[HN Gopher] Apple passwords deserve an app ___________________________________________________________________ Apple passwords deserve an app Author : ttepasse Score : 616 points Date : 2023-03-27 17:55 UTC (5 hours ago) (HTM) web link (cabel.com) (TXT) w3m dump (cabel.com) | aquanext wrote: | My best guess is that Apple won't do it because their plan is to | phase out passwords entirely. That's what that whole FIDO | Alliance (https://fidoalliance.org) is all about. | | And 1Password is part of that too: | https://blog.1password.com/1password-is-joining-the-fido-all... | | I think that ultimately a password tool needs to be available on | multiple platforms, like 1Password. Having it just be on Apple | stuff just isn't gonna work for the many Windows and Linux | machines I begrudgingly have to interact with. | ttul wrote: | 1Password knows that it will take centuries for passwords to | disappear even if a password-less future is already here. | Hamuko wrote: | Passwordless future definitely wasn't here just 1-2 years | ago. The management of WebAuthn Discoverable Credentials / | Resident Keys was so fucking awful on every platform I tested | them on. | | You want to clear your Resident Key for a website on Windows? | Command-line. | CryptoBanker wrote: | Oh god please no | tikkun wrote: | While we're on the subject, other Apple things that deserve an | app: | | Dashboard/status | | - I have a smart lock, and they have their own app, where all it | really does is show the current status of the lock and let me | toggle it. There are quite a few apps like this. It'd be nice if | they could all be condensed into a dashboard/status app that | could just tweak values and show current status. Apple Home | attempts to do some of this. | | Notifications | | - It'd be nice if there was a notifications app, and I could set | most of my apps to deliver their notifications to that app, | instead of me directly. This would reduce notification overload | and distraction. | WorldMaker wrote: | Have you tried Notification Summaries yet? That's sort of like | a "deliver notifications to a separate app". | | In the notifications settings you create at least one Scheduled | Notification Summary. I've currently got ones setup roughly | every four hours during "core daylight hours" for me, plus I | enable the "preview option" to read the next summary early if I | need to. Then you add as many apps as you want to the | Notification Summaries. All of the notifications for those apps | during each time period get rolled up into a single Summary | object in your notifications, only give a notification alert | once for the entire group of them (at the scheduled time), and | don't cause Watch notifications (if that's a | distraction/overload you especially juggle as I do). | | At this point I've even got all my email notifications going | into Summaries (which is why I turned on the preview for the | next summary if I feel like I need a quick glance at recent | email subject lines without opening my email app up). | | It is such a useful tool and not a lot of iOS users discover it | in the settings. May also be an indicator that it could use its | own app because discovery in the Settings app itself is hard. | Maybe the Settings app is just doing too many things now and | needs some sort of reorg or something. | Spivak wrote: | Isn't that first one Home/iHome/HomeKit whatever you wanna call | it? If your lock doesn't support HomeKit there's a good chance | Homebridge does. | alana314 wrote: | They don't make it clear on iOS which password manager you're | using, which hurts both them and other password managers I think. | The worst experience is not knowing where your password is or | which account it's using. I had to turn off all apple password | management in preferences, I've thought about going all-in on | apple passwords but don't think it has all the features I want. | stalfosknight wrote: | That app is called Keychain Access on macOS. | kup0 wrote: | Not sure we want to ask Apple to build more software when they | can't even get the quality of their existing software up to par. | I would be strongly inclined to stick with something less tied to | the platform/ecosystem, like 1Password | Anechoic wrote: | _Keep a "Notes" field where you can add extra data, like 2FA | backup codes, for each password!_ | | I'm not sure if the reference here is to Keychain's "Secure | Notes" or the "comments" field associated with password items. If | the latter, I've found (at least on older versions of OS X/macOS) | that when Safari updates the value of a changed password, it | _deletes_ the comments! I used the comment field to add the | (random) answers to security questions, and got burned on a | couple of sites when I 've needed to do an account reset and lost | those answers. | shagie wrote: | > that when Safari updates the value of a changed password, it | deletes the comments! | | It doesn't change a password, it creates a new one. | | This means if you somehow mangle saving the password (you | thought you updated it, but didn't) the older password is still | in your keychain with the older note and it can still be | retrieved. | 404mm wrote: | One core feature that will keep lot of people from using Apple | Password manager is family setup. Anyone with Apple family knows | how bad it can be when you have dozens or hundreds of shared | passwords between you, your spouse and / or kids. | rootusrootus wrote: | Yep. 1Password has my business indefinitely because of this | requirement. Apple may be building a nice solution for single | people (and perhaps many non-parents), but it's useless for | family use. | aaronharnly wrote: | I follow Ricky Mondello, who works on the Apple password keeper | functionality -- they post interesting tidbits pretty regularly. | | https://twitter.com/rmondello | | https://hachyderm.io/@rmondello | filmgirlcw wrote: | +1 Ricky is the best. They also made a very useful Shortcut [1] | that offers quick access to the Passwords on your Home Screen | or Mac menubar. | | [1]: https://rmondello.com/passwords-shortcut/ | shikshake wrote: | clicking this link throws a bunch of warnings in my browser, | and my university internet blocks me from seeing the actual | website :( | testfrequency wrote: | https://www.icloud.com/shortcuts/cd5b0ec116ee4d1d8654823839 | 4... | sacnoradhq wrote: | That iOS supports multiple password sources from other apps | already largely solves the case of using a cross-platform app | to provide or store passwords. | selykg wrote: | I met Ricky at a WWDC years ago when I was in the password | manager field. What a wonderfully intelligent person. Actually, | several members of the Safari team were present at that meeting | and it was such a great set of people. I kind of miss that part | of that job... | WorldMaker wrote: | It took effort but I finally got my dad to use 1Password | regularly, but my mom would be a lot easier to convince if Apple | just made its own password tools easier to use, especially cross- | platform, including maybe putting a nice app face on it. | | > PPS: I dream of a future where Passkeys could make the password | manager extinct. But it'll take time... | | Passkeys even more so need more of a "curated app experience" to | work right, cross platform. Ironically, it is my impression that | preparing for Passkeys is why Apple finally added that password | explorer to Windows' weird iCloud "control panel". (For a long | time, the only way to use iCloud passwords on Windows was the | awful Edge/Chrome integration.) | w-m wrote: | Tangentially related, something that has slightly inconvenienced | me a few times: Can someone point me to a setting to get Siri to | show me my passwords again, on iOS 16? | | Before, I could ask on an unlocked phone to "show me my password | for GitHub" and Siri would open the settings app with the | password list and show the GH credentials. Now (since iOS 16?) | Siri just refuses to do any request that contains 'password'. | selykg wrote: | You mean Shortcuts? You can have it open this URL: | | prefs:root=PASSWORDS | | You'll want to set up Siri separately as part of it, but you | can definitely do that with Shortcuts. | w-m wrote: | Interesting, thanks! | | What I described didn't need a shortcut before. It was a | vanilla iOS feature. I assume it went away for privacy | reasons with one of the OS updates. And hoped there'd be a | setting to get it back. | gumby wrote: | The nice thing is: the way they implemented this it looks like | you could pretty easily write a 1passwordish mac client as an | interface to the system infrastructure. I say "1passwordish" | because one of the tedious part of a program like that is the | browser parsing to handle all the weird authentication cases devs | write. | | Unfortunately I'm not an ios dev and wonder if it might even be | possible to do the same on ios? I believe there is an API so you | can write _a_ password manager (1password et al use that) but can | you get to the secure system services? | | Edit: I now see who wrote this blog post. Were it straightforward | on ios he probably would have said so. | frutiger wrote: | I am not an expert macOS/iOS developer but I unsuccessfully | played around with the API a couple of times. | | You can't access passwords stored by another app (app | identifiers appeared to be globally unique, e.g. | com.apple.Safari). There was an additional hurdle to | access/store items in the iCloud keychain, though I forget what | exactly. | | This restriction makes sense. | imchillyb wrote: | Until Apple's keychain works reliably across all platforms, I'll | continue to use Dashlane Password manager. | kylehotchkiss wrote: | internally, apple used to have a pretty big 1Password contract - | https://appleinsider.com/articles/18/07/10/apple-looking-to-... | | Maybe they don't want to promote their own too heavily, to allow | 1Password to take on the organizational risk of running a | password manager? (For context, think about your current view of | lastpass vs how you felt about it a year before their leak). | Maybe the internal password management functionality is better | suited to orgs which restrict third party apps? | arghnoname wrote: | 1password has features that are useful in a large corporation | that keychain does not have, particularly around sharing | passwords and password vaults. | | I haven't noticed even minimal credential sharing facilities in | keychain. | dwaite wrote: | WRT credential sharing, you can airdrop credentials to people | on your contacts list. | | But multiple vaults and vault sharing - no such luck. I don't | think they want to deal with the UX confusion of it, | especially since that confusion could lead to someone getting | locked out of things. | immdischt wrote: | The article is informative but failed to describe where to find | Apples password settings / feature while complaining about how | hard is is to find... | cjdoc29 wrote: | I really like Apple's implementation of passwords, passkeys, etc. | But...I had a hard time explaining this to my mom. | | She uses it to generate her passwords and fill-in within Safari | which is great! | | But there's no "Passwords" app, and she didn't know to go into | Settings to reference a password when Safari doesn't recognize a | password field (probably the website's fault). | | 2FA is also a confusing experience, but 2FA is also just | confusing enough for her where Apple isn't really the problem | here. | reaperducer wrote: | _But there 's no "Passwords" app_ | | It's called Keychain Access. | cj wrote: | The problem is Keychain Access doesn't pass the "mom test" | (would you average consumer - e.g. your mom - actually use | it) | Hamuko wrote: | No password manager passes that as far as I'm concerned. | waynecochran wrote: | Keychain Access doesn't pass the "me" test and I have a PhD | in CS. | airstrike wrote: | They don't even know why it's called that | shagie wrote: | Because you can store non-passwords in there too. | | Secure notes, your own signing certificates, keys, root | CAs, and specific self signed certs you've accepted for | SSL. | airstrike wrote: | Still, none of that means anything to the average user. | Searching for "passwords" in Spotlight should also take | you to your passwords | shagie wrote: | Make an alias to Keychain access. Name it "Passwords" and | have that a directory that is indexed by Spotlight (the | Utilities directory under Applications where Keychain | Access is found works fine). | | This will then show up in the launchpad. | https://i.imgur.com/IRPOMC5.png | | Searching for 'pass' in Spotlight does bring up Keychain | access - as that's in the apps list of Keywords... | _however_ the list of apps is _way_ down on the scrolling | https://i.imgur.com/KFUC0G0.png - it found 'password' as | a string in 100 python files that I had to scroll through | first. | shagie wrote: | Since I use it quite a bit for secure notes, I've got it | pinned in my toolbar. From the top down I've got Finder, | System settings, Keychain Access, HomeKit, Launchpad, | Safari... and then other things. | | The thing is, its the 3rd one down. | squeaky-clean wrote: | Isn't Keychain Access MacOS only? It's not available on | iPhone. | pharos92 wrote: | 100% - the current method of access (via settings) is so nu- | intuitve. A real sign of the state of Apple over the last few | years. Customer UX needs to become front-and-centre again. | great_psy wrote: | I have been using the Apple manager since LastPass got hacked | recently. | | Hot take , but ... I like the lack of integration in other | operating systems/ browsers. | | I see my phone as a Secure Enclave, and my passwords should be | disconnected from potentially insecure systems. I see the phone | as those keychain one time passwords where you have to press a | physical button to get a key. | | Is it inconvenient to get a password, yes. But it offers the | piece of mind that I only have to worry about iPhone/Apple | exploits, instead of chrome+firefox+windows+Linux+Apple+iphone. | | I don't think in this case Apple is not doing the integration | because of this security feature, but I think it is a feature non | the less. Of course you can always choose not to install the | extensions even if they existed, but the point is that if they | existed it would lower security. | imwithstoopid wrote: | don't lose or break your phone.... | great_psy wrote: | I have my old iPhone with no sim that I mostly take to the | gym to protect the new one. | InCityDreams wrote: | >I have my old iPhone with no sim that I mostly take to the | gym to protect the new one. | | What is the other one doing in the gym, unprotected? | MBCook wrote: | iCloud solves that. | whitewingjek wrote: | Unless Apple ever starts following Google's lead to ban | accounts for any infraction and you don't store backups... | | Not saying Apple is doing that now, but I imagine it's not | outside the realm of possibility. | great_psy wrote: | We can use the same argument for any other cloud password | manager. If google/Apple blocks my access, well it's | those services I am trying to log into in the first place | so the point is moot. | | Also I have recovery keys for the more important accounts | printed and stored in a safe box. | whitewingjek wrote: | I agree, perhaps I should have emphasized that my point | of view is that anyone should back up anything stored on | the cloud. | | Which I'm glad to know you can at least do with Keychain | [1], although I use Bitwarden myself. | | [1] https://support.apple.com/guide/keychain- | access/import-and-e... | rpgbr wrote: | Except password managers that YOU need to take care your | vault, like KeePassXC. | great_psy wrote: | I used keePass before LastPass, but the issue was with | keeping the file synced. I had it in Dropbox and I was | able to open it no problem from the phone, but making | updates from phone was a challenge. Maybe I was not using | a good app but it was a hassle to keep it synchronized. | | But anyway, somebody could cut off your access to | Dropbox, but it's less of an issues since you have a | backup. | ex3ndr wrote: | Not really, you need another device to share icloud | keychain | MBCook wrote: | Nope. Buy a new iPhone, sign in, it's all back. | | It's useful even in non-multi-device scenarios. | rpgbr wrote: | This was precisely what drove me off Apple password manager. If | your iPhone were compromised, such as in those iPhone unlocking | scams[1] (something quite common here in Brazil at least since | 2021), it's game over for your entire password database. | | I've been using KeePass apps (MacPass on macOS, KeePassium no | iOS), with a different, unique master password, unlogged by | default on iPhone, plus DB locks automatically after 10 minutes | of inactivity. | | Maybe I'm way off, but it seems safer to me. | | [1] https://www.wsj.com/articles/apple-iphone-security-theft- | pas... | lxgr wrote: | Absolutely. Given these reports, Apple's security model isn't | close to being sophisticated enough to warrant trusting them | with passwords or (even more critically, arguably) WebAuthN | passkeys. | | I recently saw it with my own eyes as a family member was | able to reset their iCloud password and gain full access to | their account on a new device, including iCloud Keychain, | using _nothing but their iPad and the corresponding unlocking | code_. No iCloud password, no SMS-2FA (not that it would help | much in the case of a stolen iPhone), nothing else. | great_psy wrote: | Can you explain how this hack would work ? | | Would someone need to steal two of your devices ? | | I was under the assumption that you need to be logged in | with touchid/faceid/pin code to get the unlock code | lxgr wrote: | The attack in this case would be somebody shoulder- | surfing your PIN and grabbing your device. | | They then have everything they need to take over your | iCloud account (kicking you out of it in the process by | resetting all other devices capable of resetting it) and | can see all your passwords stored in it, as well as use | all of your WebAuthN passkeys. | | I'm not sure if having a recovery code would improve that | situation, but I'd guess that many people don't. | great_psy wrote: | Ah ok, yes the shoulder surfing is definitely a problem. | | Hard to mitigate somebody looking over your shoulder, | this is the case with most password managers, but I | understand why this is a more likely scenario. | lxgr wrote: | In a semi-safe situation (e.g. on busy public transit or | in a crowded place with people behind me), I do sometimes | unlock my password manager using Face ID to access a | website, but I'd never enter my passphrase if the | biometric unlock fails. | | If somebody watches me enter my passcode and then rips | the device out of my hands and runs off with it (assuming | the password manager is not open), they now have access | to most of the content on my phone, but importantly not | the parts protected by Face ID, which includes the | password manager. | | If I had used Apple's password manager instead, they'd be | able to recover _all_ passwords (using the tactics | described above or simply enrolling their own face in | Face ID, which is possible using only the passcode). | isoprophlex wrote: | What the actual flying fuck, the apple password thing supports | TOTP! That's great! (And a sad testament to how poorly the | discoverability is on some ios features) | dwaite wrote: | Not just that, they will detect QR code images to work around | sites which assume that TOTP is only available by scanning your | desktop screen from your phone. | matt-attack wrote: | Can you provide an example website that uses this technology? | Not sure I've ever encountered one. | [deleted] | Gigachad wrote: | Uh, basically all of them? They all show a QR code and | never show you the secret which you could copy in to your | password manager. | izolate wrote: | I switched to Apple's password manager after being burned by | Twilio Authy's inability to retrieve the 2FA setup codes. I wish | they had made this lock-in more clear. | | Overall I'm happy with my decision. I'm now even using Safari | over Chrome full-time because it has the benefits 2FA autofill. | | Only thing missing is a dedicated app, but I have Apple Shortcut | that works well enough in the meantime. | mperham wrote: | It seems apparent that Apple are investing in Passkeys as the | future and passwords are legacy infrastructure in a sense. | | https://developer.apple.com/documentation/authenticationserv... | hnrodey wrote: | I tried going all-in on using iCloud Keychain (correct term?) for | my passwords from having previously used LastPass. | | In short. | | 1. The experience on Windows is terrible. They can claim it's | cross-platform but it's truly a sub-par product. | | 2. On Mac it's tied specifically to Safari. I use Safari a lot | but if I'm in a different browser then my passwords are | unavailable. | | 3. The GUI is buried in System Settings. Heaven forbid you need | search it's only a simple 37 clicks away! | | I think those were my big complaints. If you are 100% Mac then | it's a good product. Going outside of the walled Apple garden | leaves a lot to be desired. | grammers wrote: | Sounds like vendor lockin is the aim here, not being fully | cross-platform without any hassle. | baby wrote: | I use chrome to manage passwords on all my devices, it works | well except for apps. When I'm trying to get a password for an | app in iOS, I just switch to chrome to get the password. Same | if my password was from registering from an app and I'm in | Chrome. Rinse and repeat and now my passwords are in both | password managers. | | As for TOTP, if I lose my phone I don't know what will happen. | manigandham wrote: | Settings > Passwords > Password Options > AutoFill Passwords | + Allow Filling From Chrome | | Most apps can use passwords from Chrome just fine, and you | can also quickly open the native passwords window when | encountering a password field using the key icon. | | For TOTP, use apps like Authy which can be installed and used | from multiple devices. | gameshot911 wrote: | Awesome - thanks for sharing! | [deleted] | notlukesky wrote: | [dead] | mcculley wrote: | > 3. The GUI is buried in System Settings. Heaven forbid you | need search it's only a simple 37 clicks away! | | I just learned that this GUI exists. I have been using | /System/Applications/Utilities/Keychain Access.app for years to | deal with passwords. | alexjm wrote: | Same. And now I'm trying to figure out if there's any | advantage to using the UI in System Settings instead of the | app I already know. | Mandatum wrote: | Me too. Now to try and figure out if I can create a Macro to | launch this. | waboremo wrote: | Funny situation, there's another thread I was replying to | someone who wanted to shift back to native apps instead of | cross plat electron apps (for performance reasons). | | Well, Apple Passwords on Windows is a good example of how that | turns out in reality. I believe it's using WinUI. While the | performance is nice, the experience is entirely unlike what you | get on Mac and winds up making you wish you were using another | service entirely. | steve1977 wrote: | Apple had (has?) Cocoa ported on Windows actually, so | whatever they could so on macOS, they could do on Windows as | well. Cocoa as such _is_ cross-platform. | marvel_boy wrote: | Any link to the port of Cooca to Windows? | PlutoIsAPlanet wrote: | Looking at the Apple Music app for Windows quickly, it | does appear Apple has done some porting of their APIs to | Windows. | | https://i.imgur.com/tdr6XTO.png | simongray wrote: | https://forum.winworldpc.com/uploads/editor/82/fnzv4nysse | mk.... | mattl wrote: | It was a product briefly. OPENSTEP Enterprise. There was | talk of selling licenses to distribute but that never | happened | Karellen wrote: | > Apple Passwords on Windows is a good example [...] the | experience is entirely unlike what you get on Mac | | If you were a Windows user, why would you want an app that | acts like a Mac app? Surely the benefit of having a dedicated | Windows app is that the experience should be like other | _Windows_ apps. | waboremo wrote: | You're not really thinking about it as a "mac app", but | rather "the service". You expect it to act like the service | you use on other platforms with all the features you rely | on. | | If I'm using Spotify, I don't think "oh this doesn't use | windows navigation component from winUI", I immediately | know where the genre categories are because I've already | used it on android or linux and expect it to be there. I | know exactly how to add a song to my library, to shift | around playlists, to manage folders, everything is as I | learned it on [other platform]. | | Design development becomes this duplicated burden where | every feature now has to go through the ringer twice (or | more) to fit native components for their respective | platforms. When you hit limitations on those native | components, you're now having to make the decision to | either hold back the feature entirely, or create fragile | workarounds. | | In an alternate timeline native components would have had | far greater appeal, where people actually hate and boycott | apps designed otherwise. But we don't. Even on iOS or mac, | people regularly rely on apps that only vaguely interpret | their native components. The situation is even worse on | windows past 7, where the idea of a "windows app" is so | jumbled there is nothing to "expect" from the experience - | which is actually part of why I think these unified app | designs have really taken off. | oneeyedpigeon wrote: | > If I'm using Spotify, I don't think "oh this doesn't | use windows navigation component from winUI" | | We're either very different people or we have different | use cases :) It _immediately_ feels jarring to me to be | using macOS and suddenly presented with a non-native UI. | But I only ever use macOS on the desktop, so I don 't | have this cross-platform issue. What I find strange is, I | would have thought that was the 99% common case -- it | seems strange to me to optimise for individuals using | multiple OSes rather than multiple apps on one OS. | | > Design development becomes this duplicated burden | | That sounds like an OS flaw if true. Of course, I accept | that _some_ design will be necessary, even with the | finest SDKs available to humanity, but it should be _so_ | burdensome that going non-native is seen as the solution. | | > Even on iOS or mac, people regularly rely on apps that | only vaguely interpret their native components. | | You're totally right. Every now and again, I say to | myself "I really must use Safari for the 'more native' | experience", but I always come running straight back to | Chrome again. | | > The situation is even worse on windows | | This was one of the things I liked best about macOS when | I first migrated -- everything was so consistent, things | didn't visually clash, etc. I still get the impression | it's better on macOS, but heck, it's definitely not as | good as it used to be. | porcoda wrote: | This has been the story of Apple apps outside MacOS forever: | they appear to always do the absolute minimum to claim | support, and you end up with a super clunky windows app that | is terrible. | | I doubt they'd do much better using electron: I think their | development model is that if it isn't on one of their | platforms, they pump out a minimum-effort, low quality app. | I'd guess that electron ones would be just as clunky, except | with a significantly higher memory and CPU footprint. | waboremo wrote: | That hasn't really been true. Apple supported iTunes and | Safari which were great options on Windows. Not just "I'm | already an Apple fan so I have to use it", but actively | deciding to use them. | | The root of the problem for Apple is that they cannot get | away with doing what they used to in the past, they already | have a plethora of platforms within their own umbrella to | support, adding Windows native to the mix seems to result | in maybe a handful of developers taking on enormous burdens | by trying to catch up to their expected Mac apps. | | If Apple were to seriously put its weight behind a cross- | platform toolkit, this might change, especially as they | want their services to grow. It's the very reason why their | main service competitors can even compete. | | But I agree that if they were to suddenly switch to | Electron without a care it wouldn't turn out well, but | likely have a better end user experience than their current | reveals. | paulryanrogers wrote: | So SwiftUI for Windows? | waboremo wrote: | Would be very interesting! | darzu wrote: | My biggest complaint is that it doesn't keep a history! One | misclicked "remember password" at the wrong moment (safari | plugin often guesses password fields wrong) and you've just | locked yourself out of your bank account. Literally happened to | me. | tiffanyh wrote: | Apple has to tread lightly on not have too robust of | capabilities, especially for non-Apple ecosystem, since it | might be consider anti-competitive. | | (e.g. Netscape vs Microsoft Internet Explorer) | | EDIT: why the downvotes without a reply? If you don't agree, | why not just respond why so that a health dialogue can occur. | kolanos wrote: | > 3. The GUI is buried in System Settings. Heaven forbid you | need search it's only a simple 37 clicks away! | | Safari > Preferences > Passwords | | Would love to have iCloud Keychain in other browsers, though. | reaperducer wrote: | _I use Safari a lot but if I 'm in a different browser then my | passwords are unavailable._ | | No, it's not. I alternate between Safari, Firefox, and Duck. If | a password I use in Safari isn't stored in Firefox, I copy it | from the Keychain program and paste it into Firefox. Firefox | then asks to save it. No problem. | | _The GUI is buried in System Settings._ | | It has its own program. /Applications/Utilities/Keychain Access | howinteresting wrote: | Your workflow is significantly worse than the experience I | get with 1password. | NavinF wrote: | > I copy it from the Keychain program and paste it into | Firefox | | Woah that's the same way I used password managers 10 years | ago. Even back then it was considered barbaric. I had no idea | people still lived like that. | reaperducer wrote: | I never stated that it was good. | | The previous commenter said passwords were "unavailable" | outside of Safari. I merely demonstrated that his statement | was false. | JustSomeNobody wrote: | That's all by design. They want you 100% on Apple products to | get the full experience. | yamtaddle wrote: | > 1. The experience on Windows is terrible. They can claim it's | cross-platform but it's truly a sub-par product. | | Like a lot of other Apple stuff, I'm only able to use it | because I don't use anything non-Apple for anything "serious" | that involves a GUI. Windows is for gaming, Linux is my file | storage and docker-service-running server that I only interact | with over SSH and Web. Ditto Notes, all their Office-type | programs, et c. I'd probably be on a lot more Google shit if I | needed more cross-platform access to that stuff. | | > 2. On Mac it's tied specifically to Safari. I use Safari a | lot but if I'm in a different browser then my passwords are | unavailable. | | Yeah, this is super fucking weird. You'd think this would be | connected in some fashion to "keychain", but nope. | | > 3. The GUI is buried in System Settings. Heaven forbid you | need search it's only a simple 37 clicks away! | | IDGAF about clicks because I search my way to everything in | Apple's settings--what does bother me is that they've made | search worse in the last couple versions of iOS, and that if I | type "pass" in search, "Passwords" _isn 't even visible on the | list_ yet. I can get all the way to "password" and it's still | the _fourth_ entry. The fucking _name of the screen_ is | "passwords"! I shouldn't have to get farther than "pas" for it | to be the first entry on the list, "pass" in the worst-case! | Even fully typing "passwords" still leaves it as the _second_ | entry (of three) on my device. WTF. | johnwalkr wrote: | I use windows almost only for gaming (and CAD) too, and I've | found that recently that the webapps, especially music and | notes are good enough, and icloud drive and photos | integration to windows actually work well. | | But yes, passwords is annoying. You can use them on chrome on | windows but not on MacOS, and on Windows it doesn't work on | anything but chrome. Speaking of gaming, game launchers on | windows can't get passwords from Apple and also seem to log | me out all the time, so I have to revert to using my phone to | see my password and manually type it in. | klodolph wrote: | > Yeah, this is super fucking weird. You'd think this would | be connected in some fashion to "keychain", but nope. | | Other browsers used to be able to use it. I do think it's a | really thorny issue--"allow this application to access all | saved passwords?" is a pretty damn scary permission to | include. Up there with the "allow this application to control | your computer" permission that is used for accessibility apps | (which apps can abuse to read passwords, if I understand | correctly). | | Apple's tradition. Make the platform more secure, add an | exception for first-party apps, and let the other browsers | fuck off. | tim333 wrote: | Something could pop up saying "Fill password for HSBC | Bank?" or similar and you click one button. | musicale wrote: | > allow this application to access all saved passwords | | I'd like to see finer granularity, perhaps multiple web | password vaults and a mechanism to allow certain browsers | to use certain vaults. | | It might also be nice to specify which passwords could be | accessed with which kind of authentication. Unfortunately | the current system password dialog is easily spoofable - it | really looks like a questionable javascript popup. | OsintOtter69 wrote: | >allow this application to kidnap you and have your mouth | sewn to an asians mans ass | dan-robertson wrote: | Yeah, I a think other browsers want to be able to test | whether there is a saved password or not, and get the | corresponding username, which is quite a big permission to | give away. For actually filling in the password they could | maybe offer a pop up where the user must authorise the app | using biometrics or some other OS-level action. That's | already the experience with safari. | keyle wrote: | >> 2. On Mac it's tied specifically to Safari. I use Safari a | lot but if I'm in a different browser then my passwords are | unavailable. | | > Yeah, this is super fucking weird. You'd think this would | be connected in some fashion to "keychain", but nope | | No it's not. I don't want some exotic product connect to a | domain I have passwords in and prompting me for access. The | password should be tied to the product you used to login | with. | | This is a misunderstanding of keychain vs. lastpass. One is | designed to remember "safari passwords" or any swift/cocoa | application implementing keychain. One key feature is: once | stored in Keychain this information is only available to your | app, other apps can't see it. | | Lastpass and other similar products are designed as a data | warehouse / vault for you security items. From there, plugins | in browsers etc. can take over. | | I will totally agree with the fact that the GUI is | frustrating at best. | knodi123 wrote: | > The fucking name of the screen is "passwords"! I shouldn't | have to get farther than "pas" for it to be the first entry | on the list, "pass" in the worst-case! | | Weird. "pas" and it was top of the list for me. | amluto wrote: | In Spotlight, I need "passw" to see it. In the actual | Settings search, I also need "passw", and that only gets it | to #5 in the list. | | Also, Spotlight is bizarrely slow finding even local apps | and things like Passwords. WTF | eastbound wrote: | Did you tell it to ignore most local files? | rrsmtz wrote: | Wow! Just discovered the Spotlight customization and it | is so much faster and more useful when you remove certain | locations and turn off definitions and Siri suggestions. | ajmurmann wrote: | "If you are 100% Mac then it's a good product." | | I use 100% ma except for gaming. However, I use other browsers | as well, so the coupling to Safari is a deal breaker. | zitterbewegung wrote: | You can make a shortcut that opens passwords. | [deleted] | spullara wrote: | You just run the Keychain Access app on a Mac. | howinteresting wrote: | It's not just a good product if you're 100% Apple, it's only a | good product if you're 100% Apple _and are willing to accept a | great deal of friction if Apple 's direction no longer suits | you in the future_. It's a version of what some people call | "high time preference". | | Personally, I was taught to care about the future. | dwaite wrote: | They have an export-to-CSV feature. That takes a lot of the | worry out of hypothetical futures. | howinteresting wrote: | Still adds a great deal of friction and makes it harder to, | say, experiment with an Android phone or a Linux desktop | for a month. Compare that to 1password which just works. | jrochkind1 wrote: | OP is suggesting it's a terrible UI on iOS and Mac too, and one | of their principle complaints is your #3. | | So OP disagree that it's even a good product if you are 100% | Mac, but are suggesting the functionality is all there, it just | needs an actually designed UI/UX. | | And/But your #2 sounds pretty terrible to me too! | | It does not sound like a good product at all. | maliker wrote: | I ended up writing an AppleScript to open the Safari passwords | dialog because I got sick of hunting for the proper dialog. If | you save it as passwords.command and make it executable it'll | open the window right up. But yeah, it's a kludge. | #!/usr/bin/osascript tell application "Safari" | activate end tell tell application "System Events" | keystroke "," using {command down} set pass_button to | (button "Passwords" of toolbar 1 of window 1 of application | process "Safari") click pass_button end tell | robotresearcher wrote: | > 3. The GUI is buried in System Settings. Heaven forbid you | need search it's only a simple 37 clicks away! | | On Mac, at any time, type: command-space passw <return> | | On iOS tap <search> on any home screen, type passw, tap | suggested result | mitemte wrote: | Better yet, using the Shortcuts app for iOS, create a | shortcut that opens a URL with `prefs:root=PASSWORDS` in | Safari. | | For macOS, you can make the same shortcut open `/Library/Appl | e/System/Library/CoreServices/SafariSupport.bundle/Contents/P | referencePanes/Passwords.prefPane`. | | A single shortcut can be used to accomplish this, using the | OS check and an `if` condition. | | Then add the shortcut to the home screen as an icon and it'll | also show up in Spotlight search. | voytec wrote: | _Rebuilding Spotlight index..._ | bonestamp2 wrote: | These are great tips for power users, I love it! | | That said, this also proves that for non-power users: it | needs an app and it needs integration with other browsers if | it wants to be as easy to use (for most people) as the | popular password managers. | yamtaddle wrote: | On iOS, my _only_ password manager I 've _ever_ used is the | built-in Apple one. | | I just tapped the "search" field on the home screen, and | typed "passw". | | "Top Hit": A store link to the LastPass password manager | (which I do not and have never used--the button has the text | "get", it's not installed and doesn't have the cloud-icon for | previously-installed apps) | | From there, it's three suggested Siri web searches: | "passwords", "password manager", and "password generator" | | Then two safari-iconed links (I assume these would search | with my default search engine in safari?): "passwords on | iphone" and "passew" | | Searching inside the "settings" app is only marginally | better. It's all much, much worse than it was a few iOS | releases ago. | kenver wrote: | A shortcut helps | | https://www.icloud.com/shortcuts/71fea01c333341878e4355df52c. | .. | toxik wrote: | No results for "passw" | throwaway290 wrote: | I write "keychain" usually, it appears after "key" already. | shagie wrote: | I've pinned Keychain Access in my tool bar. Finder, | System settings, Keychain - right at the top. | AdmiralAsshat wrote: | > If you are 100% Mac then it's a good product. Going outside | of the walled Apple garden leaves a lot to be desired. | | I think Apple would consider this "working as designed." | OsintOtter69 wrote: | gigachad MacOs enjoyer | asciii wrote: | > I think Apple would consider this "working as designed." | | _Incoming_ iTunes Password Manager, next event :P | lozenge wrote: | With passkeys, now every platform can enjoy this level of | lock in! | warning26 wrote: | Yeah, that's why I'd never touch passkeys. It feels like | you're basically locking yourself into a weird ecosystem | that you'll never be able to escape from. | stouset wrote: | This is kind of silly. | | If you're using hardware 2FA, you should _absolutely_ | have backups. I 've used YubiKeys for years and have one | in my laptop, one on a keychain, and one in a safety | deposit box. | | Passkeys are _just another instance of this_. I have | added Passkeys to all of my accounts with 2FA and it 's | somewhat more convenient (significantly more convenient | for mobile devices). But every account _also_ has all my | YubiKeys attached as second factors. | | There is no lock-in. And while it's inconvenient and | annoying to have to add multiple keys to every account, | that is _already_ the reality if you 're responsibly | using hardware second factors. | rootusrootus wrote: | I hope not. I'm patiently waiting on 1Password to release | their implementation of passkeys so I can have it work on | all my devices, Apple or not. | stouset wrote: | Just use Passkeys. Any account that allows 2FA allows | multiple second factors. You should be setting up backup | second factors anyway if you don't want to risk getting | permanently locked out of all of your accounts. | | Plus, putting second factors in the same location as your | first factor (e.g., 1Password) seems to pretty much | defeat the entire purpose of having a second factor. If | you're using strong passwords with 1Password, your second | factor is basically only defending against a leak of your | password database. If you're storing your second factor | in that same password database, what are you gaining? | cstrahan wrote: | Well, with the exception of AWS, unless something has | changed recently -- they notoriously only support one | second factor (i.e. if you use YubiKeys or similar, you | can only use one). | stouset wrote: | Yeah, AWS is the only exception I've encountered :) | | But if you have backup second factors ( _you have backup | second factors, right?_ ) and you're worried about | Passkey lock-in for whatever reason... just use that | other second factor for AWS or any other account which | supports only one. | JimDabell wrote: | You can add multiple MFA devices since November of last | year: | | > Now, you can add multiple MFA devices to AWS account | root users and AWS Identity and Access Management (IAM) | users in your AWS accounts. This helps you to raise the | security bar in your accounts and limit access management | to highly privileged principals, such as root users. | Previously, you could only have one MFA device associated | with root users or IAM users, but now you can associate | up to eight MFA devices of the currently supported types | with root users and IAM users. | | -- https://aws.amazon.com/blogs/security/you-can-now- | assign-mul... | jorvi wrote: | Isn't the whole point of Passkeys that you can't ever | lose them, since they're tied to your biometrics.. | stouset wrote: | They're not tied to your biometrics. They're stored | inside the TPM of your device, which is _unlocked_ by | some form of biometrics. | | But if you lose all the devices with your passkeys on | them, they are gone for good. | zarzavat wrote: | I'm super curious what a backup second factor is for the | average user who has only one device: a phone, that | sometimes gets lost or is stolen. | | Feels like these things are designed by Californians with | no idea of how the world is. | stouset wrote: | If you're in this category, your alternative to Passkeys | _at all_ is SMS or no 2FA whatsoever. Enabling Passkeys | does at least ensure that you have a minimum of two | separate devices so you already do effectively have some | form of backup of your second factor. | | My comment is targeted at someone who is savvy enough to: | a) care about having "real" 2FA, and b) is concerned | about lock-in, and c) is extremely sensitive to being | locked out. For someone like that, you're _already buying | YubiKeys_ or some equivalent. And if you don 't already | have some, you're never prevented from using them later. | howinteresting wrote: | > Plus, putting second factors in the same location as | your first factor (e.g., 1Password) seems to pretty much | defeat the entire purpose of having a second factor. | | Not quite! 1password itself counts as two factors: | something you know (the master password), and something | you have (the additional secret key). | | Passkeys in 1password would eliminate phishing as a | problem. | stavros wrote: | Yep, same with BitWarden. That would be fantastic. | WWLink wrote: | > I think Apple would consider this "working as designed." | | Punishing us geeks who like using multiple different kinds of | OS on their phones and computers. :( | michael1999 wrote: | A limited GUI is also available within Safari on desktop. It is | a tab under Preferences. It makes working in Chrome bearable. | | Agree the UI is terrible in iOS. | Schiendelman wrote: | On 3, at least: Apple assumes you'll use search on device. If | so, it's: 1) Swipe down 2) Type "p" 3) tap autocomplete result | in "settings" group. | airstrike wrote: | But if you search on Mac using spotlight you need to type | "keychain" smfh my head | sagarkamat wrote: | Agree on most of this but Keychain Access IS a standalone app | on the mac so slightly confused about the comment about it | being buried in System settings. Its still a pain to go to the | app and copy a password for non-Safari browsers though. | leesalminen wrote: | I just do cmd+space -> type "pass" -> Return -> fingerprint. | That gets me to my iCloud Keychain. I used to use Keychain | Access but like the UI of the Passwords tab of Settings more. | maccard wrote: | I use 1password. cmd + shift + space opens a spotlight-like | dialog for 1password. First access requires a fingerprint. | | It also works on Windows! | wmeredith wrote: | > If you are 100% Mac then it's a good product. Going outside | of the walled Apple garden leaves a lot to be desired. | | This has been the Apple way since the 1980's | OsintOtter69 wrote: | Last pass had a major incident recently iirc. | palata wrote: | I moved to Bitwarden right after it, and I can't believe how | much better it is in terms of UX \o/. I whish I had made the | move years earlier. | hot_gril wrote: | 4. New passwords overwrite old ones. Easy to accidentally lose | passwords in slightly odd situations like logging into an | account whose password you just reset. | | But I like it overall. Even though I use multiple browsers, I | don't mind treating Keychain as the master DB and occasionally | copying passwords out of it. Part of this is because I use | Safari exclusively for the extra important things like my bank. | Euphorbium wrote: | 2. Dont know what you are talking about, I use brave and get my | passwords filled in from keychain. 3. Cmd-space keychain opens | up keychain | hnrodey wrote: | Thank you for sharing that. I was not aware. I will try this | tonight! | fitzroy wrote: | I use this Menubar short cut for Passwords, so it's only 2 | clicks and fingerprint away. | | https://www.icloud.com/shortcuts/22133925f3e34579b22951d6593... | nailer wrote: | I was about to say the same thing: Apple has a password | manager? I'd consider Apple Passwords to be less than half a | password manager. | X-Istence wrote: | > I use Safari a lot but if I'm in a different browser then my | passwords are unavailable. | | Chrome used to be tied into Keychain but they went their own | way a long time ago, which is a damn shame. | vanilla_nut wrote: | I believe Apple only lets you use certain APIs (like | Keychain) if you distribute only through the App Store. | | That policy has really killed a lot of functionality on | macOS. I suspect it will cause fiction on iOS when the EU | forces them to allow alternative install sources. | | Personally, it grates me when Apple cripples functionality | this way to try to keep us stuck in their platform. Can't use | Firefox with Keychain. You can only view your current Apple | Card balance on an iOS device -- not even a macOS device. At | the end of the day, I hate being manipulated so much that it | actually pushes me _away_ from the platform to see this | scummy behavior. | someNameIG wrote: | Is there a reason Chrome, Edge, and Firefox aren't on the | Mac app store? I know the yearly dev account costs can be | an issue for small developers but Google, Microsoft, and | Mozilla are already paying that as they release apps on the | iOS App Store. | [deleted] | bobbylarrybobby wrote: | If I had to guess, the review process would just be a | hindrance to them for nearly no benefit (is there | anything besides the keychain API that would entice | them?). | JPws_Prntr_Fngr wrote: | I will always regret being _just slightly too late_ to | enjoy Apple 's golden era. When, yes, using an iPod meant | locking into iTunes, but at least you didn't have Tim Cook | nagging his captured audience into signing up for Apple | Music Subscription Plus - Now for Families! | smaccona wrote: | I guess they want compatibility/password sharing between | Chrome on Mac, Windows and Linux, which I can understand. | whstl wrote: | There seems to be a Google Chrome extension called "iCloud | Passwords" but it only has two stars, so I don't think you'll | be positively surprised. | | Also, on iPhone it's ok-ish but on Mac the experience is a | subpar too: Keychain, the app you use to view your passwords, | feels like a 90s Visual Basic application. Plus you can't | organize your accounts, and even if you prefix them to "sort by | name", the special name you give is lost after using it. | | On the other hand, I already have other Apple cloud stuff and | kinda trust them, so I suffer through it. And other password | managers aren't anything to write home about either to make me | change :/ | notyourwork wrote: | +1 to subpar on Mac. iPhone is about the only surface where | its seamless/smooth. The rest leaves me constantly | frustrated. | deergomoo wrote: | > Keychain, the app you use to view your passwords | | Huh, I never realised Keychain showed iCloud Passwords. I | always just use Safari (which is inconvenient in its own way | admittedly). | comex wrote: | Note that macOS now has _three_ "apps" to view your | passwords, three different UIs for the same database. There's | Keychain Access, there's the Passwords section of System | Settings, and there's the Passwords section of Safari | preferences (which is the same UI as the pre-Ventura System | Preferences app's Passwords section). | | The other two have even less organization functionality than | Keychain Access, so this probably doesn't help you, but the | blog post was talking about the System Settings version so I | wanted to point it out. | kccqzy wrote: | What's wrong with Keychain Access? It hasn't changed its | appearance since more than a decade. That's a good thing for | familiarity. Early Mac OS X apps have incredibly good design | that doesn't waste space. | 9dev wrote: | Guess which app is ripe for a Swift UI redesign soon! | whstl wrote: | But it does waste a lot of space... there's a lot of | duplication of keys (which are deduplicated in the iPhone | app), and with other information (somehow I have hundreds | of "com.apple.cloudd.deviceIdentifier.Production" in | there). And I already mentioned organization fails. Plus | it's kinda insecure as it enumerates your accounts | exhaustively without asking for a password like | iPhone/Safari (granted, not a problem specific to this | app). And the interface to view the passwords is terrible. | Old and familiar is not synonyms with "good". | | However now that comex pointed me to the Password in the | "System Settings" app, I at least can use it and it's fine | if Keychain is left as is. | taylorlapeyre wrote: | Apple makes a iCloud Passwords chrome extension: | https://chrome.google.com/webstore/detail/icloud-passwords/p... | hnrodey wrote: | Maybe this was it...IIRC the user must also have iCloud For | Windows installed? It's been several months since I tried | this setup. For my personal user experience it was | unacceptable. | larrik wrote: | Windows only! It doesn't work on Mac! | | I honestly didn't know that was possible before that | extension. | animal_spirits wrote: | Chrome on mac should by default be able to work with the | Apple password keychain | rootusrootus wrote: | No, Google has not implemented support for Keychain in | Chrome. AFAIK neither has Firefox. | aequitas wrote: | They actually removed support for Keychain, Chrome on | macOS used to support it in the past. | azinman2 wrote: | And this annoys me greatly. I want cookies, bookmarks, | and passwords to be owned by the system. That way I can | switch between browsers with ease, and that would also | lower the bar for new browsers to come out. | mattmcknight wrote: | I switch between systems more than I switch between | browsers. | toxik wrote: | I absolutely do not want this. | danudey wrote: | Agreed. This sounds like a nice user-friendly feature | until you realize what a colossal privacy disaster this | would be for any malicious app that the user grants these | permissions to. | | "DerpCo Derpolizer would like to access your stored | cookies. This allows us to automatically log into your | DerpCo account!" and then bam, they hoover up your login | data in an instant and send it off as part of their | telemetry. | | Much better to have a system like (for example) sign in | with Apple where you can easily click a button to have | the system authenticate you, but no one gets access to | anything without specifically asking for it. | Camillo wrote: | Meaning it ought to, but doesn't, right? | hcurtiss wrote: | And it's slow two star garbage. | dwighttk wrote: | It's not great, but the app you are looking for on macOS is | Keychain Access | xivzgrev wrote: | Also, if your phone is stolen / lost and someone can guess your | 6 digit passcode, then all your passwords are exposed. | | That was biggest deal killer for me. | AdamGibbins wrote: | Edit: Removed initial comment, confused my iOS faults. | | Keychain its current configuration is risky, given its coupled to | your iPhone password which many people frequently enter in a | public setting. One shoulder surf followed by a phone theft and | they've unlocked everything - including your iCloud account | (which you can change the password on using iPhone password | only). | buildbot wrote: | It needs biometrics or passcode to unlock? | Jaxan wrote: | > you can access it when your phone is unlocked without any | additional authentication. | | No you can not. On my iPhone I have to authenticate with my | finger print or pin code again for the passwords. | azinman2 wrote: | If I go to system settings > password on iOS, it then requires | Face ID to get in. So I'm not sure what you're talking about. | Under Face ID & passcode you can also require Face ID for a | password auto fill. So I don't think any of this is correct. | sabin1001 wrote: | [dead] | simonklitj wrote: | Are you sure? I always have to scan Face ID, whether it's to | open the "Passwords"-section in Settings or to have it | automatically paste a password on a website/app. How do I | access these things without additional authentication? | DantesKite wrote: | I get the impression Apple doesn't want a dedicated app for | passwords because they don't want people to think about | passwords. | | It shouldn't be something people manage, hassle, or worry over. | They likely want people to just be able to open their phones and | have it uniquely identify them seamlessly across a variety of | sites. | | Unfortunately, they're not quite there yet. | CharlesW wrote: | > _I get the impression Apple doesn 't want a dedicated app for | passwords because they don't want people to think about | passwords._ | | I think you're right. Ventura's Passwords Settings shows that | they're in transition away from the archaic Keychain app to | _something_. My guess is that they 're skating to where the | puck will be in 2025 when Passkeys are universally supported, | and for most use cases auth will be automatic. | ElijahLynn wrote: | Good point, the end goal is probably some sort of biometric MFA | solution. | thom wrote: | Gimme something to make family passwords easy (eliminate | passwords!) Enable Apple ID logins for kids. Throw your weight | around to move safety settings into some sort of open web | standard. I've got 1Password but the daily pain of managing a | family of users with various accounts is just too much right now | and I would pay almost any amount of money to have a simple | solution that I never had to think about. | geuis wrote: | I _really_ want to use Keychain for all of my password | management. But nothing works. | | Like I'm in serious need of a highly secure cross browser/cross | platform password solution. | | On my phone, everything is fine. But I use Chrome on MacOS and my | Windows desktop. Chrome used to use Keychain on MacOS, but some | years back Google changed the product to tie into their own user | accounts. I refuse to sign into a browser itself just to use the | web. | | The iCloud password extension for Windows (chrome/edge) | absolutely DOES NOT WORK. I have tried getting it to work for the | better part of a year. Finally gave up and removed the useless | thing. | | I probably dumbly still trust Apple's security policies and would | prefer to use Keychain as my fits-all-sizes security tool, but | the combo of product incompatibilities and non-working Apple | authored software makes it impossible. | cglong wrote: | I appreciate Apple adding the ability to export your passwords, | but it's ridiculous it took until 2021 for this to happen. | sacnoradhq wrote: | This is unnecessary because it's a problem that's already solved. | | - BitWarden - for personal use, stores 2FAs and acts as an iOS | password source. (The claimed attacks were mitigated) | | - Keeper - for enterprise use, stores 2FAs and acts as an iOS | password source | | - Duo - for 2FA for enterprise use with backup text mechanisms. | Edit: Duo's primary app mechanism is similar to Google Gmail | app's mechanism of a yes/no popup to approve a 2FA request | | ^ The above are cross-platform and extend beyond Apple. | Despegar wrote: | I guess everyone is over the anti-"self-preferencing" policy push | over the past few years and is back to normal. Sherlocking is in | fact good. | OCISLY wrote: | I still miss Mozilla Lockwise. | benatkin wrote: | At least Firefox makes it easy to view your Firefox passwords. | In Chrome it's nested in settings and the text box where it | shows the password is tiny. | rohan_ wrote: | >(And it all syncs across your devices, for free?!) | | IMO the worst part about apple keychain is they can't be used | with Chrome (the most common browser for mac!) | apike wrote: | I too find this frustrating, but I'm curious about the claim | that Chrome is the most common browser on Mac. I sometimes see | this claim, but I struggle to find any data to back it up. | | The US government web analytics | (https://analytics.usa.gov/data/), which seems like a | reasonable source for general usage in the US, show Safari | substantially ahead of Chrome on Mac. | | Have you seen any sources that show Chrome ahead of Safari on | Mac for a general audience? | fckgw wrote: | You can, Apple has an extension for iCloud Keychain. | | https://chrome.google.com/webstore/detail/icloud-passwords/p... | rohan_ wrote: | Windows only | snowwrestler wrote: | > iCloud Passwords is a Chrome extension for Windows users... | sargun wrote: | I believe this is as much on the Chrome side as it is on the | Apple side: | https://bugs.chromium.org/p/chromium/issues/detail?id=312105 | | Chrome could access those natively on Mac, or use the keychain | as the native backing store, from what I can tell. | mattkevan wrote: | I've always used Keychain Access to view/manage passwords. If | they cleaned up the UI a bit it'd do pretty much exactly what | Cabel is talking about here. | teeeg wrote: | i would prefer icloud keychain allows an alternative password - i | refrain from adding some credentials to the keychain since my | passcode is easy to steal? | isleyaardvark wrote: | Reading other comments in this thread and I feel like I am | taking crazy pills. There was a big article that I thought a | lot of people had read and would realize having passwords saved | under an iCloud account is a recipe for disaster, since only a | phone passcode is necessary to gain full control of an iCloud | account. | | https://news.ycombinator.com/item?id=34984821 | thiht wrote: | I'd never use a password manager built by Apple for the same | reason I don't use Chrome's password manager or Firefox's | password manager. All these passwords managers have strong | incentives for "working best on <platform>(tm)". I want a | password manager independent from any platform like Bitwarden or | 1Password, because it's actually valuable for THEM to target all | the platforms they can. | kernal wrote: | Setting up TOTP on an iPhone. I had no idea it could do this. | | https://support.apple.com/en-ca/guide/iphone/ipha6173c19f/io... | abraxas wrote: | If Apple password manager is anywhere as well thought out as | their 2FA for Apple TV then I don't want to come next to it | within 10 light years. | | Every time it asked me to either "confirm on your iPad" (I have 3 | of those around the house) or "confirm on your iPhone" (I have 0 | of those) I was ready to hurl shit. SMS option buried in some | dark pattern, of course. | | If these companies want to encroach in the secrets management | space they really need to hire more qa and test more than a | single happy path. The number of failure modes in these systems | is astonishing for the billions of dollars these companies can | throw at the problem. | Tepix wrote: | I suggest you move to Ross 248, which is a mere 10.3 light- | years away. However, 32000 years from now it will be the | closest star to our sun at 3.024 light-years so keep that in | mind! | twobitshifter wrote: | I think there's a setting for that in setup. Is your problem | that Apple thinks you have a iPhone or that you have to | interact with the tv on a second device? | | As with all things apple when you buy in you get the best | experience. That feature on AppleTV works really well with an | Apple Watch. | capableweb wrote: | Which really sucks and puts you off from getting more Apple | devices if you're a person who slowly buys into the ecosystem | rather than go all-in without testing things. | | Personally, I was a fan of Apple laptops between something | like 2010 - 2015, but after that I just couldn't deal with it | anymore, as I had a Android phone and nothing else Apple. | | Fast forward to 2019, Apple finally releases a phone that | fits in my tiny hands, so I get a iPhone 12 Mini, thinking | that the CarPlay experience will be loads better than Android | Auto on a measly Moto G. | | But holy smokes if I wasn't wrong, CarPlay is a UX disaster | and I can't wait for the iPhone to break somehow or get too | slow because of OS upgrades, so I can justify buying a new | phone again. | | Just the simple fact that a phone calls covers the entire | screen (which I use for GPS) seems like such a simple use | case that they somehow missed, that I just wanna bin the | entire system and I'll never buy Apple hardware for daily use | again. | | I still have to use Apple laptops for software I release, but | every time, I'm reminded how great the UX used to be, but how | far they have fallen. Really sad to see. Windows is no better | either, each version gets worse and worse... | teabee89 wrote: | I will tell my family to use iCloud Keychain the day when it | works across all major browsers and OSes. Or at least that they | provide an API to sync with other password managers. | twobitshifter wrote: | Anyone know how to use Microsoft otp with another app? | galad87 wrote: | They already have an app, Keychain Access, but for weird reasons | they integrated the new features into System Setting instead of | expanding the existing app. | waboremo wrote: | Fully in agreement here, getting people used to Apple Passwords | can be a task purely because it's stuffed into settings. | | Would like to see them in the process of transitioning it away | from settings, also include the ability to change the name of the | entries. Multiple URLs per login would be great too (or even a | linking of separate entries). Think these are the biggest things | keeping many general users still relying on the likes of | 1Password/Bitwarden, which is where I disagree with the writer | here, I think third party password tools should be replaced by | sane defaults as soon as possible outside of niche cases. | sholladay wrote: | I don't personally care much whether Passwords is in Settings or | a separate app. But I do have one problem with it. As far as I | can tell, you must save a password for a site in order to use the | TOTP 2FA feature. I don't want my device filling in passwords for | me because it defeats the purpose of a password being "something | I know". The 2FA code is more like "something I have" and I'm | okay with the device filling that in, but not the password. | | There doesn't currently seem to be a way to set up only the 2FA | code for a site. | shortcake27 wrote: | The "something you know" is your devices | pincode/passcode/iCloud password, not the password to the | website. If you know the password to a website it means you're | reusing passwords or using a pattern to generate passwords, | both of which are less secure than randomly generated passwords | (especially the former). | | Of course, nothing is stopping you from saving a bogus password | either. | sholladay wrote: | I don't buy it. Complex, random passwords are great against | brute force attacks but that's not usually how these things | play out. | | Many password breaches are caused by technical lapses on the | part of a platform, where password complexity often becomes | irrelevant. Your password gets hovered up along with everyone | else's and eventually gets decrypted, and tried en masse | against other platforms. In this scenario, even a simple | pattern for passwords is probably enough to prevent the | problem from spreading, as long as it's not too obvious. | | The other way passwords often get compromised is from someone | looking over your shoulder or key logging, infrared on PIN | pads, etc. In this scenario, your system is WAY, WAY worse, | since one password unlocks the kingdom, and that password is | frequently being used. | | As it stands, if someone peeks over my shoulder and discovers | my phone password, then steals my phone, it's damaging but | not game over. They can't access any websites. | | If I allow my phone password to be the only gatekeeper to | access everything, IMO that's lousy security. | muhammadusman wrote: | I resisted using 1Password for a long time but then once I got | into the 1P world, it was better than all the alternatives. | LastPass is unsafe, Dashlane has subpar experience, and all the | proprietary ones are missing tons of features. | | Chrome, Firefox, Apple, I'm sure Windows too, have all their own | password managers and all of them are hard to use and expect you | to only have devices in their ecosystem. | | 1Password is worth every penny for how well they've kept up with | updating their apps and their prevalence on all platforms. And | the 2FA integration is great too! | sabin1001 wrote: | [dead] | dwheeler wrote: | > And it all syncs across your devices, for free?! | | Really? My Linux devices? Android? Windows? I don't think so. | | I recommend considering one of the _most_ important features of a | password manager is that it doesn 't force you to use a single | manufacturer's products forever. Even if you swear undying fealty | to Apple (or anyone else) today, you might change your mind in | the future. 1Password, Bitwarden, and others allow me to switch | PC manufacturer, phone manufacturer, browser, and so on. | | I can't tell you how many people used to think "Internet Explorer | is popular, it'll always be the one and only browser". That did | not end well. | geocar wrote: | > Even if you swear undying fealty to Apple (or anyone else) | today, you might change your mind in the future. | | Changing my mind is easy enough: I can export my iCloud | passwords to a csv file, and I've done this to transfer a bunch | of passwords to Firefox Linux desktop. | | I'll tell you something though: If Bitwarden leaked passwords | nothing would happen because America has very weak consumer | protections, but if Google or Apple leaked passwords, they'd be | hit in every EU member state for GDPR. | | Some of these things are outside of my control, and using a | password manager is too useful that I think it's worth a little | risk, but I can't justify trusting any company unless they've | got some skin in the game, and Bitwarden specifically wants to | disclaim all liabilities? AgileBits thankfully is in Canada and | you can at least sue them for what you've paid them in six | months, but I personally have passwords more important than | that. Surely there's someone else you could recommend? | dwheeler wrote: | LastPass' entire business model was about protecting | passwords, and passwords still got leaked. Most prople want | security, not "ability to sue" which is not at all the same | thing. | error503 wrote: | Self-host vaultwarden at the cloud provider of your choice? | monocularvision wrote: | Am I the only person on Earth that needs sharing of passwords | among my family? Any time folks bring up password solutions, they | are always missing this requirement for me. | | 1Password is a life-saver in this regards. All my kids have their | own vaults but for the little ones I have them use a shared vault | between my wife and me so we have access to their passwords. I | can also easily share passwords for services like Netflix so the | kids don't have to bug me. | | It has been great for teaching kids about password hygiene (what | makes for a good password) and management (don't reuse | passwords!). | | And it being cross-platform is great for my older kids with | gaming PCs. | ellisv wrote: | I agree that is one of the big issues with keychain. You _can_ | share keychain items with people but it is awkward. | jtbayly wrote: | Are you referring to Airdrop password and passkey sharing?[1] | That's the only way I can find other than manual copy/paste. | | Also, I very much doubt if I later change the password I | shared via Airdrop that it will update on the other person's | device... which is half the point. | | [1]: https://support.apple.com/guide/iphone/share-passkeys- | passwo... | probablynish wrote: | Bitwarden lets you do this with an 'Organization'. Free to | share things between two accounts, looks like $40/yr to share | between up to 6 users. | whalesalad wrote: | A 1pass team w/ my wife was a huge level-up. | elbigbad wrote: | Same, anytime the family creates a new account that everyone | else should have access to (utilities, streaming services, | bank information, pass codes, etc) we just create it in the | shared vault. It's a game changer. | Hamuko wrote: | > _Am I the only person on Earth that needs sharing of | passwords among my family?_ | | I needed to share my Netflix password back in the day. My | random alphanumerical 32-character password with special | characters drove my family up the wall though. But in general, | passwords are for personal use only. | cmnt wrote: | It's incredible how Apple make it's users happy to lock-in in | their eco-system. I don't really know Apple eco-system but it | seems weird to migrate from tierce app (already well integrated) | like Bitwarden to keychain. I've lost count of the people who | have switched from their Music App to Apple Music for no reason | other than "it's Apple". Apple make good hardware and their eco- | system seem amazing too, but people should see the advantages to | be not entirely depedent from a company. | deergomoo wrote: | > but people should see the advantages to be not entirely | depedent from a company | | I think you're overestimating how much the average person | thinks or cares about their computing platforms. They want | something that works and gets out of the way, and to that end | having everything come from one company is a feature, not a | bug. | | I mean I consider myself a power user and I still use iCloud | Keychain purely because I was already using Safari when it | launched, so it already had all my passwords. I recognise the | advantages of third-party offerings, but to me they're not | enough to bother moving all my stuff over. | | Similarly I still use a third-party 2FA app because I was using | it before Apple added it into iCloud Keychain (and also because | the third-party app has an Apple Watch app and I've grown | accustomed to reading the codes off my wrist). | defulmere wrote: | Every time I see a question like "Why doesn't Apple build $THIS?" | I assume the answer is "because they'll make more money selling | 3rd-party $THIS in the app store". | culturestate wrote: | _> I assume the answer is "because they'll make more money | selling 3rd-party $THIS in the app store"_ | | Apple has a long and storied history of doing almost exactly | the opposite - any sufficiently popular third-party utility | either gets bought and integrated (eg Workflow, Dark Sky) or | Sherlocked (eg f.lux, Watson). | | Apple takes a _very_ long-term view of revenue generation, and | the App Store commissions from $random_app are _way_ less | valuable to Apple than the LTV of a customer who's locked into | buying Macs and iPads because of Apple's proprietary version of | $random_app. | elsurudo wrote: | I use Keychain Access app, but admittedly the UX there is | terrible. I wish it was nicer, and also integrated with browsers | other than Safari. | tacker2000 wrote: | The worst thing is when I register a new password to a website on | my Mac on Firefox and then want to login to the site on my | iPhone. I literally have to type the (complicated) password again | so that it gets saved in Keychain. | | Why wont Keychain allow Firefox sync? This seems like an | extremely common use case. | richardw wrote: | You should see the horror that is changing your country and phone | number. I spent weeks hunting around the phone to stop weird | things from happening. You would think Apple were smart enough to | say "it looks like you've changed details. Can I update the | plethora of places I use your number?" | r0m4n0 wrote: | I think a few problems imho: | | 1)they don't do cross platform software well so they would never | make a windows app, chrome extension, android integration etc. | It's either all or nothing which I would never buy into (even as | an iPhone and mbp user) | | 2) there are actually a ton of use cases here that make the | software actually very complex and high stakes. I'd wager the | pros don't outweigh the cons. Also apple isn't known for complex | software with niche use cases. Honestly their current | safari/iphone password manager is trash | | They do a few things well and rely on lock-in and ecosystem | sylens wrote: | Even if macOS and iOS are my primary work (and personal) | platforms these days, I still like a solution that works great on | Windows, Linux, and Android as well. | | I'm pretty happy with 1Password - it does all of the things | mentioned in this article with more platform support | ehsankia wrote: | Exactly, this is why many of the Apple services are useless | unless you are 110% in their ecosystem. At least Apple Music is | the _one_ app they somehow made available on Android and | Windows. | cglong wrote: | Apple Music started its life as Beats IIRC, so a good cross- | plat UX was part of the acquisition. See also Shazam. | mmmmmbop wrote: | There's a feature on the AirPods that allows you to enroll | them in your iCloud account enabling Find My. | | All you need to do is connect the AirPods to an iCloud- | enrolled Apple device, and it will automatically connect to | that iCloud account. | | Oh, but it's not any iCloud-enrolled device, it must be an | iOS device. Connecting them to my MacBook didn't do anything. | | I went into the Apple Store to ask for a solution to that | problem. They legitimately asked me why I'm buying AirPods if | I don't have an iPhone -- they're called _Air_ Pods after | all... Anyway, their proposed solution was for me to buy a | refurbished iPad for $450 to connect the AirPods to my | iCloud. | lfciv wrote: | I find 1Password to be sort of a pain when signing up for new | accounts on my iphone - the generate secure password & autofill | doesn't always work for me - on the web it's great though | Hamuko wrote: | I considered 1Password when shopping around for a new password | manager, but the pricing of the subscription and the fact that | it was an Electron app killed it for me. | | Currently test-driving a smaller alternative with a one-time | payment. | Schiendelman wrote: | I think the reason Apple hasn't prioritized this is that with | their login with Apple implementations and passkeys, the utility | of copying/pasting or looking up a password is dropping over | time. | aeharding wrote: | You can make an iOS shortcut to make it appear as an "app" | (launches keychain manager). I did this for some elderly folk, | works great. | hot_gril wrote: | I've been using Keychain since 2003. Only now am I aware that it | does TOTP. I've been avoiding TOTP like the plague this whole | time because I don't trust the other apps not to somehow get me | locked out. | ElijahLynn wrote: | One problem with that is if a person has a non-Apple product, | Apple won't build the app cross-platform, so they are even | further locked into Apple hardware then. | | Might not affect that many people. But it would surely limit | choice for those who don't even know about the lock-in later in | their lives. | m000 wrote: | Any attempted lock-in is guaranteed to attract attention of EU | regulators. | | This is what Apple probably wants to avoid. They won't be | allowed to play a "Safari" this time (i.e. all password | managers are allowed, as long as they are a frontend to our own | password manager). | | Also, having the password manager as a separate app, it is | likely they will be asked to provide a standalone password | migration API for third party password managers. This would | make switching to another ecosystem trivial for moms & pops, | who currently need to deal with CSV import & export* if they | want to move their passwords out of iCloud. | | * Not sure what the situation is ATM, but a few years back | exporting passwords from iCloud was not directly supported. I | had to run a third-party AppleScript script to generate a CSV | to import in another password manager. | pantojax45 wrote: | I wish you could add a second password or different passcode on | top of iCloud Keychain / apple passwords. | | I get nervous at how easy it is to compromise all passwords: | | 1. Give someone your phone passcode, they can change apple | account password. P0wned | | 2. Have iCloud Keychain on laptop... other user account resets | password on account. (Or use it on work computer without | realizing) | | 3. ___________________________________________________________________ (page generated 2023-03-27 23:00 UTC)