| Not sure we want to ask Apple to build more software when they
| can't even get the quality of their existing software up to par.
| I would be strongly inclined to stick with something less tied to
| the platform/ecosystem, like 1Password
| TheRealDunkirk wrote:
| Regardless of how great they might make an interface for it,
| passwords are the _last_ thing I haven 't given to Apple. If I
| lost control of my Apple ID, it would be a disaster, but at least
| it wouldn't expose _everything else_ as well. I have a hard time
| getting over this mental hurdle, so it 's 1Password for the
| foreseeable future for me, no matter what they do here.
| theden wrote:
| I recommend https://strongboxsafe.com/ as a better open source
| alternative
|
| Works with touchID on my MacBook, uses KeePass so it's easy to
| migrate if needed, and the killer feature for me was being able
| to sync it to iCloud so you can use it across devices. Even
| better if you enable E2E encryption on your iCloud
| https://support.apple.com/en-au/HT212520
| faeriechangling wrote:
| It's a good piece of software for what it is, but the tool is
| .kbdx based and like all such solutions tends to handle shared
| secrets rather poorly. It also handles adding new secrets for
| new accounts less elegantly than Apple's own built-in password
| manager which has a nice flow for adding anonymous forwarding
| email addresses and contact details for new accounts so long as
| you commit to the cult of iCloud.
|
| Still if you need a multi-platform password manager that
| performs well on Apple devices there's nothing I can recommend
| since you can just use .kdbx tools on other platforms and
| strongbox itself has highly reliable multi-cloud sync,
| extremely fast input of secrets, a better security model than
| keychain itself has, and even has MacOS Chrome support (abliet
| hacky support) if you feel like trusting the plugin. It makes
| Bitwarden and other Keepass clients feel clunky in comparison.
| altitudinous wrote:
| I agree (and its not often I agree with folk on Hacker News),
| Apple provide a far superior password service inside a far
| inferior UI. The handling of authentication codes is particularly
| great in the Apple ecosystem, but very poorly promoted.
|
| For a company that markets itself as secure these are retrograde
| steps.
| Anechoic wrote:
| _Keep a "Notes" field where you can add extra data, like 2FA
| backup codes, for each password!_
|
| I'm not sure if the reference here is to Keychain's "Secure
| Notes" or the "comments" field associated with password items. If
| the latter, I've found (at least on older versions of OS X/macOS)
| that when Safari updates the value of a changed password, it
| _deletes_ the comments! I used the comment field to add the
| (random) answers to security questions, and got burned on a
| couple of sites when I 've needed to do an account reset and lost
| those answers.
| shagie wrote:
| > that when Safari updates the value of a changed password, it
| deletes the comments!
|
| It doesn't change a password, it creates a new one.
|
| This means if you somehow mangle saving the password (you
| thought you updated it, but didn't) the older password is still
| in your keychain with the older note and it can still be
| retrieved.
| 404mm wrote:
| One core feature that will keep lot of people from using Apple
| Password manager is family setup. Anyone with Apple family knows
| how bad it can be when you have dozens or hundreds of shared
| passwords between you, your spouse and / or kids.
| rootusrootus wrote:
| Yep. 1Password has my business indefinitely because of this
| requirement. Apple may be building a nice solution for single
| people (and perhaps many non-parents), but it's useless for
| family use.
| kjto wrote:
| what about https://authy.com/download? mobile/desktop/cloud sync,
| free...
| markkvdb wrote:
| The password managers ("Passwords" and "Keychain Access") seem
| deliberately limited. A few issues that I noticed:
|
| The discrepancy between the "Passwords" and "Keychain Access"
| app. Passwords manages 2FA codes whereas Keychain doesn't.
| Keychain allows you to add another URL for a password whereas
| Passwords doesn't. The latter issue often leads to headaches
| dealing with passwords when the URL of the login page is not the
| same as the URL for the second part of the 2FA.
|
| An example that became unnecessarily frustrating. Heroku makes
| you login to dashboard.heroku.com but the 2FA code needs to be
| filled in at a salesforce URL. Since I can't add this salesforce
| URL to the existing password (+ 2FA code) I have to manually copy
| the code. The shortest routine I found for that is:
|
| 1. CMD+Space. 2. Enter "passw". 3. Click on the search bar. 4.
| Enter "Heroku". 5. Click on the password. 6. Go back to the web
| page to enter the displayed code.
|
| Simply having the option to add another URL (which was possible
| in Keychain Access) would solve this entire issue...
| aaronharnly wrote:
| I follow Ricky Mondello, who works on the Apple password keeper
| functionality -- they post interesting tidbits pretty regularly.
|
| https://twitter.com/rmondello
|
| https://hachyderm.io/@rmondello
| filmgirlcw wrote:
| +1 Ricky is the best. They also made a very useful Shortcut [1]
| that offers quick access to the Passwords on your Home Screen
| or Mac menubar.
|
| [1]: https://rmondello.com/passwords-shortcut/
| shikshake wrote:
| clicking this link throws a bunch of warnings in my browser,
| and my university internet blocks me from seeing the actual
| website :(
| [deleted]
| testfrequency wrote:
| https://www.icloud.com/shortcuts/cd5b0ec116ee4d1d8654823839
| 4...
| filmgirlcw wrote:
| Thanks for that! My work machine blocks this too
| ironically, which is weird since Ricky is my friend and I
| know they are trustworthy. I'll let them know.
| sacnoradhq wrote:
| That iOS supports multiple password sources from other apps
| already largely solves the case of using a cross-platform app
| to provide or store passwords.
| selykg wrote:
| I met Ricky at a WWDC years ago when I was in the password
| manager field. What a wonderfully intelligent person. Actually,
| several members of the Safari team were present at that meeting
| and it was such a great set of people. I kind of miss that part
| of that job...
| WorldMaker wrote:
| It took effort but I finally got my dad to use 1Password
| regularly, but my mom would be a lot easier to convince if Apple
| just made its own password tools easier to use, especially cross-
| platform, including maybe putting a nice app face on it.
|
| > PPS: I dream of a future where Passkeys could make the password
| manager extinct. But it'll take time...
|
| Passkeys even more so need more of a "curated app experience" to
| work right, cross platform. Ironically, it is my impression that
| preparing for Passkeys is why Apple finally added that password
| explorer to Windows' weird iCloud "control panel". (For a long
| time, the only way to use iCloud passwords on Windows was the
| awful Edge/Chrome integration.)
| w-m wrote:
| Tangentially related, something that has slightly inconvenienced
| me a few times: Can someone point me to a setting to get Siri to
| show me my passwords again, on iOS 16?
|
| Before, I could ask on an unlocked phone to "show me my password
| for GitHub" and Siri would open the settings app with the
| password list and show the GH credentials. Now (since iOS 16?)
| Siri just refuses to do any request that contains 'password'.
| selykg wrote:
| You mean Shortcuts? You can have it open this URL:
|
| prefs:root=PASSWORDS
|
| You'll want to set up Siri separately as part of it, but you
| can definitely do that with Shortcuts.
| w-m wrote:
| Interesting, thanks!
|
| What I described didn't need a shortcut before. It was a
| vanilla iOS feature. I assume it went away for privacy
| reasons with one of the OS updates. And hoped there'd be a
| setting to get it back.
| gumby wrote:
| The nice thing is: the way they implemented this it looks like
| you could pretty easily write a 1passwordish mac client as an
| interface to the system infrastructure. I say "1passwordish"
| because one of the tedious part of a program like that is the
| browser parsing to handle all the weird authentication cases devs
| write.
|
| Unfortunately I'm not an ios dev and wonder if it might even be
| possible to do the same on ios? I believe there is an API so you
| can write _a_ password manager (1password et al use that) but can
| you get to the secure system services?
|
| Edit: I now see who wrote this blog post. Were it straightforward
| on ios he probably would have said so.
| frutiger wrote:
| I am not an expert macOS/iOS developer but I unsuccessfully
| played around with the API a couple of times.
|
| You can't access passwords stored by another app (app
| identifiers appeared to be globally unique, e.g.
| com.apple.Safari). There was an additional hurdle to
| access/store items in the iCloud keychain, though I forget what
| exactly.
|
| This restriction makes sense.
| imchillyb wrote:
| Until Apple's keychain works reliably across all platforms, I'll
| continue to use Dashlane Password manager.
| kylehotchkiss wrote:
| internally, apple used to have a pretty big 1Password contract -
| https://appleinsider.com/articles/18/07/10/apple-looking-to-...
|
| Maybe they don't want to promote their own too heavily, to allow
| 1Password to take on the organizational risk of running a
| password manager? (For context, think about your current view of
| lastpass vs how you felt about it a year before their leak).
| Maybe the internal password management functionality is better
| suited to orgs which restrict third party apps?
| arghnoname wrote:
| 1password has features that are useful in a large corporation
| that keychain does not have, particularly around sharing
| passwords and password vaults.
|
| I haven't noticed even minimal credential sharing facilities in
| keychain.
| dwaite wrote:
| WRT credential sharing, you can airdrop credentials to people
| on your contacts list.
|
| But multiple vaults and vault sharing - no such luck. I don't
| think they want to deal with the UX confusion of it,
| especially since that confusion could lead to someone getting
| locked out of things.
| immdischt wrote:
| The article is informative but failed to describe where to find
| Apples password settings / feature while complaining about how
| hard is is to find...
| cjdoc29 wrote:
| I really like Apple's implementation of passwords, passkeys, etc.
| But...I had a hard time explaining this to my mom.
|
| She uses it to generate her passwords and fill-in within Safari
| which is great!
|
| But there's no "Passwords" app, and she didn't know to go into
| Settings to reference a password when Safari doesn't recognize a
| password field (probably the website's fault).
|
| 2FA is also a confusing experience, but 2FA is also just
| confusing enough for her where Apple isn't really the problem
| here.
| reaperducer wrote:
| _But there 's no "Passwords" app_
|
| It's called Keychain Access.
| cjdoc29 wrote:
| iOS does not have "Keychain Access" as a named setting or
| app.
|
| MacOS has both Keychain Access as a standalone app, and
| Passwords as a section in your settings. The latter is
| dedicated to purely passwords that you, as the user, make.
| Keychain Access also contains passwords for Wi-Fi and other
| systems.
| cj wrote:
| The problem is Keychain Access doesn't pass the "mom test"
| (would you average consumer - e.g. your mom - actually use
| it)
| Hamuko wrote:
| No password manager passes that as far as I'm concerned.
| waynecochran wrote:
| Keychain Access doesn't pass the "me" test and I have a PhD
| in CS.
| airstrike wrote:
| They don't even know why it's called that
| shagie wrote:
| Because you can store non-passwords in there too.
|
| Secure notes, your own signing certificates, keys, root
| CAs, and specific self signed certs you've accepted for
| SSL.
| airstrike wrote:
| Still, none of that means anything to the average user.
| Searching for "passwords" in Spotlight should also take
| you to your passwords
| shagie wrote:
| Make an alias to Keychain access. Name it "Passwords" and
| have that a directory that is indexed by Spotlight (the
| Utilities directory under Applications where Keychain
| Access is found works fine).
|
| This will then show up in the launchpad.
| https://i.imgur.com/IRPOMC5.png
|
| Searching for 'pass' in Spotlight does bring up Keychain
| access - as that's in the apps list of Keywords...
| _however_ the list of apps is _way_ down on the scrolling
| https://i.imgur.com/KFUC0G0.png - it found 'password' as
| a string in 100 python files that I had to scroll through
| first.
| airstrike wrote:
| > Make an alias to Keychain access.
|
| Sorry, but that also doesn't mean anything to the average
| user. If anything it's made it more complicated for them
| --they will remember to type in "key" before they learn
| how to make an alias
|
| That _I_ don 't have an issue with the word "keychain"
| doesn't mean it's not bad UX for the average Mac OS user
| shagie wrote:
| Specifically, what functionality would you like?
|
| If you do control-space (to bring up spotlight) and type
| in password, what do you want it to do and what is
| missing?
| shagie wrote:
| Since I use it quite a bit for secure notes, I've got it
| pinned in my toolbar. From the top down I've got Finder,
| System settings, Keychain Access, HomeKit, Launchpad,
| Safari... and then other things.
|
| The thing is, its the 3rd one down.
| squeaky-clean wrote:
| Isn't Keychain Access MacOS only? It's not available on
| iPhone.
| HeavyFeather wrote:
| Are you talking about that utility that looks straight out of
| Windows 98? Surely it could use some love in 2023. I don't
| think I've ever seen it updated, it's not an acceptable UI
| for consumers.
| HnUser12 wrote:
| Someone linked this on the top
|
| https://rmondello.com/passwords-shortcut/
|
| You should be add this to home-screen like an app. Should make
| it a bit easier open passwords.
| pharos92 wrote:
| 100% - the current method of access (via settings) is so nu-
| intuitve. A real sign of the state of Apple over the last few
| years. Customer UX needs to become front-and-centre again.
| permo-w wrote:
| my issue with apple passwords is that you literally cannot put a
| password on them. iPhone forces you to use biometrics as your key
| for them. whatever you think about passwords vs biometrics, the
| fact that I literally cannot choose is ridiculous and a massive
| oversight
| r00fus wrote:
| Biometrics or your device passcode. My mom has a touchid phone
| (won't get the faceid due to paranoia) and she gives up on it
| during winter when her fingers get cracked due to the heating.
|
| So when she logs into the device it always falls back to device
| passcode.
|
| I am frustrated they won't allow you to do both bio+code,
| because that would prevent my kids from flashing my pilfered
| phone in my face to get it to unlock then running away.
| great_psy wrote:
| I have been using the Apple manager since LastPass got hacked
| recently.
|
| Hot take , but ... I like the lack of integration in other
| operating systems/ browsers.
|
| I see my phone as a Secure Enclave, and my passwords should be
| disconnected from potentially insecure systems. I see the phone
| as those keychain one time passwords where you have to press a
| physical button to get a key.
|
| Is it inconvenient to get a password, yes. But it offers the
| piece of mind that I only have to worry about iPhone/Apple
| exploits, instead of chrome+firefox+windows+Linux+Apple+iphone.
|
| I don't think in this case Apple is not doing the integration
| because of this security feature, but I think it is a feature non
| the less. Of course you can always choose not to install the
| extensions even if they existed, but the point is that if they
| existed it would lower security.
| imwithstoopid wrote:
| don't lose or break your phone....
| great_psy wrote:
| I have my old iPhone with no sim that I mostly take to the
| gym to protect the new one.
| InCityDreams wrote:
| >I have my old iPhone with no sim that I mostly take to the
| gym to protect the new one.
|
| What is the other one doing in the gym, unprotected?
| great_psy wrote:
| One at home, one with me for Spotify in my pocket.
| efdee wrote:
| How do you access your passwords on your new iPhone from
| your old iPhone?
|
| Oh, they're stored online? There goes your entire "secure
| enclave" argument ;-)
| MBCook wrote:
| iCloud solves that.
| whitewingjek wrote:
| Unless Apple ever starts following Google's lead to ban
| accounts for any infraction and you don't store backups...
|
| Not saying Apple is doing that now, but I imagine it's not
| outside the realm of possibility.
| great_psy wrote:
| We can use the same argument for any other cloud password
| manager. If google/Apple blocks my access, well it's
| those services I am trying to log into in the first place
| so the point is moot.
|
| Also I have recovery keys for the more important accounts
| printed and stored in a safe box.
| whitewingjek wrote:
| I agree, perhaps I should have emphasized that my point
| of view is that anyone should back up anything stored on
| the cloud.
|
| Which I'm glad to know you can at least do with Keychain
| [1], although I use Bitwarden myself.
|
| [1] https://support.apple.com/guide/keychain-
| access/import-and-e...
| rpgbr wrote:
| Except password managers that YOU need to take care your
| vault, like KeePassXC.
| great_psy wrote:
| I used keePass before LastPass, but the issue was with
| keeping the file synced. I had it in Dropbox and I was
| able to open it no problem from the phone, but making
| updates from phone was a challenge. Maybe I was not using
| a good app but it was a hassle to keep it synchronized.
|
| But anyway, somebody could cut off your access to
| Dropbox, but it's less of an issues since you have a
| backup.
| rpgbr wrote:
| I simply don't sync my vault. I don't add or change
| passwords very often, so I treat the vault in my computer
| as a "main copy" and once a week, during my backup
| routine, I copy the current vault to my phone. Never had
| an issue.
| ex3ndr wrote:
| Not really, you need another device to share icloud
| keychain
| MBCook wrote:
| Nope. Buy a new iPhone, sign in, it's all back.
|
| It's useful even in non-multi-device scenarios.
| makeitdouble wrote:
| Thing is, even within these constraints it has rough edges.
|
| If you have two accounts (let's say a personal one and
| work/family/org one), getting passwords for the second account
| will just be a PITA.
|
| Same issue of course if you need someone else's password (e.g.
| your spouse's hotel reservation account's password)
|
| Trying to work this around means you'll either be asking
| people's passwords other the phone or other means, or you'll
| often switch between accounts and will want lower security on
| the account themselves as the identification process get old
| very quick. Basically, these limitations are not without impact
| on security and how people will deal with them.
| rpgbr wrote:
| This was precisely what drove me off Apple password manager. If
| your iPhone were compromised, such as in those iPhone unlocking
| scams[1] (something quite common here in Brazil at least since
| 2021), it's game over for your entire password database.
|
| I've been using KeePass apps (MacPass on macOS, KeePassium no
| iOS), with a different, unique master password, unlogged by
| default on iPhone, plus DB locks automatically after 10 minutes
| of inactivity.
|
| Maybe I'm way off, but it seems safer to me.
|
| [1] https://www.wsj.com/articles/apple-iphone-security-theft-
| pas...
| lxgr wrote:
| Absolutely. Given these reports, Apple's security model isn't
| close to being sophisticated enough to warrant trusting them
| with passwords or (even more critically, arguably) WebAuthN
| passkeys.
|
| I recently saw it with my own eyes as a family member was
| able to reset their iCloud password and gain full access to
| their account on a new device, including iCloud Keychain,
| using _nothing but their iPad and the corresponding unlocking
| code_. No iCloud password, no SMS-2FA (not that it would help
| much in the case of a stolen iPhone), nothing else.
| great_psy wrote:
| Can you explain how this hack would work ?
|
| Would someone need to steal two of your devices ?
|
| I was under the assumption that you need to be logged in
| with touchid/faceid/pin code to get the unlock code
| lxgr wrote:
| The attack in this case would be somebody shoulder-
| surfing your PIN and grabbing your device.
|
| They then have everything they need to take over your
| iCloud account (kicking you out of it in the process by
| resetting all other devices capable of resetting it) and
| can see all your passwords stored in it, as well as use
| all of your WebAuthN passkeys.
|
| I'm not sure if having a recovery code would improve that
| situation, but I'd guess that many people don't.
| great_psy wrote:
| Ah ok, yes the shoulder surfing is definitely a problem.
|
| Hard to mitigate somebody looking over your shoulder,
| this is the case with most password managers, but I
| understand why this is a more likely scenario.
| lxgr wrote:
| In a semi-safe situation (e.g. on busy public transit or
| in a crowded place with people behind me), I do sometimes
| unlock my password manager using Face ID to access a
| website, but I'd never enter my passphrase if the
| biometric unlock fails.
|
| If somebody watches me enter my passcode and then rips
| the device out of my hands and runs off with it (assuming
| the password manager is not open), they now have access
| to most of the content on my phone, but importantly not
| the parts protected by Face ID, which includes the
| password manager.
|
| If I had used Apple's password manager instead, they'd be
| able to recover _all_ passwords (using the tactics
| described above or simply enrolling their own face in
| Face ID, which is possible using only the passcode).
| joshvm wrote:
| I have an iPhone and while I understand that Face ID
| probably has fewer false positives than fingerprint
| recognition, I really miss the physical rear sensor on my
| Pixel 2. I don't know what the collision rate is, or how
| easy it would be to break if someone stole the phone, but
| it was a really great user experience: haptic feedback is
| good, it was/is incredibly reliable at unlocking and it
| was useful because you could pass your phone to a
| partner/passenger in a car and unlock without looking
| (i.e. no more unsafe than changing the cabin temp) and no
| need to share your pin if with a stranger. I think the
| only time it failed was after climbing with chalky
| fingers.
| balderdash wrote:
| If you reset/create an alternate appearance for faceid
| does that force a manual login for the services that use
| it? Because your device passcode lets you change all the
| faceid stuff... too lazy to mess around with it myself
| lxgr wrote:
| Apps can choose [1] to tie have keys to the current set
| of enrolled biometric credentials (i.e. faces or
| fingers), and at least my password manager does that, as
| far as I remember from some testing.
|
| Some apps don't, and some even react really poorly to a
| change of the biometric set (i.e. crashing at every Face
| ID use with no way to reset other than reinstalling), so
| I'm also not too keen on testing this on my main device.
|
| One thing that surprised me during my limited testing was
| that Apple apparently doesn't make use of this capability
| for storing the "encrypted notes" passphrase, which
| effectively also reduces the security of that to that of
| the device passcode.
|
| [1] https://developer.apple.com/documentation/security/se
| caccess...
| tokamak-teapot wrote:
| I saw advice here a while back about using Screen Time to
| block PIN and Account updates. This gives you a separate
| PIN to protect those, so theoretically if someone
| shoulder surfs your phone PIN they can't take over your
| iCloud account.
| rpgbr wrote:
| I use this trick. It's an added layer of security,
| although a weak one -- Screen Time PIN is four digit-
| mandatory -- and a workaround -- as in: not made for
| security purposes.
| __david__ wrote:
| Incidentally this is the method my 6 year old nephew used
| to reset his mom's Apple ID password so he could make in-
| app purchases. He figured it out on his own and then spent
| $3000 in a couple days. His mom had been very careful with
| her password but when he wanted a code on his iPad she
| thought it was harmless--she certainly never expected that
| he could get all the way to changing her password with
| nothing more than the lock code! Took her months to sort it
| out.
| isoprophlex wrote:
| What the actual flying fuck, the apple password thing supports
| TOTP! That's great! (And a sad testament to how poorly the
| discoverability is on some ios features)
| dwaite wrote:
| Not just that, they will detect QR code images to work around
| sites which assume that TOTP is only available by scanning your
| desktop screen from your phone.
| matt-attack wrote:
| Can you provide an example website that uses this technology?
| Not sure I've ever encountered one.
| [deleted]
| Gigachad wrote:
| Uh, basically all of them? They all show a QR code and
| never show you the secret which you could copy in to your
| password manager.
| kitsunesoba wrote:
| Step Two[1] also does this, which is one of the reasons I've
| been using it for TOTP for the past few years. Nice to see
| that the built-in TOTP support can do that now too.
|
| [1]: https://steptwo.app
| brycedriesenga wrote:
| Isn't it considered not great to do TOTP and password storage
| in the same place?
| izolate wrote:
| I switched to Apple's password manager after being burned by
| Twilio Authy's inability to retrieve the 2FA setup codes. I wish
| they had made this lock-in more clear.
|
| Overall I'm happy with my decision. I'm now even using Safari
| over Chrome full-time because it has the benefits 2FA autofill.
|
| Only thing missing is a dedicated app, but I have Apple Shortcut
| that works well enough in the meantime.
| mperham wrote:
| It seems apparent that Apple are investing in Passkeys as the
| future and passwords are legacy infrastructure in a sense.
|
| https://developer.apple.com/documentation/authenticationserv...
| yomyogd wrote:
| There's bitwarden that does it all, cross-platform and completely
| free.
| hnrodey wrote:
| I tried going all-in on using iCloud Keychain (correct term?) for
| my passwords from having previously used LastPass.
|
| In short.
|
| 1. The experience on Windows is terrible. They can claim it's
| cross-platform but it's truly a sub-par product.
|
| 2. On Mac it's tied specifically to Safari. I use Safari a lot
| but if I'm in a different browser then my passwords are
| unavailable.
|
| 3. The GUI is buried in System Settings. Heaven forbid you need
| search it's only a simple 37 clicks away!
|
| I think those were my big complaints. If you are 100% Mac then
| it's a good product. Going outside of the walled Apple garden
| leaves a lot to be desired.
| chakintosh wrote:
| > 1. The experience on Windows is terrible. They can claim it's
| cross-platform but it's truly a sub-par product.
|
| Ditto. Why do I have to replace my Windows login password with
| a "PIN" code that's the same as the iCloud Keychain PIN !?
| That's super weird!
| grammers wrote:
| Sounds like vendor lockin is the aim here, not being fully
| cross-platform without any hassle.
| baby wrote:
| I use chrome to manage passwords on all my devices, it works
| well except for apps. When I'm trying to get a password for an
| app in iOS, I just switch to chrome to get the password. Same
| if my password was from registering from an app and I'm in
| Chrome. Rinse and repeat and now my passwords are in both
| password managers.
|
| As for TOTP, if I lose my phone I don't know what will happen.
| manigandham wrote:
| Settings > Passwords > Password Options > AutoFill Passwords
| + Allow Filling From Chrome
|
| Most apps can use passwords from Chrome just fine, and you
| can also quickly open the native passwords window when
| encountering a password field using the key icon.
|
| For TOTP, use apps like Authy which can be installed and used
| from multiple devices.
| gameshot911 wrote:
| Awesome - thanks for sharing!
| [deleted]
| notlukesky wrote:
| [dead]
| mcculley wrote:
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| I just learned that this GUI exists. I have been using
| /System/Applications/Utilities/Keychain Access.app for years to
| deal with passwords.
| alexjm wrote:
| Same. And now I'm trying to figure out if there's any
| advantage to using the UI in System Settings instead of the
| app I already know.
| Mandatum wrote:
| Me too. Now to try and figure out if I can create a Macro to
| launch this.
| waboremo wrote:
| Funny situation, there's another thread I was replying to
| someone who wanted to shift back to native apps instead of
| cross plat electron apps (for performance reasons).
|
| Well, Apple Passwords on Windows is a good example of how that
| turns out in reality. I believe it's using WinUI. While the
| performance is nice, the experience is entirely unlike what you
| get on Mac and winds up making you wish you were using another
| service entirely.
| steve1977 wrote:
| Apple had (has?) Cocoa ported on Windows actually, so
| whatever they could so on macOS, they could do on Windows as
| well. Cocoa as such _is_ cross-platform.
| marvel_boy wrote:
| Any link to the port of Cooca to Windows?
| PlutoIsAPlanet wrote:
| Looking at the Apple Music app for Windows quickly, it
| does appear Apple has done some porting of their APIs to
| Windows.
|
| https://i.imgur.com/tdr6XTO.png
| simongray wrote:
| https://forum.winworldpc.com/uploads/editor/82/fnzv4nysse
| mk....
| steve1977 wrote:
| Apart from the already mentioned OPENSTEP for Enterprise,
| see also here:
|
| https://www.stone.com/dev/StonesThrow2/OneFoxTwoFox.html
|
| Basically, it was called Yellowbox, but it didn't
| officially survive the release of Mac OS X IIRC. But
| Apple was at least still using parts of it for some
| Windows ports back then I believe.
| mattl wrote:
| It was a product briefly. OPENSTEP Enterprise. There was
| talk of selling licenses to distribute but that never
| happened
| Karellen wrote:
| > Apple Passwords on Windows is a good example [...] the
| experience is entirely unlike what you get on Mac
|
| If you were a Windows user, why would you want an app that
| acts like a Mac app? Surely the benefit of having a dedicated
| Windows app is that the experience should be like other
| _Windows_ apps.
| waboremo wrote:
| You're not really thinking about it as a "mac app", but
| rather "the service". You expect it to act like the service
| you use on other platforms with all the features you rely
| on.
|
| If I'm using Spotify, I don't think "oh this doesn't use
| windows navigation component from winUI", I immediately
| know where the genre categories are because I've already
| used it on android or linux and expect it to be there. I
| know exactly how to add a song to my library, to shift
| around playlists, to manage folders, everything is as I
| learned it on [other platform].
|
| Design development becomes this duplicated burden where
| every feature now has to go through the ringer twice (or
| more) to fit native components for their respective
| platforms. When you hit limitations on those native
| components, you're now having to make the decision to
| either hold back the feature entirely, or create fragile
| workarounds.
|
| In an alternate timeline native components would have had
| far greater appeal, where people actually hate and boycott
| apps designed otherwise. But we don't. Even on iOS or mac,
| people regularly rely on apps that only vaguely interpret
| their native components. The situation is even worse on
| windows past 7, where the idea of a "windows app" is so
| jumbled there is nothing to "expect" from the experience -
| which is actually part of why I think these unified app
| designs have really taken off.
| oneeyedpigeon wrote:
| > If I'm using Spotify, I don't think "oh this doesn't
| use windows navigation component from winUI"
|
| We're either very different people or we have different
| use cases :) It _immediately_ feels jarring to me to be
| using macOS and suddenly presented with a non-native UI.
| But I only ever use macOS on the desktop, so I don 't
| have this cross-platform issue. What I find strange is, I
| would have thought that was the 99% common case -- it
| seems strange to me to optimise for individuals using
| multiple OSes rather than multiple apps on one OS.
|
| > Design development becomes this duplicated burden
|
| That sounds like an OS flaw if true. Of course, I accept
| that _some_ design will be necessary, even with the
| finest SDKs available to humanity, but it should be _so_
| burdensome that going non-native is seen as the solution.
|
| > Even on iOS or mac, people regularly rely on apps that
| only vaguely interpret their native components.
|
| You're totally right. Every now and again, I say to
| myself "I really must use Safari for the 'more native'
| experience", but I always come running straight back to
| Chrome again.
|
| > The situation is even worse on windows
|
| This was one of the things I liked best about macOS when
| I first migrated -- everything was so consistent, things
| didn't visually clash, etc. I still get the impression
| it's better on macOS, but heck, it's definitely not as
| good as it used to be.
| brycedriesenga wrote:
| >I say to myself "I really must use Safari for the 'more
| native' experience", but I always come running straight
| back to Chrome again.
|
| Have you given Arc Browser a shot yet? It feels pretty
| great. Feels designed for Mac and has its own design
| language at the same time.
| tehnub wrote:
| Not that I disagree with you, but have you seen the new
| Windows app for Apple Music? It definitely feels Windows
| 11-ey, with the animations you'd expect. A notable
| departure from the Mac design, in favor of Windows
| design, is the placement of the back button at the top
| left corner of the window, instead of slightly to the
| right of the top left on Mac.
| porcoda wrote:
| This has been the story of Apple apps outside MacOS forever:
| they appear to always do the absolute minimum to claim
| support, and you end up with a super clunky windows app that
| is terrible.
|
| I doubt they'd do much better using electron: I think their
| development model is that if it isn't on one of their
| platforms, they pump out a minimum-effort, low quality app.
| I'd guess that electron ones would be just as clunky, except
| with a significantly higher memory and CPU footprint.
| waboremo wrote:
| That hasn't really been true. Apple supported iTunes and
| Safari which were great options on Windows. Not just "I'm
| already an Apple fan so I have to use it", but actively
| deciding to use them.
|
| The root of the problem for Apple is that they cannot get
| away with doing what they used to in the past, they already
| have a plethora of platforms within their own umbrella to
| support, adding Windows native to the mix seems to result
| in maybe a handful of developers taking on enormous burdens
| by trying to catch up to their expected Mac apps.
|
| If Apple were to seriously put its weight behind a cross-
| platform toolkit, this might change, especially as they
| want their services to grow. It's the very reason why their
| main service competitors can even compete.
|
| But I agree that if they were to suddenly switch to
| Electron without a care it wouldn't turn out well, but
| likely have a better end user experience than their current
| reveals.
| paulryanrogers wrote:
| So SwiftUI for Windows?
| waboremo wrote:
| Would be very interesting!
| kalleboo wrote:
| For QuickTime for Windows they ported a portion of the
| Classic Mac Toolbox to Windows to make it work.
|
| For Safari Windows they ported a portion of Cocoa.
|
| Having an internal Windows version of SwiftUI would not
| be unthinkable!
| lmm wrote:
| > Apple supported iTunes and Safari which were great
| options on Windows. Not just "I'm already an Apple fan so
| I have to use it", but actively deciding to use them.
|
| No they weren't. They were notoriously awful. Apple
| resorted to bundling Safari with QuickTime to try to get
| you to use it but everyone still hated it.
| [deleted]
| emsixteen wrote:
| Nonsense, iTunes was great and got stick just for being
| iTunes.
|
| 300GB library around that time with no issue at all.
| Smart Playlists made all other players obsolete for me.
| darzu wrote:
| My biggest complaint is that it doesn't keep a history! One
| misclicked "remember password" at the wrong moment (safari
| plugin often guesses password fields wrong) and you've just
| locked yourself out of your bank account. Literally happened to
| me.
| tiffanyh wrote:
| Apple has to tread lightly on not have too robust of
| capabilities, especially for non-Apple ecosystem, since it
| might be consider anti-competitive.
|
| (e.g. Netscape vs Microsoft Internet Explorer)
|
| EDIT: why the downvotes without a reply? If you don't agree,
| why not just respond why so that a health dialogue can occur.
| sbuk wrote:
| As stated by another poster, Netscape vs MSFT was about
| coercing OEMs not to include competing browsers to be pre-
| installed on new systems. Apple could create and give away a
| cross platform password manager without much fear of
| ramifications, unless they exclude _all other_ password
| managers.
| kolanos wrote:
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| Safari > Preferences > Passwords
|
| Would love to have iCloud Keychain in other browsers, though.
| reaperducer wrote:
| _I use Safari a lot but if I 'm in a different browser then my
| passwords are unavailable._
|
| No, it's not. I alternate between Safari, Firefox, and Duck. If
| a password I use in Safari isn't stored in Firefox, I copy it
| from the Keychain program and paste it into Firefox. Firefox
| then asks to save it. No problem.
|
| _The GUI is buried in System Settings._
|
| It has its own program. /Applications/Utilities/Keychain Access
| howinteresting wrote:
| Your workflow is significantly worse than the experience I
| get with 1password.
| NavinF wrote:
| > I copy it from the Keychain program and paste it into
| Firefox
|
| Woah that's the same way I used password managers 10 years
| ago. Even back then it was considered barbaric. I had no idea
| people still lived like that.
| reaperducer wrote:
| I never stated that it was good.
|
| The previous commenter said passwords were "unavailable"
| outside of Safari. I merely demonstrated that his statement
| was false.
| JustSomeNobody wrote:
| That's all by design. They want you 100% on Apple products to
| get the full experience.
| wkat4242 wrote:
| The full experience for their shareholders you mean :P
| yamtaddle wrote:
| > 1. The experience on Windows is terrible. They can claim it's
| cross-platform but it's truly a sub-par product.
|
| Like a lot of other Apple stuff, I'm only able to use it
| because I don't use anything non-Apple for anything "serious"
| that involves a GUI. Windows is for gaming, Linux is my file
| storage and docker-service-running server that I only interact
| with over SSH and Web. Ditto Notes, all their Office-type
| programs, et c. I'd probably be on a lot more Google shit if I
| needed more cross-platform access to that stuff.
|
| > 2. On Mac it's tied specifically to Safari. I use Safari a
| lot but if I'm in a different browser then my passwords are
| unavailable.
|
| Yeah, this is super fucking weird. You'd think this would be
| connected in some fashion to "keychain", but nope.
|
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| IDGAF about clicks because I search my way to everything in
| Apple's settings--what does bother me is that they've made
| search worse in the last couple versions of iOS, and that if I
| type "pass" in search, "Passwords" _isn 't even visible on the
| list_ yet. I can get all the way to "password" and it's still
| the _fourth_ entry. The fucking _name of the screen_ is
| "passwords"! I shouldn't have to get farther than "pas" for it
| to be the first entry on the list, "pass" in the worst-case!
| Even fully typing "passwords" still leaves it as the _second_
| entry (of three) on my device. WTF.
| johnwalkr wrote:
| I use windows almost only for gaming (and CAD) too, and I've
| found that recently that the webapps, especially music and
| notes are good enough, and icloud drive and photos
| integration to windows actually work well.
|
| But yes, passwords is annoying. You can use them on chrome on
| windows but not on MacOS, and on Windows it doesn't work on
| anything but chrome. Speaking of gaming, game launchers on
| windows can't get passwords from Apple and also seem to log
| me out all the time, so I have to revert to using my phone to
| see my password and manually type it in.
| klodolph wrote:
| > Yeah, this is super fucking weird. You'd think this would
| be connected in some fashion to "keychain", but nope.
|
| Other browsers used to be able to use it. I do think it's a
| really thorny issue--"allow this application to access all
| saved passwords?" is a pretty damn scary permission to
| include. Up there with the "allow this application to control
| your computer" permission that is used for accessibility apps
| (which apps can abuse to read passwords, if I understand
| correctly).
|
| Apple's tradition. Make the platform more secure, add an
| exception for first-party apps, and let the other browsers
| fuck off.
| paulddraper wrote:
| Obviously the browser doesn't need to have unfettered
| access.
|
| It just needs to tell the password "hey there's a password
| on wellsfargo.com" and then the password manager asks the
| user if they want to use the password. And maybe give
| access to all passwords.
|
| IDK, what does safari do?
| fwlr wrote:
| Safari pops up a little box attached to the login text
| field asking you if you want to use the password for
| wellsfargo, so it seems like it's asking keychain "do you
| have a password associated with this url?". At least on
| modern MacBooks they also figured out a good UX flow,
| when that box is on screen you put your finger on the
| Touch ID button and it authenticates you, puts in the
| password, and goes to the next field or hits submit.
| shipp02 wrote:
| Isn't this the exact thing that got MS in trouble with
| anti-trust for Explorer? How is apple getting away with it?
| dagmx wrote:
| No. Microsoft got in trouble because they were coercing
| OEMs to not include competing browsers.
|
| Apple has no such problem since they don't have other
| OEMs.
|
| Same deal with why Google got in trouble with the play
| store.
| tim333 wrote:
| Something could pop up saying "Fill password for HSBC
| Bank?" or similar and you click one button.
| musicale wrote:
| > allow this application to access all saved passwords
|
| I'd like to see finer granularity, perhaps multiple web
| password vaults and a mechanism to allow certain browsers
| to use certain vaults.
|
| It might also be nice to specify which passwords could be
| accessed with which kind of authentication. Unfortunately
| the current system password dialog is easily spoofable - it
| really looks like a questionable javascript popup.
| imoverclocked wrote:
| What would that look like? Do you expect a prompt for
| every website you visit (Would you like to allow
| permission for Firefox/Chrome/whatever to view/store your
| password for "abcd.example.com"?) Would the permission be
| tied to the name of the app or the hash of the app? How
| do you securely identify the browser? Signed apps? Signed
| via a developer key -- trust the developer so that you
| can use Chrome as well as Chrome Beta?
|
| The above is not a critique but certainly a list of
| things that lead to the possibility of a repeat of the
| infamous Windows popup for every single action you want
| to do out of the box. This leads to either decision
| fatigue or a pre-programmed "yes, just do it" response
| from the vast majority of users.
|
| I personally think it should be an all-or-nothing type of
| allowance for this reason. Maybe the better way would be
| tracking access to passwords in Keychain. ie:
| Chrome+Safari+Firefox have all accessed your credentials
| for google.com but only Safari has seen your iCloud
| credentials and only Chrome has seen your HN credentials.
| eyelidlessness wrote:
| > Do you expect a prompt for every website you visit
| (Would you like to allow permission for
| Firefox/Chrome/whatever to view/store your password for
| "abcd.example.com"?)
|
| This is pretty much exactly how macOS Safari prompts, and
| has for several years, at least in Touch ID scenarios. It
| shows a suggested username/identity with a Touch ID icon
| next to it, presented just like a normal autofill
| suggestion otherwise.
|
| The per-site prompt and the inclusion of
| username/identity are really good signals, and feel like
| they reinforce the opposite of Windows UAC. They
| definitely gate access in a similarly repetitive way
| which encourages repetitive acceptance. But they
| demonstrate prior authorization that would have to be
| manual at least once at some point before the prompt, and
| you won't be promoted the same way for sites you didn't
| manually authorize first.
|
| It's a good enough signal that I generally use it as my
| first line of defense against phishing/domain spoofing.
| If I don't get promoted for credentials for a service I
| expect to have an account with, I'm immediately
| suspicious. That doesn't mean I automatically trust or
| distrust on that alone, but it's a pretty decent sniff
| test.
| coldtea wrote:
| > _What would that look like? Do you expect a prompt for
| every website you visit_
|
| Why not? It works fine for Little Snitch.
|
| And here it would be even less prompts, as it would just
| be every website I visit && have an login account at.
| otterley wrote:
| It's not unheard of - iOS already provides granular
| permission capabilities for photos. You don't have to
| give all-or-nothing permission to apps to access photos
| anymore; you can now choose precisely which photos the
| app has access to.
|
| I'm looking forward to iOS doing the same for contacts;
| there's no reason why WhatsApp/Telegram/etc need access
| to my entire address book if I just want to call Steve.
| varenc wrote:
| Safari Passwords and 3rd party apps can and do use the
| Apple Keychain on macOS/iOS to store sensitive data. Though
| 3rd parties can't integrate with Safari's password manager.
|
| If you use Chrome Sync with passwords on macOS, Chrome
| actually stores the decryption key in the macOS keychain.
| Just open Keychain.app (/Applications/Utilities/Keychain
| Access.app) and search for "Chrome Safe Storage" to find
| it. That's the decryption key for the actual encrypted
| password/sync data stored elsewhere. (So not possible to
| access Chrome passwords from the Keychain directly)
|
| Safari Passwords (Apple's password manager) also stores
| passwords in the Keychain as individual entries and you can
| access them via Keychain.app. Unfortunately, since they're
| part of the iCloud Keychain not the local login Keychain,
| they appear to be inaccessible with the `security` CLI tool
| which fails in an obtuse way.
| OsintOtter69 wrote:
| [flagged]
| dan-robertson wrote:
| Yeah, I a think other browsers want to be able to test
| whether there is a saved password or not, and get the
| corresponding username, which is quite a big permission to
| give away. For actually filling in the password they could
| maybe offer a pop up where the user must authorise the app
| using biometrics or some other OS-level action. That's
| already the experience with safari.
| coldtea wrote:
| > _Yeah, this is super fucking weird. You 'd think this would
| be connected in some fashion to "keychain", but nope._
|
| It probably very much is. But Google would never add Keychain
| integration when they want to push you to their own password
| manager within Chrome
| birdyrooster wrote:
| I can never tell if Apple is trying to kill macOS, but it's
| things like this that make me wonder.
| keyle wrote:
| >> 2. On Mac it's tied specifically to Safari. I use Safari a
| lot but if I'm in a different browser then my passwords are
| unavailable.
|
| > Yeah, this is super fucking weird. You'd think this would
| be connected in some fashion to "keychain", but nope
|
| No it's not. I don't want some exotic product connect to a
| domain I have passwords in and prompting me for access. The
| password should be tied to the product you used to login
| with.
|
| This is a misunderstanding of keychain vs. lastpass. One is
| designed to remember "safari passwords" or any swift/cocoa
| application implementing keychain. One key feature is: once
| stored in Keychain this information is only available to your
| app, other apps can't see it.
|
| Lastpass and other similar products are designed as a data
| warehouse / vault for you security items. From there, plugins
| in browsers etc. can take over.
|
| I will totally agree with the fact that the GUI is
| frustrating at best.
| Thlom wrote:
| But on iOS I can use keychain from apps to find login
| information that is stored from Safari?
| knodi123 wrote:
| > The fucking name of the screen is "passwords"! I shouldn't
| have to get farther than "pas" for it to be the first entry
| on the list, "pass" in the worst-case!
|
| Weird. "pas" and it was top of the list for me.
| zimpenfish wrote:
| Anecdata: `pas` worked for me in Spotlight, Settings (both
| 13.3 Beta (22E5246b)) and Alfred (4.8 [1312]).
| ulfw wrote:
| When I type just "p" it's the second top most result. When
| I type "pa" it's already the first result.
| yamtaddle wrote:
| Bizarre. That's on iOS for me, searching in the settings
| app itself. I have to type most of "passwords" just to
| get it to show up at all, and some of the ones that are
| showing up instead have only the most tenuous connection
| to the search term "password".
|
| It _used to_ show up for me after a couple letters, in
| the settings app, until a few iOS versions ago, IIRC.
| mh- wrote:
| It "learns" from previous searches.
|
| Which is unfortunate, because it's not very good at it.
| amluto wrote:
| In Spotlight, I need "passw" to see it. In the actual
| Settings search, I also need "passw", and that only gets it
| to #5 in the list.
|
| Also, Spotlight is bizarrely slow finding even local apps
| and things like Passwords. WTF
| eastbound wrote:
| Did you tell it to ignore most local files?
| rrsmtz wrote:
| Wow! Just discovered the Spotlight customization and it
| is so much faster and more useful when you remove certain
| locations and turn off definitions and Siri suggestions.
| amluto wrote:
| That sounds delightful. Sadly, while Apple _documents_
| "Suggestions in Search", and I can even see that option
| when I search Settings for Siri, the option itself is
| missing from the Siri & Search page.
| lttlrck wrote:
| I get the same result as the parent. Search in Settings has
| gotten a lot worse with time.
| hnrodey wrote:
| Yeah, I'm also a heavy user Spotlight Search and it's still
| impossible to get to Keychain settings. I suppose my higher
| level point was that it's damn near impossible to efficiently
| get to the keychain settings.
| ideamotor wrote:
| Alfred?
| metafunctor wrote:
| Not impossible at all. For me, [?]-space, then typing pass
| is enough for Spotlight Search to suggest the Passwords
| section in System Settings.
| AdamN wrote:
| Step 63 of Mac setup is optimizing Spotlight by excluding a
| bunch of stuff from being indexed - kind of annoying but
| that's the solution
| [deleted]
| thih9 wrote:
| > The GUI is buried in System Settings. Heaven forbid you need
| search it's only a simple 37 clicks away!
|
| I do: Cmd+space > "keychain" > Enter. Still not ideal but it's
| the fastest method I know. What do you mean, i.e. how do you
| access the GUI from the system settings? I tried finding
| keychain there but couldn't figure out where it is.
| aequitas wrote:
| It's available as "Passwords" in the system settings. I think
| they added it recently to align it with iOS and iPadOS, where
| there is no mention of it being Keychain at all.
| ajmurmann wrote:
| "If you are 100% Mac then it's a good product."
|
| I use 100% ma except for gaming. However, I use other browsers
| as well, so the coupling to Safari is a deal breaker.
| divan wrote:
| > > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| On iOS you can ask Siri "show my passwords". Doesn't seem to
| work on MacOS though.
| zitterbewegung wrote:
| You can make a shortcut that opens passwords.
| [deleted]
| spullara wrote:
| You just run the Keychain Access app on a Mac.
| howinteresting wrote:
| It's not just a good product if you're 100% Apple, it's only a
| good product if you're 100% Apple _and are willing to accept a
| great deal of friction if Apple 's direction no longer suits
| you in the future_. It's a version of what some people call
| "high time preference".
|
| Personally, I was taught to care about the future.
| dwaite wrote:
| They have an export-to-CSV feature. That takes a lot of the
| worry out of hypothetical futures.
| howinteresting wrote:
| Still adds a great deal of friction and makes it harder to,
| say, experiment with an Android phone or a Linux desktop
| for a month. Compare that to 1password which just works.
| jrochkind1 wrote:
| OP is suggesting it's a terrible UI on iOS and Mac too, and one
| of their principle complaints is your #3.
|
| So OP disagree that it's even a good product if you are 100%
| Mac, but are suggesting the functionality is all there, it just
| needs an actually designed UI/UX.
|
| And/But your #2 sounds pretty terrible to me too!
|
| It does not sound like a good product at all.
| maliker wrote:
| I ended up writing an AppleScript to open the Safari passwords
| dialog because I got sick of hunting for the proper dialog. If
| you save it as passwords.command and make it executable it'll
| open the window right up. But yeah, it's a kludge.
| #!/usr/bin/osascript tell application "Safari"
| activate end tell tell application "System Events"
| keystroke "," using {command down} set pass_button to
| (button "Passwords" of toolbar 1 of window 1 of application
| process "Safari") click pass_button end tell
| ikura wrote:
| Don't use System Settings to find passwords, open Keychain
| Access instead, it's much more direct for searching.
| robotresearcher wrote:
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| On Mac, at any time, type: command-space passw <return>
|
| On iOS tap <search> on any home screen, type passw, tap
| suggested result
| mitemte wrote:
| Better yet, using the Shortcuts app for iOS, create a
| shortcut that opens a URL with `prefs:root=PASSWORDS` in
| Safari.
|
| For macOS, you can make the same shortcut open `/Library/Appl
| e/System/Library/CoreServices/SafariSupport.bundle/Contents/P
| referencePanes/Passwords.prefPane`.
|
| A single shortcut can be used to accomplish this, using the
| OS check and an `if` condition.
|
| Then add the shortcut to the home screen as an icon and it'll
| also show up in Spotlight search.
| hnrodey wrote:
| I mean, thank you. Buttttttttt this is an asinine level of
| effort to achieve a workaround for a stock feature on the
| Apple platform. I'd just assume not use it before
| implementing this.
| voytec wrote:
| _Rebuilding Spotlight index..._
| bonestamp2 wrote:
| These are great tips for power users, I love it!
|
| That said, this also proves that for non-power users: it
| needs an app and it needs integration with other browsers if
| it wants to be as easy to use (for most people) as the
| popular password managers.
| yamtaddle wrote:
| On iOS, my _only_ password manager I 've _ever_ used is the
| built-in Apple one.
|
| I just tapped the "search" field on the home screen, and
| typed "passw".
|
| "Top Hit": A store link to the LastPass password manager
| (which I do not and have never used--the button has the text
| "get", it's not installed and doesn't have the cloud-icon for
| previously-installed apps)
|
| From there, it's three suggested Siri web searches:
| "passwords", "password manager", and "password generator"
|
| Then two safari-iconed links (I assume these would search
| with my default search engine in safari?): "passwords on
| iphone" and "passew"
|
| Searching inside the "settings" app is only marginally
| better. It's all much, much worse than it was a few iOS
| releases ago.
| [deleted]
| snowe2010 wrote:
| I learned from this thread that you can actually disable
| all that. I did so and my spotlight searching sped up
| 10-fold and now I only get app results. So much better.
| arrrg wrote:
| Is this you arguing that it's not buried?
|
| Having to access something via a search incantation (or,
| alternatively, a ton of clicks) is not at all easily
| accessible. It's buried alright.
|
| Obviously you can find pretty much anything on macOS and iOS
| via search. That's how it's should be. But that doesn't make
| things accessible or even just visible.
| kenver wrote:
| A shortcut helps
|
| https://www.icloud.com/shortcuts/71fea01c333341878e4355df52c.
| ..
| toxik wrote:
| No results for "passw"
| throwaway290 wrote:
| I write "keychain" usually, it appears after "key" already.
| shagie wrote:
| I've pinned Keychain Access in my tool bar. Finder,
| System settings, Keychain - right at the top.
| dclowd9901 wrote:
| I'm all in for personal web browsing. Safari is a great browser
| basically 99% of the time and having free synced passwords (and
| really any critical data!) between my desktop, phone and
| tablet, I get tremendous value.
|
| For work, I use chrome and chrome password management because
| my company uses gmail.
| AdmiralAsshat wrote:
| > If you are 100% Mac then it's a good product. Going outside
| of the walled Apple garden leaves a lot to be desired.
|
| I think Apple would consider this "working as designed."
| OsintOtter69 wrote:
| [flagged]
| asciii wrote:
| > I think Apple would consider this "working as designed."
|
| _Incoming_ iTunes Password Manager, next event :P
| lozenge wrote:
| With passkeys, now every platform can enjoy this level of
| lock in!
| warning26 wrote:
| Yeah, that's why I'd never touch passkeys. It feels like
| you're basically locking yourself into a weird ecosystem
| that you'll never be able to escape from.
| stouset wrote:
| This is kind of silly.
|
| If you're using hardware 2FA, you should _absolutely_
| have backups. I 've used YubiKeys for years and have one
| in my laptop, one on a keychain, and one in a safety
| deposit box.
|
| Passkeys are _just another instance of this_. I have
| added Passkeys to all of my accounts with 2FA and it 's
| somewhat more convenient (significantly more convenient
| for mobile devices). But every account _also_ has all my
| YubiKeys attached as second factors.
|
| There is no lock-in. And while it's inconvenient and
| annoying to have to add multiple keys to every account,
| that is _already_ the reality if you 're responsibly
| using hardware second factors.
| devman0 wrote:
| This would be less annoying if we could get actual
| federated identity that big players would actually
| accept, as it stands having to fetch a key from a safe
| deposit box every time I register a new account is a huge
| amount of friction.
| jve wrote:
| Microsoft is a big player and here you go:
| https://learn.microsoft.com/en-us/windows-
| server/identity/ad...
|
| I currently have a Microsoft (Work) account that I'm SSO
| logged on.
| stouset wrote:
| It absolutely is. But that's a separate problem entirely
| from "will Passkeys lock me in to the Apple ecosystem",
| to which the answer is an unqualified no.
| rootusrootus wrote:
| I hope not. I'm patiently waiting on 1Password to release
| their implementation of passkeys so I can have it work on
| all my devices, Apple or not.
| stouset wrote:
| Just use Passkeys. Any account that allows 2FA allows
| multiple second factors. You should be setting up backup
| second factors anyway if you don't want to risk getting
| permanently locked out of all of your accounts.
|
| Plus, putting second factors in the same location as your
| first factor (e.g., 1Password) seems to pretty much
| defeat the entire purpose of having a second factor. If
| you're using strong passwords with 1Password, your second
| factor is basically only defending against a leak of your
| password database. If you're storing your second factor
| in that same password database, what are you gaining?
| cstrahan wrote:
| Well, with the exception of AWS, unless something has
| changed recently -- they notoriously only support one
| second factor (i.e. if you use YubiKeys or similar, you
| can only use one).
| stouset wrote:
| Yeah, AWS is the only exception I've encountered :)
|
| But if you have backup second factors ( _you have backup
| second factors, right?_ ) and you're worried about
| Passkey lock-in for whatever reason... just use that
| other second factor for AWS or any other account which
| supports only one.
| JimDabell wrote:
| You can add multiple MFA devices since November of last
| year:
|
| > Now, you can add multiple MFA devices to AWS account
| root users and AWS Identity and Access Management (IAM)
| users in your AWS accounts. This helps you to raise the
| security bar in your accounts and limit access management
| to highly privileged principals, such as root users.
| Previously, you could only have one MFA device associated
| with root users or IAM users, but now you can associate
| up to eight MFA devices of the currently supported types
| with root users and IAM users.
|
| -- https://aws.amazon.com/blogs/security/you-can-now-
| assign-mul...
| withinboredom wrote:
| passkeys isn't supported on linux desktop, at all. and if
| you know how to make it work, please let me know. I have
| to switch to a Windows machine to login with them.
| jorvi wrote:
| Isn't the whole point of Passkeys that you can't ever
| lose them, since they're tied to your biometrics..
| stouset wrote:
| They're not tied to your biometrics. They're stored
| inside the TPM of your device, which is _unlocked_ by
| some form of biometrics.
|
| But if you lose all the devices with your passkeys on
| them, they are gone for good.
| zarzavat wrote:
| I'm super curious what a backup second factor is for the
| average user who has only one device: a phone, that
| sometimes gets lost or is stolen.
|
| Feels like these things are designed by Californians with
| no idea of how the world is.
| stouset wrote:
| If you're in this category, your alternative to Passkeys
| _at all_ is SMS or no 2FA whatsoever. Enabling Passkeys
| does at least ensure that you have a minimum of two
| separate devices so you already do effectively have some
| form of backup of your second factor.
|
| My comment is targeted at someone who is savvy enough to:
| a) care about having "real" 2FA, and b) is concerned
| about lock-in, and c) is extremely sensitive to being
| locked out. For someone like that, you're _already buying
| YubiKeys_ or some equivalent. And if you don 't already
| have some, you're never prevented from using them later.
| crooked-v wrote:
| Reminds of the occasional comment threads on here about
| homeless people permanently locked out of new accounts
| every few months because of stolen devices and the
| growing corporate obsession with forced 2FA, and all the
| replies that amount to "if they didn't want to fuck off
| and die they shouldn't have been poor".
| howinteresting wrote:
| > Plus, putting second factors in the same location as
| your first factor (e.g., 1Password) seems to pretty much
| defeat the entire purpose of having a second factor.
|
| Not quite! 1password itself counts as two factors:
| something you know (the master password), and something
| you have (the additional secret key).
|
| Passkeys in 1password would eliminate phishing as a
| problem.
| stavros wrote:
| Yep, same with BitWarden. That would be fantastic.
| WWLink wrote:
| > I think Apple would consider this "working as designed."
|
| Punishing us geeks who like using multiple different kinds of
| OS on their phones and computers. :(
| michael1999 wrote:
| A limited GUI is also available within Safari on desktop. It is
| a tab under Preferences. It makes working in Chrome bearable.
|
| Agree the UI is terrible in iOS.
| Schiendelman wrote:
| On 3, at least: Apple assumes you'll use search on device. If
| so, it's: 1) Swipe down 2) Type "p" 3) tap autocomplete result
| in "settings" group.
| airstrike wrote:
| But if you search on Mac using spotlight you need to type
| "keychain" smfh my head
| sagarkamat wrote:
| Agree on most of this but Keychain Access IS a standalone app
| on the mac so slightly confused about the comment about it
| being buried in System settings. Its still a pain to go to the
| app and copy a password for non-Safari browsers though.
| arrrg wrote:
| That app is not at all a password manager.
|
| It's a view and editor for all kinds of stored keys. I don't
| think its target audience ever were intended to be some
| random macOS users. That's just not the target group. It's
| about power users that need to access or store all kinds of
| keys.
| leesalminen wrote:
| I just do cmd+space -> type "pass" -> Return -> fingerprint.
| That gets me to my iCloud Keychain. I used to use Keychain
| Access but like the UI of the Passwords tab of Settings more.
| maccard wrote:
| I use 1password. cmd + shift + space opens a spotlight-like
| dialog for 1password. First access requires a fingerprint.
|
| It also works on Windows!
| wmeredith wrote:
| > If you are 100% Mac then it's a good product. Going outside
| of the walled Apple garden leaves a lot to be desired.
|
| This has been the Apple way since the 1980's
| OsintOtter69 wrote:
| Last pass had a major incident recently iirc.
| palata wrote:
| I moved to Bitwarden right after it, and I can't believe how
| much better it is in terms of UX \o/. I whish I had made the
| move years earlier.
| hot_gril wrote:
| 4. New passwords overwrite old ones. Easy to accidentally lose
| passwords in slightly odd situations like logging into an
| account whose password you just reset.
|
| But I like it overall. Even though I use multiple browsers, I
| don't mind treating Keychain as the master DB and occasionally
| copying passwords out of it. Part of this is because I use
| Safari exclusively for the extra important things like my bank.
| Euphorbium wrote:
| 2. Dont know what you are talking about, I use brave and get my
| passwords filled in from keychain. 3. Cmd-space keychain opens
| up keychain
| hnrodey wrote:
| Thank you for sharing that. I was not aware. I will try this
| tonight!
| fitzroy wrote:
| I use this Menubar short cut for Passwords, so it's only 2
| clicks and fingerprint away.
|
| https://www.icloud.com/shortcuts/22133925f3e34579b22951d6593...
| nailer wrote:
| I was about to say the same thing: Apple has a password
| manager? I'd consider Apple Passwords to be less than half a
| password manager.
| AdamN wrote:
| Serious question but what do you use Windows for? I don't know
| alot of people that use Windows anymore so just wondering is it
| a work requirement?
| andrewmutz wrote:
| It's still widely used for gaming
| makeitdouble wrote:
| Went the other route, sold my iPad and went with a Surface
| instead...
|
| the short of it: It's inelegant, there's bugs, the UI is
| half-assed and some aspects are straight hostile (default
| widgets etc.). But it's an actual generic computer. Most task
| you assume you could do with a computer, there will be a way
| to do it.
|
| It might take some efforts to get to a decent setup, but the
| walled garden was also a PITA, so all in all, I felt my time
| is better invested in making windows a nice place than the
| endless fighting of Apple on iOS.
|
| As a halo effect, I'm kinda thinking about moving to Windows
| on my main computer as well on the next refresh cycle...not
| fully decided, but that feels like a viable option.
| ar9av wrote:
| The main limitation of Apple's passwords implementation for me
| is lack of sharing. For accounts that my wife and I both need
| access to, we can have them in a shared location in bitwarden,
| but there's no comparable feature with Apple's. I'll probably
| even start paying for bitwarden so that I can share with more
| than one other person when my kids are old enough to need
| access to them
| followben wrote:
| Yeah, this is a bugbear. FWIW my wife and I "share" keychain
| items by airdropping them to one another as required. It
| works, but nowhere near as nice as having a common record we
| can both maintain.
| lampshades wrote:
| My wife and I do the same and it actually works better than
| sharing because my wife understands how to do it without me
| trying to teach her.
| Jnr wrote:
| I'm using self hosted Vaultwarden (open source implementation
| of the backend) and the password sharing feature is very nice
| to have.
| X-Istence wrote:
| > I use Safari a lot but if I'm in a different browser then my
| passwords are unavailable.
|
| Chrome used to be tied into Keychain but they went their own
| way a long time ago, which is a damn shame.
| vanilla_nut wrote:
| I believe Apple only lets you use certain APIs (like
| Keychain) if you distribute only through the App Store.
|
| That policy has really killed a lot of functionality on
| macOS. I suspect it will cause fiction on iOS when the EU
| forces them to allow alternative install sources.
|
| Personally, it grates me when Apple cripples functionality
| this way to try to keep us stuck in their platform. Can't use
| Firefox with Keychain. You can only view your current Apple
| Card balance on an iOS device -- not even a macOS device. At
| the end of the day, I hate being manipulated so much that it
| actually pushes me _away_ from the platform to see this
| scummy behavior.
| smileybarry wrote:
| > You can only view your current Apple Card balance on an
| iOS device -- not even a macOS device.
|
| That sounds especially annoying. An iPad next to you can
| auto-config itself as the umpteenth monitor of a Mac, but
| macOS can't pull Apple Card balance from your nearby
| iPhone?
| someNameIG wrote:
| Is there a reason Chrome, Edge, and Firefox aren't on the
| Mac app store? I know the yearly dev account costs can be
| an issue for small developers but Google, Microsoft, and
| Mozilla are already paying that as they release apps on the
| iOS App Store.
| [deleted]
| bobbylarrybobby wrote:
| If I had to guess, the review process would just be a
| hindrance to them for nearly no benefit (is there
| anything besides the keychain API that would entice
| them?).
| vanilla_nut wrote:
| I assume it's annoying to jump through hoops and code
| review for every release.
|
| Most macOS users don't use the app store. So directing
| folks there can be annoying for users, or even cause
| problems if they aren't signed into iCloud.
|
| They'd likely end up with either an old version on the
| app store at all times, or with a massive, unpredictable
| day-or-week-long delay waiting for Apple's reviews before
| every release. Small wonder they don't bother.
| JPws_Prntr_Fngr wrote:
| I will always regret being _just slightly too late_ to
| enjoy Apple 's golden era. When, yes, using an iPod meant
| locking into iTunes, but at least you didn't have Tim Cook
| nagging his captured audience into signing up for Apple
| Music Subscription Plus - Now for Families!
| smaccona wrote:
| I guess they want compatibility/password sharing between
| Chrome on Mac, Windows and Linux, which I can understand.
| whstl wrote:
| There seems to be a Google Chrome extension called "iCloud
| Passwords" but it only has two stars, so I don't think you'll
| be positively surprised.
|
| Also, on iPhone it's ok-ish but on Mac the experience is a
| subpar too: Keychain, the app you use to view your passwords,
| feels like a 90s Visual Basic application. Plus you can't
| organize your accounts, and even if you prefix them to "sort by
| name", the special name you give is lost after using it.
|
| On the other hand, I already have other Apple cloud stuff and
| kinda trust them, so I suffer through it. And other password
| managers aren't anything to write home about either to make me
| change :/
| notyourwork wrote:
| +1 to subpar on Mac. iPhone is about the only surface where
| its seamless/smooth. The rest leaves me constantly
| frustrated.
| deergomoo wrote:
| > Keychain, the app you use to view your passwords
|
| Huh, I never realised Keychain showed iCloud Passwords. I
| always just use Safari (which is inconvenient in its own way
| admittedly).
| comex wrote:
| Note that macOS now has _three_ "apps" to view your
| passwords, three different UIs for the same database. There's
| Keychain Access, there's the Passwords section of System
| Settings, and there's the Passwords section of Safari
| preferences (which is the same UI as the pre-Ventura System
| Preferences app's Passwords section).
|
| The other two have even less organization functionality than
| Keychain Access, so this probably doesn't help you, but the
| blog post was talking about the System Settings version so I
| wanted to point it out.
| kccqzy wrote:
| What's wrong with Keychain Access? It hasn't changed its
| appearance since more than a decade. That's a good thing for
| familiarity. Early Mac OS X apps have incredibly good design
| that doesn't waste space.
| 9dev wrote:
| Guess which app is ripe for a Swift UI redesign soon!
| whstl wrote:
| But it does waste a lot of space... there's a lot of
| duplication of keys (which are deduplicated in the iPhone
| app), and with other information (somehow I have hundreds
| of "com.apple.cloudd.deviceIdentifier.Production" in
| there). And I already mentioned organization fails. Plus
| it's kinda insecure as it enumerates your accounts
| exhaustively without asking for a password like
| iPhone/Safari (granted, not a problem specific to this
| app). And the interface to view the passwords is terrible.
| Old and familiar is not synonyms with "good".
|
| However now that comex pointed me to the Password in the
| "System Settings" app, I at least can use it and it's fine
| if Keychain is left as is.
| taylorlapeyre wrote:
| Apple makes a iCloud Passwords chrome extension:
| https://chrome.google.com/webstore/detail/icloud-passwords/p...
| hnrodey wrote:
| Maybe this was it...IIRC the user must also have iCloud For
| Windows installed? It's been several months since I tried
| this setup. For my personal user experience it was
| unacceptable.
| larrik wrote:
| Windows only! It doesn't work on Mac!
|
| I honestly didn't know that was possible before that
| extension.
| animal_spirits wrote:
| Chrome on mac should by default be able to work with the
| Apple password keychain
| rootusrootus wrote:
| No, Google has not implemented support for Keychain in
| Chrome. AFAIK neither has Firefox.
| aequitas wrote:
| They actually removed support for Keychain, Chrome on
| macOS used to support it in the past.
| azinman2 wrote:
| And this annoys me greatly. I want cookies, bookmarks,
| and passwords to be owned by the system. That way I can
| switch between browsers with ease, and that would also
| lower the bar for new browsers to come out.
| mattmcknight wrote:
| I switch between systems more than I switch between
| browsers.
| brycedriesenga wrote:
| Maybe if you're only using devices from one type of
| brand. But what if you wanna access those things on a Mac
| and Google Pixel and an Amazon Kindle. Sure, might not be
| that much of a mix, but I imagine a decent amount of
| people have at least one device from a different brand.
| toxik wrote:
| I absolutely do not want this.
| danudey wrote:
| Agreed. This sounds like a nice user-friendly feature
| until you realize what a colossal privacy disaster this
| would be for any malicious app that the user grants these
| permissions to.
|
| "DerpCo Derpolizer would like to access your stored
| cookies. This allows us to automatically log into your
| DerpCo account!" and then bam, they hoover up your login
| data in an instant and send it off as part of their
| telemetry.
|
| Much better to have a system like (for example) sign in
| with Apple where you can easily click a button to have
| the system authenticate you, but no one gets access to
| anything without specifically asking for it.
| ricktdotorg wrote:
| interestingly, Chrome on iOS offers me passwords from
| both the iOS Keychain and Chrome password stores.
| Camillo wrote:
| Meaning it ought to, but doesn't, right?
| hcurtiss wrote:
| And it's slow two star garbage.
| dwighttk wrote:
| It's not great, but the app you are looking for on macOS is
| Keychain Access
| xivzgrev wrote:
| Also, if your phone is stolen / lost and someone can guess your
| 6 digit passcode, then all your passwords are exposed.
|
| That was biggest deal killer for me.
| AdamGibbins wrote:
| Edit: Removed initial comment, confused my iOS faults.
|
| Keychain its current configuration is risky, given its coupled to
| your iPhone password which many people frequently enter in a
| public setting. One shoulder surf followed by a phone theft and
| they've unlocked everything - including your iCloud account
| (which you can change the password on using iPhone password
| only).
| buildbot wrote:
| It needs biometrics or passcode to unlock?
| Jaxan wrote:
| > you can access it when your phone is unlocked without any
| additional authentication.
|
| No you can not. On my iPhone I have to authenticate with my
| finger print or pin code again for the passwords.
| azinman2 wrote:
| If I go to system settings > password on iOS, it then requires
| Face ID to get in. So I'm not sure what you're talking about.
| Under Face ID & passcode you can also require Face ID for a
| password auto fill. So I don't think any of this is correct.
| sabin1001 wrote:
| [dead]
| simonklitj wrote:
| Are you sure? I always have to scan Face ID, whether it's to
| open the "Passwords"-section in Settings or to have it
| automatically paste a password on a website/app. How do I
| access these things without additional authentication?
| robinhood wrote:
| I'm okay to move my photos to Apple. I'm okay to move my music.
|
| But I'm not ready to move my passwords and tie them to the Apple
| ecosystem.
|
| 1password for the win.
| DantesKite wrote:
| I get the impression Apple doesn't want a dedicated app for
| passwords because they don't want people to think about
| passwords.
|
| It shouldn't be something people manage, hassle, or worry over.
| They likely want people to just be able to open their phones and
| have it uniquely identify them seamlessly across a variety of
| sites.
|
| Unfortunately, they're not quite there yet.
| CharlesW wrote:
| > _I get the impression Apple doesn 't want a dedicated app for
| passwords because they don't want people to think about
| passwords._
|
| I think you're right. Ventura's Passwords Settings shows that
| they're in transition away from the archaic Keychain app to
| _something_. My guess is that they 're skating to where the
| puck will be in 2025 when Passkeys are universally supported,
| and for most use cases auth will be automatic.
| ElijahLynn wrote:
| Good point, the end goal is probably some sort of biometric MFA
| solution.
| crossroadsguy wrote:
| Apple needs to fix iCloud (or anything where a sync/etc is
| required) to something that's at least reliable and transparent
| from the 2023 standards! Period. As of now it's so poor if not
| downright broken.
|
| Because without that everything on the software side by Apple
| will just remain glorified things that the fans keep bleating
| about - "just works", "is perfect", "just what I need".
|
| For heaven's sake Apple does a shoddy job of syncing et cetera
| and obscures it from the user in the guise of usability and that
| "Apple knows what users need to do", not what they want.
| pyuser583 wrote:
| Lots of apple "settings" deserve an app.
| thom wrote:
| Gimme something to make family passwords easy (eliminate
| passwords!) Enable Apple ID logins for kids. Throw your weight
| around to move safety settings into some sort of open web
| standard. I've got 1Password but the daily pain of managing a
| family of users with various accounts is just too much right now
| and I would pay almost any amount of money to have a simple
| solution that I never had to think about.
| noizejoy wrote:
| Have you seen this?
|
| https://arstechnica.com/information-technology/2022/10/passk...
| bert2002 wrote:
| The goal is to go passwordless.
| geuis wrote:
| I _really_ want to use Keychain for all of my password
| management. But nothing works.
|
| Like I'm in serious need of a highly secure cross browser/cross
| platform password solution.
|
| On my phone, everything is fine. But I use Chrome on MacOS and my
| Windows desktop. Chrome used to use Keychain on MacOS, but some
| years back Google changed the product to tie into their own user
| accounts. I refuse to sign into a browser itself just to use the
| web.
|
| The iCloud password extension for Windows (chrome/edge)
| absolutely DOES NOT WORK. I have tried getting it to work for the
| better part of a year. Finally gave up and removed the useless
| thing.
|
| I probably dumbly still trust Apple's security policies and would
| prefer to use Keychain as my fits-all-sizes security tool, but
| the combo of product incompatibilities and non-working Apple
| authored software makes it impossible.
| imWildCat wrote:
| Don't put all your eggs in one basket.
|
| Don't put all your passwords into one single software provider.
| cglong wrote:
| I appreciate Apple adding the ability to export your passwords,
| but it's ridiculous it took until 2021 for this to happen.
| sacnoradhq wrote:
| This is unnecessary because it's a problem that's already solved.
|
| - BitWarden - for personal use, stores 2FAs and acts as an iOS
| password source. (The claimed attacks were mitigated)
|
| - Keeper - for enterprise use, stores 2FAs and acts as an iOS
| password source
|
| - Duo - for 2FA for enterprise use with backup text mechanisms.
| Edit: Duo's primary app mechanism is similar to Google Gmail
| app's mechanism of a yes/no popup to approve a 2FA request
|
| ^ The above are cross-platform and extend beyond Apple.
| rtpg wrote:
| I think icloud is pretty decent as a solution, but one thing I
| think is kind of worrying is that it unlocks with the same "key"
| as your phone.
|
| So if someone sees your PIN code, they can not only unlock your
| phone, they can get all of your passwords and change those
| passwords very quickly.
|
| I enjoy 1Password being separate in that regard, and I would
| really like it if the iOS keychain would let you set a separate
| password in that respect.
| Despegar wrote:
| I guess everyone is over the anti-"self-preferencing" policy push
| over the past few years and is back to normal. Sherlocking is in
| fact good.
| mzmzmzm wrote:
| Tangential but I hate that Mozilla abandoned their password
| manager app that uses the sync service they still maintain,
| instead of adding a TOTP/OATH feature and giving people a better
| and more open option than Duo and skeezy password managers.
| OCISLY wrote:
| I still miss Mozilla Lockwise.
| benatkin wrote:
| At least Firefox makes it easy to view your Firefox passwords.
| In Chrome it's nested in settings and the text box where it
| shows the password is tiny.
| Bondi_Blue wrote:
| You can always make a Shortcut to open the Passwords section of
| System Settings. And put that in your dock or wherever.
| cush wrote:
| One word. Liability
| chrisfinazzo wrote:
| I might argue instead that simply having Passwords as another
| item inside Settings is appropriate for what functionality it
| exposes.
|
| It's a feature, not a product, doesn't do everything that
| Keychain Access does in macOS, and doesn't need (or deserve) to
| be in your face all the time.
|
| Do keyboards/wallpaper/voip apps/whatever really need to have
| their own app icon on your homescreen? Probably not, but Apple's
| conditioned us over the course of 15 years that all apps have
| icons you can see - a view at odds with things like Fantastical
| and SwitchGlass, which are really "apps that run in your menubar"
| and can be used without a Dock icon at all.
|
| iOS doesn't have the concept of "Utilities" within
| "/Applications" like macOS does, but maybe it needs to in order
| to address this class of app which has such a specific focus.
|
| After 15 years, are we at a point where some of the early
| affordances aren't neccessary anymore?
| HeavyFeather wrote:
| Do you really need to go back to your car, open your trunk, get
| the wallet just to show your ID?
|
| Passwords are my ID, sometimes I have to enter them onto
| another computer or app or just share them with someone; I
| shouldn't need to hunt my ID in the trunk of my car.
|
| Keychain Access did this right decades ago, so there's some
| logic behind it. The issue is that the app is not built for
| this decade and its UI is lacking.
| rohan_ wrote:
| >(And it all syncs across your devices, for free?!)
|
| IMO the worst part about apple keychain is they can't be used
| with Chrome (the most common browser for mac!)
| apike wrote:
| I too find this frustrating, but I'm curious about the claim
| that Chrome is the most common browser on Mac. I sometimes see
| this claim, but I struggle to find any data to back it up.
|
| The US government web analytics
| (https://analytics.usa.gov/data/), which seems like a
| reasonable source for general usage in the US, show Safari
| substantially ahead of Chrome on Mac.
|
| Have you seen any sources that show Chrome ahead of Safari on
| Mac for a general audience?
| fckgw wrote:
| You can, Apple has an extension for iCloud Keychain.
|
| https://chrome.google.com/webstore/detail/icloud-passwords/p...
| rohan_ wrote:
| Windows only
| snowwrestler wrote:
| > iCloud Passwords is a Chrome extension for Windows users...
| sargun wrote:
| I believe this is as much on the Chrome side as it is on the
| Apple side:
| https://bugs.chromium.org/p/chromium/issues/detail?id=312105
|
| Chrome could access those natively on Mac, or use the keychain
| as the native backing store, from what I can tell.
| cramjabsyn wrote:
| I agree it could be more polished but there is an app called
| Keychain Access that does give reasonable
| access/search/management of icloud passwords
| mattkevan wrote:
| I've always used Keychain Access to view/manage passwords. If
| they cleaned up the UI a bit it'd do pretty much exactly what
| Cabel is talking about here.
| teeeg wrote:
| i would prefer icloud keychain allows an alternative password - i
| refrain from adding some credentials to the keychain since my
| passcode is easy to steal?
| isleyaardvark wrote:
| Reading other comments in this thread and I feel like I am
| taking crazy pills. There was a big article that I thought a
| lot of people had read and would realize having passwords saved
| under an iCloud account is a recipe for disaster, since only a
| phone passcode is necessary to gain full control of an iCloud
| account.
|
| https://news.ycombinator.com/item?id=34984821
| thiht wrote:
| I'd never use a password manager built by Apple for the same
| reason I don't use Chrome's password manager or Firefox's
| password manager. All these passwords managers have strong
| incentives for "working best on <platform>(tm)". I want a
| password manager independent from any platform like Bitwarden or
| 1Password, because it's actually valuable for THEM to target all
| the platforms they can.
| [deleted]
| HeavyFeather wrote:
| The problem is that the integrated managers really do work best
| on platform, i.e. alternatives aren't nearly as well-
| integrated.
|
| So here I am using Safari on my computer and phone.
| sowbug wrote:
| I don't understand. Chrome and Firefox don't have platforms.
| Which means they run pretty much everywhere they're allowed to.
|
| Apple is the only one of those three that restricts their
| software to hardware that only they sell. So in that case I do
| understand your position.
| thiht wrote:
| A browser is a platform. I have no easy way to use passwords
| saved in Chrome in Safari for example.
|
| It matters to me because I use Firefox and Chrome on my work
| desktop, Safari and Firefox on my personal desktop, and
| Safari on my phone. And I want the ability to switch browser
| easily.
|
| Same goes for Apple passwords, I still use Windows for some
| games, and I want to access my passwords easily.
| HeavyFeather wrote:
| > they run pretty much everywhere they're allowed to.
|
| Yep, they're allowed to run on Chrome, that's Google's
| platform.
|
| Good luck using your Chrome/Google passwords outside
| Chrome/Google apps.
|
| Firefox at least does (or used to) offer a Lockbox app to use
| the password on your phone.
| kernal wrote:
| Setting up TOTP on an iPhone. I had no idea it could do this.
|
| https://support.apple.com/en-ca/guide/iphone/ipha6173c19f/io...
| abraxas wrote:
| If Apple password manager is anywhere as well thought out as
| their 2FA for Apple TV then I don't want to come next to it
| within 10 light years.
|
| Every time it asked me to either "confirm on your iPad" (I have 3
| of those around the house) or "confirm on your iPhone" (I have 0
| of those) I was ready to hurl shit. SMS option buried in some
| dark pattern, of course.
|
| If these companies want to encroach in the secrets management
| space they really need to hire more qa and test more than a
| single happy path. The number of failure modes in these systems
| is astonishing for the billions of dollars these companies can
| throw at the problem.
| Tepix wrote:
| I suggest you move to Ross 248, which is a mere 10.3 light-
| years away. However, 32000 years from now it will be the
| closest star to our sun at 3.024 light-years so keep that in
| mind!
| twobitshifter wrote:
| I think there's a setting for that in setup. Is your problem
| that Apple thinks you have a iPhone or that you have to
| interact with the tv on a second device?
|
| As with all things apple when you buy in you get the best
| experience. That feature on AppleTV works really well with an
| Apple Watch.
| capableweb wrote:
| Which really sucks and puts you off from getting more Apple
| devices if you're a person who slowly buys into the ecosystem
| rather than go all-in without testing things.
|
| Personally, I was a fan of Apple laptops between something
| like 2010 - 2015, but after that I just couldn't deal with it
| anymore, as I had a Android phone and nothing else Apple.
|
| Fast forward to 2019, Apple finally releases a phone that
| fits in my tiny hands, so I get a iPhone 12 Mini, thinking
| that the CarPlay experience will be loads better than Android
| Auto on a measly Moto G.
|
| But holy smokes if I wasn't wrong, CarPlay is a UX disaster
| and I can't wait for the iPhone to break somehow or get too
| slow because of OS upgrades, so I can justify buying a new
| phone again.
|
| Just the simple fact that a phone calls covers the entire
| screen (which I use for GPS) seems like such a simple use
| case that they somehow missed, that I just wanna bin the
| entire system and I'll never buy Apple hardware for daily use
| again.
|
| I still have to use Apple laptops for software I release, but
| every time, I'm reminded how great the UX used to be, but how
| far they have fallen. Really sad to see. Windows is no better
| either, each version gets worse and worse...
| teabee89 wrote:
| I will tell my family to use iCloud Keychain the day when it
| works across all major browsers and OSes. Or at least that they
| provide an API to sync with other password managers.
| twobitshifter wrote:
| Anyone know how to use Microsoft otp with another app?
| galad87 wrote:
| They already have an app, Keychain Access, but for weird reasons
| they integrated the new features into System Setting instead of
| expanding the existing app.
| waboremo wrote:
| Fully in agreement here, getting people used to Apple Passwords
| can be a task purely because it's stuffed into settings.
|
| Would like to see them in the process of transitioning it away
| from settings, also include the ability to change the name of the
| entries. Multiple URLs per login would be great too (or even a
| linking of separate entries). Think these are the biggest things
| keeping many general users still relying on the likes of
| 1Password/Bitwarden, which is where I disagree with the writer
| here, I think third party password tools should be replaced by
| sane defaults as soon as possible outside of niche cases.
| sholladay wrote:
| I don't personally care much whether Passwords is in Settings or
| a separate app. But I do have one problem with it. As far as I
| can tell, you must save a password for a site in order to use the
| TOTP 2FA feature. I don't want my device filling in passwords for
| me because it defeats the purpose of a password being "something
| I know". The 2FA code is more like "something I have" and I'm
| okay with the device filling that in, but not the password.
|
| There doesn't currently seem to be a way to set up only the 2FA
| code for a site.
| shortcake27 wrote:
| The "something you know" is your devices
| pincode/passcode/iCloud password, not the password to the
| website. If you know the password to a website it means you're
| reusing passwords or using a pattern to generate passwords,
| both of which are less secure than randomly generated passwords
| (especially the former).
|
| Of course, nothing is stopping you from saving a bogus password
| either.
| sholladay wrote:
| I don't buy it. Complex, random passwords are great against
| brute force attacks but that's not usually how these things
| play out.
|
| Many password breaches are caused by technical lapses on the
| part of a platform, where password complexity often becomes
| irrelevant. Your password gets hovered up along with everyone
| else's and eventually gets decrypted, and tried en masse
| against other platforms. In this scenario, even a simple
| pattern for passwords is probably enough to prevent the
| problem from spreading, as long as it's not too obvious.
|
| The other way passwords often get compromised is from someone
| looking over your shoulder or key logging, infrared on PIN
| pads, etc. In this scenario, your system is WAY, WAY worse,
| since one password unlocks the kingdom, and that password is
| frequently being used.
|
| As it stands, if someone peeks over my shoulder and discovers
| my phone password, then steals my phone, it's damaging but
| not game over. They can't access any websites.
|
| If I allow my phone password to be the only gatekeeper to
| access everything, IMO that's lousy security.
| muhammadusman wrote:
| I resisted using 1Password for a long time but then once I got
| into the 1P world, it was better than all the alternatives.
| LastPass is unsafe, Dashlane has subpar experience, and all the
| proprietary ones are missing tons of features.
|
| Chrome, Firefox, Apple, I'm sure Windows too, have all their own
| password managers and all of them are hard to use and expect you
| to only have devices in their ecosystem.
|
| 1Password is worth every penny for how well they've kept up with
| updating their apps and their prevalence on all platforms. And
| the 2FA integration is great too!
| sabin1001 wrote:
| [dead]
| dbg31415 wrote:
| Apple would put 0 effort into making the app work across
| platforms and browsers and devices. They're not a good fit for
| this space.
| ajani wrote:
| > Passwords are productivity, not preferences.
|
| Surely passwords are security?
| dwheeler wrote:
| > And it all syncs across your devices, for free?!
|
| Really? My Linux devices? Android? Windows? I don't think so.
|
| I recommend considering one of the _most_ important features of a
| password manager is that it doesn 't force you to use a single
| manufacturer's products forever. Even if you swear undying fealty
| to Apple (or anyone else) today, you might change your mind in
| the future. 1Password, Bitwarden, and others allow me to switch
| PC manufacturer, phone manufacturer, browser, and so on.
|
| I can't tell you how many people used to think "Internet Explorer
| is popular, it'll always be the one and only browser". That did
| not end well.
| sowbug wrote:
| This is as good as comment as any to hang my off-topic thoughts
| on...
|
| I use Chrome's built-in password manager. I always set up
| website security questions with gibberish answers. I wish
| Chrome would give me a field to store those answers. Or, better
| yet, treat them like password fields and autofill them.
| klabb3 wrote:
| This. Wouldn't matter if they had the best UX, and I have both
| an iPhone and a MacBook. First, I want to be able to use my
| Linux and Windows machines like they are first class citizens.
| But more importantly, if I lose my devices I don't want to be
| locked out.
|
| Apple is, to this day, largely unable to recognize that there
| is a world outside their beautiful dystopian garden. I'm sure
| they're drooling about making the MacBooks run iOS so you can't
| use any software that hasn't been scanned and approved. When
| that day comes, I'm out for good.
| geocar wrote:
| > Even if you swear undying fealty to Apple (or anyone else)
| today, you might change your mind in the future.
|
| Changing my mind is easy enough: I can export my iCloud
| passwords to a csv file, and I've done this to transfer a bunch
| of passwords to Firefox Linux desktop.
|
| I'll tell you something though: If Bitwarden leaked passwords
| nothing would happen because America has very weak consumer
| protections, but if Google or Apple leaked passwords, they'd be
| hit in every EU member state for GDPR.
|
| Some of these things are outside of my control, and using a
| password manager is too useful that I think it's worth a little
| risk, but I can't justify trusting any company unless they've
| got some skin in the game, and Bitwarden specifically wants to
| disclaim all liabilities? AgileBits thankfully is in Canada and
| you can at least sue them for what you've paid them in six
| months, but I personally have passwords more important than
| that. Surely there's someone else you could recommend?
| dwheeler wrote:
| LastPass' entire business model was about protecting
| passwords, and passwords still got leaked. Most prople want
| security, not "ability to sue" which is not at all the same
| thing.
| geocar wrote:
| I don't want something just because "most people" want that
| thing.
|
| And I disagree: I think everyone who has been harmed by
| another wants the ability to have their story heard by a
| judge and jury and be cured by the law. Maybe they would
| prefer to not be hurt in the first place, but as you point
| out with LastPass, they may not have that option.
|
| What we _can_ choose is the jurisdiction in which we trade,
| and I would recommend people spend less time navel-gazing
| and more time thinking about what they can be doing to make
| things better for themselves.
| error503 wrote:
| Self-host vaultwarden at the cloud provider of your choice?
| tasuki wrote:
| What is the point of this? Isn't it easier/simpler/better
| to just sync a file with the passwords rather than keep a
| server running?
| monocularvision wrote:
| Am I the only person on Earth that needs sharing of passwords
| among my family? Any time folks bring up password solutions, they
| are always missing this requirement for me.
|
| 1Password is a life-saver in this regards. All my kids have their
| own vaults but for the little ones I have them use a shared vault
| between my wife and me so we have access to their passwords. I
| can also easily share passwords for services like Netflix so the
| kids don't have to bug me.
|
| It has been great for teaching kids about password hygiene (what
| makes for a good password) and management (don't reuse
| passwords!).
|
| And it being cross-platform is great for my older kids with
| gaming PCs.
| rodgerd wrote:
| > Am I the only person on Earth that needs sharing of passwords
| among my family?
|
| No, and it's equally bizarre to me that I can't share selected
| Contacts with my Family account. It would make keeping track
| of, say, the details of my kids' friends' parents.
| e40 wrote:
| 1Password with son, wife, father and mother... life saver.
| marcellus23 wrote:
| > Am I the only person on Earth that needs sharing of passwords
| among my family
|
| No, and the article specifically discusses that use case and
| the fact that iCloud keychain doesn't support it.
| ellisv wrote:
| I agree that is one of the big issues with keychain. You _can_
| share keychain items with people but it is awkward.
| jtbayly wrote:
| Are you referring to Airdrop password and passkey sharing?[1]
| That's the only way I can find other than manual copy/paste.
|
| Also, I very much doubt if I later change the password I
| shared via Airdrop that it will update on the other person's
| device... which is half the point.
|
| [1]: https://support.apple.com/guide/iphone/share-passkeys-
| passwo...
| ngai_aku wrote:
| Yeah, that's how I share with my wife. I don't anticipate
| that it would stay in sync if I updated it, but I can't say
| that I've tried. Do you regularly rotate passwords?
| jtbayly wrote:
| No, but it does happen that passwords get updated, and
| the beauty of 1P is that you just save it, and then
| whoever has it gets the updated one. I share passwords
| with as many as 4 people, so it's practically impossible
| to keep everybody in sync manually.
| probablynish wrote:
| Bitwarden lets you do this with an 'Organization'. Free to
| share things between two accounts, looks like $40/yr to share
| between up to 6 users.
| Jnr wrote:
| Free if hosting Vaultwarden yourself.
| prepend wrote:
| That's interesting. I don't share any passwords with family and
| have taught my kids to share passwords with no one (written in
| a sealed envelope as backup).
|
| I don't like shared passwords although if I really had to, I
| would just enter it once and let iCloud save it to their
| account. Stinks if I have to change the password, but I almost
| never change passwords.
| MobileVet wrote:
| I definitely appreciate the 'security forward' approach...
| but what about end of life planning or general 'dad's in a
| comma and XYZ needs to happen'?
|
| 1Password with a 'parents vault' that my wife and I share has
| been a life changer for coordinating family access to
| important accounts AND ensuring solid passwords are being
| used.
| AdamN wrote:
| My iCloud is set up for end of life (Legacy I think they
| call it?). The recipients would then get iCloud passwords
| and my 1Password vault.
| theshrike79 wrote:
| Coma is not "end of life". So your family must either
| euthanise you or wait for you to wake up to access the
| passwords?
| crimsontech wrote:
| I don't share passwords with family, they all know good
| password hygiene though and use generated passwords for all
| their services. For end-of-life scenario apple does have
| digital legacy https://digital-legacy.apple.com/
| foogazi wrote:
| What about Netflix or Hulu ?
| TheNewsIsHere wrote:
| Speaking as someone who has lost six family members and
| managed four of those estates since 2019, these digital
| legacy features are generally incomplete or developed
| with little view toward reality. Edit: they're often also
| not setup by the user or if they are, they're not
| reliably updated.
|
| Apple's implementation, for example, starts a timer that
| will eventually nuke the account, and it doesn't provide
| access to end-to-end encrypted data. That data
| specifically includes iCloud Keychain, which many people
| use to store their credentials.
|
| I understand the privacy reasons for that, but when we
| die we are leaving behind increasingly large or
| complicated estates of accounts, services, apps, and
| devices with various and sometimes unpredictable
| safeguards. Having a loved ones actual credentials has
| been invaluable every time I've managed an estate.
|
| I absolutely understand what you're saying and I don't
| necessarily disagree with it. But break glass access to
| credentials has proven important in my experience.
| Especially where continuity of that access is relied upon
| by others.
| Saris wrote:
| I've been using bitwarden for that, the vaultwarden server is
| selfhosted which is what I do, or you can buy their fairly
| cheap premium version.
| JenrHywy wrote:
| Same. Bitwarden (with self-hosted vaultwarden) so far seems
| to be a great solution. I had ben using `pass` for many
| years, but the lack of sharing functionality is what finally
| got me looking at other options.
| whalesalad wrote:
| A 1pass team w/ my wife was a huge level-up.
| MobileVet wrote:
| Our company utilizes 1Password, which means all of our
| employees have family accounts. As you said, it is SUCH a
| huge game changer for my wife and me. Honestly don't know how
| / why I didn't pursue such a solution before hand. It was
| always 'let me send you a one time password' or 'I can export
| that key'. What a mess.
|
| Shared vault FTW!
| elbigbad wrote:
| Same, anytime the family creates a new account that everyone
| else should have access to (utilities, streaming services,
| bank information, pass codes, etc) we just create it in the
| shared vault. It's a game changer.
| dhc02 wrote:
| Yep, same here. Honestly can't imagine living without it.
| [Wrings hands as he thinks about 1password's venture
| funding]
| willhackett wrote:
| Not at all. Bring on the shared family iCloud Note. lol
| unilynx wrote:
| You can share folders in Notes
| Jolter wrote:
| Yes, I think the joke is that they don't make a very secure
| "vault" for sharing passwords.
| Hamuko wrote:
| > _Am I the only person on Earth that needs sharing of
| passwords among my family?_
|
| I needed to share my Netflix password back in the day. My
| random alphanumerical 32-character password with special
| characters drove my family up the wall though. But in general,
| passwords are for personal use only.
| vbezhenar wrote:
| I tried to use Apple passwords.
|
| 1. It really hates storing anything but website passwords. I have
| servers with ssh login/passwords. I have bank cards with cvv and
| pins. I have phones with pins. WiFi passwords. And other things
| not fitting to website/username/password.
|
| 2. Not enough fields. I'm ascetic when it comes to storing
| passwords, but it doesn't even have "notes" field.
|
| So experience is subpar. It's possible to emulate some things,
| but in the end I decided to go with StrongBox. It's not ideal, I
| don't like UI, but it has all the functions I need. I also like
| KeePassium, but it's missing sync and mac app.
|
| I know that Apple KeyChain has secure notes, but those are not
| accessible on iPhone, AFAIK.
| kstrauser wrote:
| It does have a notes field now. I'm not sure when that was
| added.
| cmnt wrote:
| It's incredible how Apple make it's users happy to lock-in in
| their eco-system. I don't really know Apple eco-system but it
| seems weird to migrate from tierce app (already well integrated)
| like Bitwarden to keychain. I've lost count of the people who
| have switched from their Music App to Apple Music for no reason
| other than "it's Apple". Apple make good hardware and their eco-
| system seem amazing too, but people should see the advantages to
| be not entirely depedent from a company.
| deergomoo wrote:
| > but people should see the advantages to be not entirely
| depedent from a company
|
| I think you're overestimating how much the average person
| thinks or cares about their computing platforms. They want
| something that works and gets out of the way, and to that end
| having everything come from one company is a feature, not a
| bug.
|
| I mean I consider myself a power user and I still use iCloud
| Keychain purely because I was already using Safari when it
| launched, so it already had all my passwords. I recognise the
| advantages of third-party offerings, but to me they're not
| enough to bother moving all my stuff over.
|
| Similarly I still use a third-party 2FA app because I was using
| it before Apple added it into iCloud Keychain (and also because
| the third-party app has an Apple Watch app and I've grown
| accustomed to reading the codes off my wrist).
| defulmere wrote:
| Every time I see a question like "Why doesn't Apple build $THIS?"
| I assume the answer is "because they'll make more money selling
| 3rd-party $THIS in the app store".
| culturestate wrote:
| _> I assume the answer is "because they'll make more money
| selling 3rd-party $THIS in the app store"_
|
| Apple has a long and storied history of doing almost exactly
| the opposite - any sufficiently popular third-party utility
| either gets bought and integrated (eg Workflow, Dark Sky) or
| Sherlocked (eg f.lux, Watson).
|
| Apple takes a _very_ long-term view of revenue generation, and
| the App Store commissions from $random_app are _way_ less
| valuable to Apple than the LTV of a customer who's locked into
| buying Macs and iPads because of Apple's proprietary version of
| $random_app.
| willhackett wrote:
| I'm all for this, a better cross-platform Keychain app would be
| awesome.
|
| To get my Credit Card details, I need to go Settings > Safari >
| AutoFill > Saved Credit Cards.
|
| To get 2FA / Password details, I need to go Settings > Passwords.
|
| In a lot of cases, they auto-fill without issue. But to manage
| these is a bit of a flimsy process.
| elsurudo wrote:
| I use Keychain Access app, but admittedly the UX there is
| terrible. I wish it was nicer, and also integrated with browsers
| other than Safari.
| tacker2000 wrote:
| The worst thing is when I register a new password to a website on
| my Mac on Firefox and then want to login to the site on my
| iPhone. I literally have to type the (complicated) password again
| so that it gets saved in Keychain.
|
| Why wont Keychain allow Firefox sync? This seems like an
| extremely common use case.
| richardw wrote:
| You should see the horror that is changing your country and phone
| number. I spent weeks hunting around the phone to stop weird
| things from happening. You would think Apple were smart enough to
| say "it looks like you've changed details. Can I update the
| plethora of places I use your number?"
| r0m4n0 wrote:
| I think a few problems imho:
|
| 1)they don't do cross platform software well so they would never
| make a windows app, chrome extension, android integration etc.
| It's either all or nothing which I would never buy into (even as
| an iPhone and mbp user)
|
| 2) there are actually a ton of use cases here that make the
| software actually very complex and high stakes. I'd wager the
| pros don't outweigh the cons. Also apple isn't known for complex
| software with niche use cases. Honestly their current
| safari/iphone password manager is trash
|
| They do a few things well and rely on lock-in and ecosystem
| sylens wrote:
| Even if macOS and iOS are my primary work (and personal)
| platforms these days, I still like a solution that works great on
| Windows, Linux, and Android as well.
|
| I'm pretty happy with 1Password - it does all of the things
| mentioned in this article with more platform support
| ehsankia wrote:
| Exactly, this is why many of the Apple services are useless
| unless you are 110% in their ecosystem. At least Apple Music is
| the _one_ app they somehow made available on Android and
| Windows.
| cglong wrote:
| Apple Music started its life as Beats IIRC, so a good cross-
| plat UX was part of the acquisition. See also Shazam.
| mmmmmbop wrote:
| There's a feature on the AirPods that allows you to enroll
| them in your iCloud account enabling Find My.
|
| All you need to do is connect the AirPods to an iCloud-
| enrolled Apple device, and it will automatically connect to
| that iCloud account.
|
| Oh, but it's not any iCloud-enrolled device, it must be an
| iOS device. Connecting them to my MacBook didn't do anything.
|
| I went into the Apple Store to ask for a solution to that
| problem. They legitimately asked me why I'm buying AirPods if
| I don't have an iPhone -- they're called _Air_ Pods after
| all... Anyway, their proposed solution was for me to buy a
| refurbished iPad for $450 to connect the AirPods to my
| iCloud.
| lfciv wrote:
| I find 1Password to be sort of a pain when signing up for new
| accounts on my iphone - the generate secure password & autofill
| doesn't always work for me - on the web it's great though
| Hamuko wrote:
| I considered 1Password when shopping around for a new password
| manager, but the pricing of the subscription and the fact that
| it was an Electron app killed it for me.
|
| Currently test-driving a smaller alternative with a one-time
| payment.
| kitsunesoba wrote:
| My passwords are split between iCloud on my Apple stuff and
| 1Password doing cross-platform duty.
|
| I've been paying for 1Password for a while, but boy that
| electron app they rolled out with v8 is a clunker... will
| probably keep paying so long as 1Password 7 works but after
| that I'm gonna have to figure something else out.
| AnonC wrote:
| Perhaps this is one of the "user requested features" Apple is
| going to implement in iOS 17 and its cousins? As per a recent and
| vague rumor, Apple is going to add more user requested features
| and is adding them late in the development cycle. [1]
|
| It would be great to have a nice UI for managing passwords, 2FA
| codes, etc. Add password sharing over iCloud and it could be a
| game changer!
|
| [1]: https://www.macrumors.com/2023/03/26/ios-17-to-provide-
| sever...
| Schiendelman wrote:
| I think the reason Apple hasn't prioritized this is that with
| their login with Apple implementations and passkeys, the utility
| of copying/pasting or looking up a password is dropping over
| time.
| aeharding wrote:
| You can make an iOS shortcut to make it appear as an "app"
| (launches keychain manager). I did this for some elderly folk,
| works great.
| hot_gril wrote:
| I've been using Keychain since 2003. Only now am I aware that it
| does TOTP. I've been avoiding TOTP like the plague this whole
| time because I don't trust the other apps not to somehow get me
| locked out.
| hot_gril wrote:
| (Especially Google Authenticator, especially the original
| version where they said it's WAI that you can't transfer codes
| across phones. Keep that nerd stuff away from me.)
| ElijahLynn wrote:
| One problem with that is if a person has a non-Apple product,
| Apple won't build the app cross-platform, so they are even
| further locked into Apple hardware then.
|
| Might not affect that many people. But it would surely limit
| choice for those who don't even know about the lock-in later in
| their lives.
| m000 wrote:
| Any attempted lock-in is guaranteed to attract attention of EU
| regulators.
|
| This is what Apple probably wants to avoid. They won't be
| allowed to play a "Safari" this time (i.e. all password
| managers are allowed, as long as they are a frontend to our own
| password manager).
|
| Also, having the password manager as a separate app, it is
| likely they will be asked to provide a standalone password
| migration API for third party password managers. This would
| make switching to another ecosystem trivial for moms & pops,
| who currently need to deal with CSV import & export* if they
| want to move their passwords out of iCloud.
|
| * Not sure what the situation is ATM, but a few years back
| exporting passwords from iCloud was not directly supported. I
| had to run a third-party AppleScript script to generate a CSV
| to import in another password manager.
| pantojax45 wrote:
| I wish you could add a second password or different passcode on
| top of iCloud Keychain / apple passwords.
|
| I get nervous at how easy it is to compromise all passwords:
|
| 1. Give someone your phone passcode, they can change apple
| account password. P0wned
|
| 2. Have iCloud Keychain on laptop... other user account resets
| password on account. (Or use it on work computer without
| realizing)
|
| 3.
| nytesky wrote:
| Turn on screentime and prevent account changes with a 2nd PIN
|
| Might also limit password changes but unsure.
___________________________________________________________________
(page generated 2023-03-28 23:01 UTC)