[HN Gopher] Apple passwords deserve an app
___________________________________________________________________
Apple passwords deserve an app
Author : ttepasse
Score : 616 points
Date : 2023-03-27 17:55 UTC (5 hours ago)
(HTM) web link (cabel.com)
(TXT) w3m dump (cabel.com)
| aquanext wrote:
| My best guess is that Apple won't do it because their plan is to
| phase out passwords entirely. That's what that whole FIDO
| Alliance (https://fidoalliance.org) is all about.
|
| And 1Password is part of that too:
| https://blog.1password.com/1password-is-joining-the-fido-all...
|
| I think that ultimately a password tool needs to be available on
| multiple platforms, like 1Password. Having it just be on Apple
| stuff just isn't gonna work for the many Windows and Linux
| machines I begrudgingly have to interact with.
| ttul wrote:
| 1Password knows that it will take centuries for passwords to
| disappear even if a password-less future is already here.
| Hamuko wrote:
| Passwordless future definitely wasn't here just 1-2 years
| ago. The management of WebAuthn Discoverable Credentials /
| Resident Keys was so fucking awful on every platform I tested
| them on.
|
| You want to clear your Resident Key for a website on Windows?
| Command-line.
| CryptoBanker wrote:
| Oh god please no
| tikkun wrote:
| While we're on the subject, other Apple things that deserve an
| app:
|
| Dashboard/status
|
| - I have a smart lock, and they have their own app, where all it
| really does is show the current status of the lock and let me
| toggle it. There are quite a few apps like this. It'd be nice if
| they could all be condensed into a dashboard/status app that
| could just tweak values and show current status. Apple Home
| attempts to do some of this.
|
| Notifications
|
| - It'd be nice if there was a notifications app, and I could set
| most of my apps to deliver their notifications to that app,
| instead of me directly. This would reduce notification overload
| and distraction.
| WorldMaker wrote:
| Have you tried Notification Summaries yet? That's sort of like
| a "deliver notifications to a separate app".
|
| In the notifications settings you create at least one Scheduled
| Notification Summary. I've currently got ones setup roughly
| every four hours during "core daylight hours" for me, plus I
| enable the "preview option" to read the next summary early if I
| need to. Then you add as many apps as you want to the
| Notification Summaries. All of the notifications for those apps
| during each time period get rolled up into a single Summary
| object in your notifications, only give a notification alert
| once for the entire group of them (at the scheduled time), and
| don't cause Watch notifications (if that's a
| distraction/overload you especially juggle as I do).
|
| At this point I've even got all my email notifications going
| into Summaries (which is why I turned on the preview for the
| next summary if I feel like I need a quick glance at recent
| email subject lines without opening my email app up).
|
| It is such a useful tool and not a lot of iOS users discover it
| in the settings. May also be an indicator that it could use its
| own app because discovery in the Settings app itself is hard.
| Maybe the Settings app is just doing too many things now and
| needs some sort of reorg or something.
| Spivak wrote:
| Isn't that first one Home/iHome/HomeKit whatever you wanna call
| it? If your lock doesn't support HomeKit there's a good chance
| Homebridge does.
| alana314 wrote:
| They don't make it clear on iOS which password manager you're
| using, which hurts both them and other password managers I think.
| The worst experience is not knowing where your password is or
| which account it's using. I had to turn off all apple password
| management in preferences, I've thought about going all-in on
| apple passwords but don't think it has all the features I want.
| stalfosknight wrote:
| That app is called Keychain Access on macOS.
| kup0 wrote:
| Not sure we want to ask Apple to build more software when they
| can't even get the quality of their existing software up to par.
| I would be strongly inclined to stick with something less tied to
| the platform/ecosystem, like 1Password
| Anechoic wrote:
| _Keep a "Notes" field where you can add extra data, like 2FA
| backup codes, for each password!_
|
| I'm not sure if the reference here is to Keychain's "Secure
| Notes" or the "comments" field associated with password items. If
| the latter, I've found (at least on older versions of OS X/macOS)
| that when Safari updates the value of a changed password, it
| _deletes_ the comments! I used the comment field to add the
| (random) answers to security questions, and got burned on a
| couple of sites when I 've needed to do an account reset and lost
| those answers.
| shagie wrote:
| > that when Safari updates the value of a changed password, it
| deletes the comments!
|
| It doesn't change a password, it creates a new one.
|
| This means if you somehow mangle saving the password (you
| thought you updated it, but didn't) the older password is still
| in your keychain with the older note and it can still be
| retrieved.
| 404mm wrote:
| One core feature that will keep lot of people from using Apple
| Password manager is family setup. Anyone with Apple family knows
| how bad it can be when you have dozens or hundreds of shared
| passwords between you, your spouse and / or kids.
| rootusrootus wrote:
| Yep. 1Password has my business indefinitely because of this
| requirement. Apple may be building a nice solution for single
| people (and perhaps many non-parents), but it's useless for
| family use.
| aaronharnly wrote:
| I follow Ricky Mondello, who works on the Apple password keeper
| functionality -- they post interesting tidbits pretty regularly.
|
| https://twitter.com/rmondello
|
| https://hachyderm.io/@rmondello
| filmgirlcw wrote:
| +1 Ricky is the best. They also made a very useful Shortcut [1]
| that offers quick access to the Passwords on your Home Screen
| or Mac menubar.
|
| [1]: https://rmondello.com/passwords-shortcut/
| shikshake wrote:
| clicking this link throws a bunch of warnings in my browser,
| and my university internet blocks me from seeing the actual
| website :(
| testfrequency wrote:
| https://www.icloud.com/shortcuts/cd5b0ec116ee4d1d8654823839
| 4...
| sacnoradhq wrote:
| That iOS supports multiple password sources from other apps
| already largely solves the case of using a cross-platform app
| to provide or store passwords.
| selykg wrote:
| I met Ricky at a WWDC years ago when I was in the password
| manager field. What a wonderfully intelligent person. Actually,
| several members of the Safari team were present at that meeting
| and it was such a great set of people. I kind of miss that part
| of that job...
| WorldMaker wrote:
| It took effort but I finally got my dad to use 1Password
| regularly, but my mom would be a lot easier to convince if Apple
| just made its own password tools easier to use, especially cross-
| platform, including maybe putting a nice app face on it.
|
| > PPS: I dream of a future where Passkeys could make the password
| manager extinct. But it'll take time...
|
| Passkeys even more so need more of a "curated app experience" to
| work right, cross platform. Ironically, it is my impression that
| preparing for Passkeys is why Apple finally added that password
| explorer to Windows' weird iCloud "control panel". (For a long
| time, the only way to use iCloud passwords on Windows was the
| awful Edge/Chrome integration.)
| w-m wrote:
| Tangentially related, something that has slightly inconvenienced
| me a few times: Can someone point me to a setting to get Siri to
| show me my passwords again, on iOS 16?
|
| Before, I could ask on an unlocked phone to "show me my password
| for GitHub" and Siri would open the settings app with the
| password list and show the GH credentials. Now (since iOS 16?)
| Siri just refuses to do any request that contains 'password'.
| selykg wrote:
| You mean Shortcuts? You can have it open this URL:
|
| prefs:root=PASSWORDS
|
| You'll want to set up Siri separately as part of it, but you
| can definitely do that with Shortcuts.
| w-m wrote:
| Interesting, thanks!
|
| What I described didn't need a shortcut before. It was a
| vanilla iOS feature. I assume it went away for privacy
| reasons with one of the OS updates. And hoped there'd be a
| setting to get it back.
| gumby wrote:
| The nice thing is: the way they implemented this it looks like
| you could pretty easily write a 1passwordish mac client as an
| interface to the system infrastructure. I say "1passwordish"
| because one of the tedious part of a program like that is the
| browser parsing to handle all the weird authentication cases devs
| write.
|
| Unfortunately I'm not an ios dev and wonder if it might even be
| possible to do the same on ios? I believe there is an API so you
| can write _a_ password manager (1password et al use that) but can
| you get to the secure system services?
|
| Edit: I now see who wrote this blog post. Were it straightforward
| on ios he probably would have said so.
| frutiger wrote:
| I am not an expert macOS/iOS developer but I unsuccessfully
| played around with the API a couple of times.
|
| You can't access passwords stored by another app (app
| identifiers appeared to be globally unique, e.g.
| com.apple.Safari). There was an additional hurdle to
| access/store items in the iCloud keychain, though I forget what
| exactly.
|
| This restriction makes sense.
| imchillyb wrote:
| Until Apple's keychain works reliably across all platforms, I'll
| continue to use Dashlane Password manager.
| kylehotchkiss wrote:
| internally, apple used to have a pretty big 1Password contract -
| https://appleinsider.com/articles/18/07/10/apple-looking-to-...
|
| Maybe they don't want to promote their own too heavily, to allow
| 1Password to take on the organizational risk of running a
| password manager? (For context, think about your current view of
| lastpass vs how you felt about it a year before their leak).
| Maybe the internal password management functionality is better
| suited to orgs which restrict third party apps?
| arghnoname wrote:
| 1password has features that are useful in a large corporation
| that keychain does not have, particularly around sharing
| passwords and password vaults.
|
| I haven't noticed even minimal credential sharing facilities in
| keychain.
| dwaite wrote:
| WRT credential sharing, you can airdrop credentials to people
| on your contacts list.
|
| But multiple vaults and vault sharing - no such luck. I don't
| think they want to deal with the UX confusion of it,
| especially since that confusion could lead to someone getting
| locked out of things.
| immdischt wrote:
| The article is informative but failed to describe where to find
| Apples password settings / feature while complaining about how
| hard is is to find...
| cjdoc29 wrote:
| I really like Apple's implementation of passwords, passkeys, etc.
| But...I had a hard time explaining this to my mom.
|
| She uses it to generate her passwords and fill-in within Safari
| which is great!
|
| But there's no "Passwords" app, and she didn't know to go into
| Settings to reference a password when Safari doesn't recognize a
| password field (probably the website's fault).
|
| 2FA is also a confusing experience, but 2FA is also just
| confusing enough for her where Apple isn't really the problem
| here.
| reaperducer wrote:
| _But there 's no "Passwords" app_
|
| It's called Keychain Access.
| cj wrote:
| The problem is Keychain Access doesn't pass the "mom test"
| (would you average consumer - e.g. your mom - actually use
| it)
| Hamuko wrote:
| No password manager passes that as far as I'm concerned.
| waynecochran wrote:
| Keychain Access doesn't pass the "me" test and I have a PhD
| in CS.
| airstrike wrote:
| They don't even know why it's called that
| shagie wrote:
| Because you can store non-passwords in there too.
|
| Secure notes, your own signing certificates, keys, root
| CAs, and specific self signed certs you've accepted for
| SSL.
| airstrike wrote:
| Still, none of that means anything to the average user.
| Searching for "passwords" in Spotlight should also take
| you to your passwords
| shagie wrote:
| Make an alias to Keychain access. Name it "Passwords" and
| have that a directory that is indexed by Spotlight (the
| Utilities directory under Applications where Keychain
| Access is found works fine).
|
| This will then show up in the launchpad.
| https://i.imgur.com/IRPOMC5.png
|
| Searching for 'pass' in Spotlight does bring up Keychain
| access - as that's in the apps list of Keywords...
| _however_ the list of apps is _way_ down on the scrolling
| https://i.imgur.com/KFUC0G0.png - it found 'password' as
| a string in 100 python files that I had to scroll through
| first.
| shagie wrote:
| Since I use it quite a bit for secure notes, I've got it
| pinned in my toolbar. From the top down I've got Finder,
| System settings, Keychain Access, HomeKit, Launchpad,
| Safari... and then other things.
|
| The thing is, its the 3rd one down.
| squeaky-clean wrote:
| Isn't Keychain Access MacOS only? It's not available on
| iPhone.
| pharos92 wrote:
| 100% - the current method of access (via settings) is so nu-
| intuitve. A real sign of the state of Apple over the last few
| years. Customer UX needs to become front-and-centre again.
| great_psy wrote:
| I have been using the Apple manager since LastPass got hacked
| recently.
|
| Hot take , but ... I like the lack of integration in other
| operating systems/ browsers.
|
| I see my phone as a Secure Enclave, and my passwords should be
| disconnected from potentially insecure systems. I see the phone
| as those keychain one time passwords where you have to press a
| physical button to get a key.
|
| Is it inconvenient to get a password, yes. But it offers the
| piece of mind that I only have to worry about iPhone/Apple
| exploits, instead of chrome+firefox+windows+Linux+Apple+iphone.
|
| I don't think in this case Apple is not doing the integration
| because of this security feature, but I think it is a feature non
| the less. Of course you can always choose not to install the
| extensions even if they existed, but the point is that if they
| existed it would lower security.
| imwithstoopid wrote:
| don't lose or break your phone....
| great_psy wrote:
| I have my old iPhone with no sim that I mostly take to the
| gym to protect the new one.
| InCityDreams wrote:
| >I have my old iPhone with no sim that I mostly take to the
| gym to protect the new one.
|
| What is the other one doing in the gym, unprotected?
| MBCook wrote:
| iCloud solves that.
| whitewingjek wrote:
| Unless Apple ever starts following Google's lead to ban
| accounts for any infraction and you don't store backups...
|
| Not saying Apple is doing that now, but I imagine it's not
| outside the realm of possibility.
| great_psy wrote:
| We can use the same argument for any other cloud password
| manager. If google/Apple blocks my access, well it's
| those services I am trying to log into in the first place
| so the point is moot.
|
| Also I have recovery keys for the more important accounts
| printed and stored in a safe box.
| whitewingjek wrote:
| I agree, perhaps I should have emphasized that my point
| of view is that anyone should back up anything stored on
| the cloud.
|
| Which I'm glad to know you can at least do with Keychain
| [1], although I use Bitwarden myself.
|
| [1] https://support.apple.com/guide/keychain-
| access/import-and-e...
| rpgbr wrote:
| Except password managers that YOU need to take care your
| vault, like KeePassXC.
| great_psy wrote:
| I used keePass before LastPass, but the issue was with
| keeping the file synced. I had it in Dropbox and I was
| able to open it no problem from the phone, but making
| updates from phone was a challenge. Maybe I was not using
| a good app but it was a hassle to keep it synchronized.
|
| But anyway, somebody could cut off your access to
| Dropbox, but it's less of an issues since you have a
| backup.
| ex3ndr wrote:
| Not really, you need another device to share icloud
| keychain
| MBCook wrote:
| Nope. Buy a new iPhone, sign in, it's all back.
|
| It's useful even in non-multi-device scenarios.
| rpgbr wrote:
| This was precisely what drove me off Apple password manager. If
| your iPhone were compromised, such as in those iPhone unlocking
| scams[1] (something quite common here in Brazil at least since
| 2021), it's game over for your entire password database.
|
| I've been using KeePass apps (MacPass on macOS, KeePassium no
| iOS), with a different, unique master password, unlogged by
| default on iPhone, plus DB locks automatically after 10 minutes
| of inactivity.
|
| Maybe I'm way off, but it seems safer to me.
|
| [1] https://www.wsj.com/articles/apple-iphone-security-theft-
| pas...
| lxgr wrote:
| Absolutely. Given these reports, Apple's security model isn't
| close to being sophisticated enough to warrant trusting them
| with passwords or (even more critically, arguably) WebAuthN
| passkeys.
|
| I recently saw it with my own eyes as a family member was
| able to reset their iCloud password and gain full access to
| their account on a new device, including iCloud Keychain,
| using _nothing but their iPad and the corresponding unlocking
| code_. No iCloud password, no SMS-2FA (not that it would help
| much in the case of a stolen iPhone), nothing else.
| great_psy wrote:
| Can you explain how this hack would work ?
|
| Would someone need to steal two of your devices ?
|
| I was under the assumption that you need to be logged in
| with touchid/faceid/pin code to get the unlock code
| lxgr wrote:
| The attack in this case would be somebody shoulder-
| surfing your PIN and grabbing your device.
|
| They then have everything they need to take over your
| iCloud account (kicking you out of it in the process by
| resetting all other devices capable of resetting it) and
| can see all your passwords stored in it, as well as use
| all of your WebAuthN passkeys.
|
| I'm not sure if having a recovery code would improve that
| situation, but I'd guess that many people don't.
| great_psy wrote:
| Ah ok, yes the shoulder surfing is definitely a problem.
|
| Hard to mitigate somebody looking over your shoulder,
| this is the case with most password managers, but I
| understand why this is a more likely scenario.
| lxgr wrote:
| In a semi-safe situation (e.g. on busy public transit or
| in a crowded place with people behind me), I do sometimes
| unlock my password manager using Face ID to access a
| website, but I'd never enter my passphrase if the
| biometric unlock fails.
|
| If somebody watches me enter my passcode and then rips
| the device out of my hands and runs off with it (assuming
| the password manager is not open), they now have access
| to most of the content on my phone, but importantly not
| the parts protected by Face ID, which includes the
| password manager.
|
| If I had used Apple's password manager instead, they'd be
| able to recover _all_ passwords (using the tactics
| described above or simply enrolling their own face in
| Face ID, which is possible using only the passcode).
| isoprophlex wrote:
| What the actual flying fuck, the apple password thing supports
| TOTP! That's great! (And a sad testament to how poorly the
| discoverability is on some ios features)
| dwaite wrote:
| Not just that, they will detect QR code images to work around
| sites which assume that TOTP is only available by scanning your
| desktop screen from your phone.
| matt-attack wrote:
| Can you provide an example website that uses this technology?
| Not sure I've ever encountered one.
| [deleted]
| Gigachad wrote:
| Uh, basically all of them? They all show a QR code and
| never show you the secret which you could copy in to your
| password manager.
| izolate wrote:
| I switched to Apple's password manager after being burned by
| Twilio Authy's inability to retrieve the 2FA setup codes. I wish
| they had made this lock-in more clear.
|
| Overall I'm happy with my decision. I'm now even using Safari
| over Chrome full-time because it has the benefits 2FA autofill.
|
| Only thing missing is a dedicated app, but I have Apple Shortcut
| that works well enough in the meantime.
| mperham wrote:
| It seems apparent that Apple are investing in Passkeys as the
| future and passwords are legacy infrastructure in a sense.
|
| https://developer.apple.com/documentation/authenticationserv...
| hnrodey wrote:
| I tried going all-in on using iCloud Keychain (correct term?) for
| my passwords from having previously used LastPass.
|
| In short.
|
| 1. The experience on Windows is terrible. They can claim it's
| cross-platform but it's truly a sub-par product.
|
| 2. On Mac it's tied specifically to Safari. I use Safari a lot
| but if I'm in a different browser then my passwords are
| unavailable.
|
| 3. The GUI is buried in System Settings. Heaven forbid you need
| search it's only a simple 37 clicks away!
|
| I think those were my big complaints. If you are 100% Mac then
| it's a good product. Going outside of the walled Apple garden
| leaves a lot to be desired.
| grammers wrote:
| Sounds like vendor lockin is the aim here, not being fully
| cross-platform without any hassle.
| baby wrote:
| I use chrome to manage passwords on all my devices, it works
| well except for apps. When I'm trying to get a password for an
| app in iOS, I just switch to chrome to get the password. Same
| if my password was from registering from an app and I'm in
| Chrome. Rinse and repeat and now my passwords are in both
| password managers.
|
| As for TOTP, if I lose my phone I don't know what will happen.
| manigandham wrote:
| Settings > Passwords > Password Options > AutoFill Passwords
| + Allow Filling From Chrome
|
| Most apps can use passwords from Chrome just fine, and you
| can also quickly open the native passwords window when
| encountering a password field using the key icon.
|
| For TOTP, use apps like Authy which can be installed and used
| from multiple devices.
| gameshot911 wrote:
| Awesome - thanks for sharing!
| [deleted]
| notlukesky wrote:
| [dead]
| mcculley wrote:
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| I just learned that this GUI exists. I have been using
| /System/Applications/Utilities/Keychain Access.app for years to
| deal with passwords.
| alexjm wrote:
| Same. And now I'm trying to figure out if there's any
| advantage to using the UI in System Settings instead of the
| app I already know.
| Mandatum wrote:
| Me too. Now to try and figure out if I can create a Macro to
| launch this.
| waboremo wrote:
| Funny situation, there's another thread I was replying to
| someone who wanted to shift back to native apps instead of
| cross plat electron apps (for performance reasons).
|
| Well, Apple Passwords on Windows is a good example of how that
| turns out in reality. I believe it's using WinUI. While the
| performance is nice, the experience is entirely unlike what you
| get on Mac and winds up making you wish you were using another
| service entirely.
| steve1977 wrote:
| Apple had (has?) Cocoa ported on Windows actually, so
| whatever they could so on macOS, they could do on Windows as
| well. Cocoa as such _is_ cross-platform.
| marvel_boy wrote:
| Any link to the port of Cooca to Windows?
| PlutoIsAPlanet wrote:
| Looking at the Apple Music app for Windows quickly, it
| does appear Apple has done some porting of their APIs to
| Windows.
|
| https://i.imgur.com/tdr6XTO.png
| simongray wrote:
| https://forum.winworldpc.com/uploads/editor/82/fnzv4nysse
| mk....
| mattl wrote:
| It was a product briefly. OPENSTEP Enterprise. There was
| talk of selling licenses to distribute but that never
| happened
| Karellen wrote:
| > Apple Passwords on Windows is a good example [...] the
| experience is entirely unlike what you get on Mac
|
| If you were a Windows user, why would you want an app that
| acts like a Mac app? Surely the benefit of having a dedicated
| Windows app is that the experience should be like other
| _Windows_ apps.
| waboremo wrote:
| You're not really thinking about it as a "mac app", but
| rather "the service". You expect it to act like the service
| you use on other platforms with all the features you rely
| on.
|
| If I'm using Spotify, I don't think "oh this doesn't use
| windows navigation component from winUI", I immediately
| know where the genre categories are because I've already
| used it on android or linux and expect it to be there. I
| know exactly how to add a song to my library, to shift
| around playlists, to manage folders, everything is as I
| learned it on [other platform].
|
| Design development becomes this duplicated burden where
| every feature now has to go through the ringer twice (or
| more) to fit native components for their respective
| platforms. When you hit limitations on those native
| components, you're now having to make the decision to
| either hold back the feature entirely, or create fragile
| workarounds.
|
| In an alternate timeline native components would have had
| far greater appeal, where people actually hate and boycott
| apps designed otherwise. But we don't. Even on iOS or mac,
| people regularly rely on apps that only vaguely interpret
| their native components. The situation is even worse on
| windows past 7, where the idea of a "windows app" is so
| jumbled there is nothing to "expect" from the experience -
| which is actually part of why I think these unified app
| designs have really taken off.
| oneeyedpigeon wrote:
| > If I'm using Spotify, I don't think "oh this doesn't
| use windows navigation component from winUI"
|
| We're either very different people or we have different
| use cases :) It _immediately_ feels jarring to me to be
| using macOS and suddenly presented with a non-native UI.
| But I only ever use macOS on the desktop, so I don 't
| have this cross-platform issue. What I find strange is, I
| would have thought that was the 99% common case -- it
| seems strange to me to optimise for individuals using
| multiple OSes rather than multiple apps on one OS.
|
| > Design development becomes this duplicated burden
|
| That sounds like an OS flaw if true. Of course, I accept
| that _some_ design will be necessary, even with the
| finest SDKs available to humanity, but it should be _so_
| burdensome that going non-native is seen as the solution.
|
| > Even on iOS or mac, people regularly rely on apps that
| only vaguely interpret their native components.
|
| You're totally right. Every now and again, I say to
| myself "I really must use Safari for the 'more native'
| experience", but I always come running straight back to
| Chrome again.
|
| > The situation is even worse on windows
|
| This was one of the things I liked best about macOS when
| I first migrated -- everything was so consistent, things
| didn't visually clash, etc. I still get the impression
| it's better on macOS, but heck, it's definitely not as
| good as it used to be.
| porcoda wrote:
| This has been the story of Apple apps outside MacOS forever:
| they appear to always do the absolute minimum to claim
| support, and you end up with a super clunky windows app that
| is terrible.
|
| I doubt they'd do much better using electron: I think their
| development model is that if it isn't on one of their
| platforms, they pump out a minimum-effort, low quality app.
| I'd guess that electron ones would be just as clunky, except
| with a significantly higher memory and CPU footprint.
| waboremo wrote:
| That hasn't really been true. Apple supported iTunes and
| Safari which were great options on Windows. Not just "I'm
| already an Apple fan so I have to use it", but actively
| deciding to use them.
|
| The root of the problem for Apple is that they cannot get
| away with doing what they used to in the past, they already
| have a plethora of platforms within their own umbrella to
| support, adding Windows native to the mix seems to result
| in maybe a handful of developers taking on enormous burdens
| by trying to catch up to their expected Mac apps.
|
| If Apple were to seriously put its weight behind a cross-
| platform toolkit, this might change, especially as they
| want their services to grow. It's the very reason why their
| main service competitors can even compete.
|
| But I agree that if they were to suddenly switch to
| Electron without a care it wouldn't turn out well, but
| likely have a better end user experience than their current
| reveals.
| paulryanrogers wrote:
| So SwiftUI for Windows?
| waboremo wrote:
| Would be very interesting!
| darzu wrote:
| My biggest complaint is that it doesn't keep a history! One
| misclicked "remember password" at the wrong moment (safari
| plugin often guesses password fields wrong) and you've just
| locked yourself out of your bank account. Literally happened to
| me.
| tiffanyh wrote:
| Apple has to tread lightly on not have too robust of
| capabilities, especially for non-Apple ecosystem, since it
| might be consider anti-competitive.
|
| (e.g. Netscape vs Microsoft Internet Explorer)
|
| EDIT: why the downvotes without a reply? If you don't agree,
| why not just respond why so that a health dialogue can occur.
| kolanos wrote:
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| Safari > Preferences > Passwords
|
| Would love to have iCloud Keychain in other browsers, though.
| reaperducer wrote:
| _I use Safari a lot but if I 'm in a different browser then my
| passwords are unavailable._
|
| No, it's not. I alternate between Safari, Firefox, and Duck. If
| a password I use in Safari isn't stored in Firefox, I copy it
| from the Keychain program and paste it into Firefox. Firefox
| then asks to save it. No problem.
|
| _The GUI is buried in System Settings._
|
| It has its own program. /Applications/Utilities/Keychain Access
| howinteresting wrote:
| Your workflow is significantly worse than the experience I
| get with 1password.
| NavinF wrote:
| > I copy it from the Keychain program and paste it into
| Firefox
|
| Woah that's the same way I used password managers 10 years
| ago. Even back then it was considered barbaric. I had no idea
| people still lived like that.
| reaperducer wrote:
| I never stated that it was good.
|
| The previous commenter said passwords were "unavailable"
| outside of Safari. I merely demonstrated that his statement
| was false.
| JustSomeNobody wrote:
| That's all by design. They want you 100% on Apple products to
| get the full experience.
| yamtaddle wrote:
| > 1. The experience on Windows is terrible. They can claim it's
| cross-platform but it's truly a sub-par product.
|
| Like a lot of other Apple stuff, I'm only able to use it
| because I don't use anything non-Apple for anything "serious"
| that involves a GUI. Windows is for gaming, Linux is my file
| storage and docker-service-running server that I only interact
| with over SSH and Web. Ditto Notes, all their Office-type
| programs, et c. I'd probably be on a lot more Google shit if I
| needed more cross-platform access to that stuff.
|
| > 2. On Mac it's tied specifically to Safari. I use Safari a
| lot but if I'm in a different browser then my passwords are
| unavailable.
|
| Yeah, this is super fucking weird. You'd think this would be
| connected in some fashion to "keychain", but nope.
|
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| IDGAF about clicks because I search my way to everything in
| Apple's settings--what does bother me is that they've made
| search worse in the last couple versions of iOS, and that if I
| type "pass" in search, "Passwords" _isn 't even visible on the
| list_ yet. I can get all the way to "password" and it's still
| the _fourth_ entry. The fucking _name of the screen_ is
| "passwords"! I shouldn't have to get farther than "pas" for it
| to be the first entry on the list, "pass" in the worst-case!
| Even fully typing "passwords" still leaves it as the _second_
| entry (of three) on my device. WTF.
| johnwalkr wrote:
| I use windows almost only for gaming (and CAD) too, and I've
| found that recently that the webapps, especially music and
| notes are good enough, and icloud drive and photos
| integration to windows actually work well.
|
| But yes, passwords is annoying. You can use them on chrome on
| windows but not on MacOS, and on Windows it doesn't work on
| anything but chrome. Speaking of gaming, game launchers on
| windows can't get passwords from Apple and also seem to log
| me out all the time, so I have to revert to using my phone to
| see my password and manually type it in.
| klodolph wrote:
| > Yeah, this is super fucking weird. You'd think this would
| be connected in some fashion to "keychain", but nope.
|
| Other browsers used to be able to use it. I do think it's a
| really thorny issue--"allow this application to access all
| saved passwords?" is a pretty damn scary permission to
| include. Up there with the "allow this application to control
| your computer" permission that is used for accessibility apps
| (which apps can abuse to read passwords, if I understand
| correctly).
|
| Apple's tradition. Make the platform more secure, add an
| exception for first-party apps, and let the other browsers
| fuck off.
| tim333 wrote:
| Something could pop up saying "Fill password for HSBC
| Bank?" or similar and you click one button.
| musicale wrote:
| > allow this application to access all saved passwords
|
| I'd like to see finer granularity, perhaps multiple web
| password vaults and a mechanism to allow certain browsers
| to use certain vaults.
|
| It might also be nice to specify which passwords could be
| accessed with which kind of authentication. Unfortunately
| the current system password dialog is easily spoofable - it
| really looks like a questionable javascript popup.
| OsintOtter69 wrote:
| >allow this application to kidnap you and have your mouth
| sewn to an asians mans ass
| dan-robertson wrote:
| Yeah, I a think other browsers want to be able to test
| whether there is a saved password or not, and get the
| corresponding username, which is quite a big permission to
| give away. For actually filling in the password they could
| maybe offer a pop up where the user must authorise the app
| using biometrics or some other OS-level action. That's
| already the experience with safari.
| keyle wrote:
| >> 2. On Mac it's tied specifically to Safari. I use Safari a
| lot but if I'm in a different browser then my passwords are
| unavailable.
|
| > Yeah, this is super fucking weird. You'd think this would
| be connected in some fashion to "keychain", but nope
|
| No it's not. I don't want some exotic product connect to a
| domain I have passwords in and prompting me for access. The
| password should be tied to the product you used to login
| with.
|
| This is a misunderstanding of keychain vs. lastpass. One is
| designed to remember "safari passwords" or any swift/cocoa
| application implementing keychain. One key feature is: once
| stored in Keychain this information is only available to your
| app, other apps can't see it.
|
| Lastpass and other similar products are designed as a data
| warehouse / vault for you security items. From there, plugins
| in browsers etc. can take over.
|
| I will totally agree with the fact that the GUI is
| frustrating at best.
| knodi123 wrote:
| > The fucking name of the screen is "passwords"! I shouldn't
| have to get farther than "pas" for it to be the first entry
| on the list, "pass" in the worst-case!
|
| Weird. "pas" and it was top of the list for me.
| amluto wrote:
| In Spotlight, I need "passw" to see it. In the actual
| Settings search, I also need "passw", and that only gets it
| to #5 in the list.
|
| Also, Spotlight is bizarrely slow finding even local apps
| and things like Passwords. WTF
| eastbound wrote:
| Did you tell it to ignore most local files?
| rrsmtz wrote:
| Wow! Just discovered the Spotlight customization and it
| is so much faster and more useful when you remove certain
| locations and turn off definitions and Siri suggestions.
| ajmurmann wrote:
| "If you are 100% Mac then it's a good product."
|
| I use 100% ma except for gaming. However, I use other browsers
| as well, so the coupling to Safari is a deal breaker.
| zitterbewegung wrote:
| You can make a shortcut that opens passwords.
| [deleted]
| spullara wrote:
| You just run the Keychain Access app on a Mac.
| howinteresting wrote:
| It's not just a good product if you're 100% Apple, it's only a
| good product if you're 100% Apple _and are willing to accept a
| great deal of friction if Apple 's direction no longer suits
| you in the future_. It's a version of what some people call
| "high time preference".
|
| Personally, I was taught to care about the future.
| dwaite wrote:
| They have an export-to-CSV feature. That takes a lot of the
| worry out of hypothetical futures.
| howinteresting wrote:
| Still adds a great deal of friction and makes it harder to,
| say, experiment with an Android phone or a Linux desktop
| for a month. Compare that to 1password which just works.
| jrochkind1 wrote:
| OP is suggesting it's a terrible UI on iOS and Mac too, and one
| of their principle complaints is your #3.
|
| So OP disagree that it's even a good product if you are 100%
| Mac, but are suggesting the functionality is all there, it just
| needs an actually designed UI/UX.
|
| And/But your #2 sounds pretty terrible to me too!
|
| It does not sound like a good product at all.
| maliker wrote:
| I ended up writing an AppleScript to open the Safari passwords
| dialog because I got sick of hunting for the proper dialog. If
| you save it as passwords.command and make it executable it'll
| open the window right up. But yeah, it's a kludge.
| #!/usr/bin/osascript tell application "Safari"
| activate end tell tell application "System Events"
| keystroke "," using {command down} set pass_button to
| (button "Passwords" of toolbar 1 of window 1 of application
| process "Safari") click pass_button end tell
| robotresearcher wrote:
| > 3. The GUI is buried in System Settings. Heaven forbid you
| need search it's only a simple 37 clicks away!
|
| On Mac, at any time, type: command-space passw <return>
|
| On iOS tap <search> on any home screen, type passw, tap
| suggested result
| mitemte wrote:
| Better yet, using the Shortcuts app for iOS, create a
| shortcut that opens a URL with `prefs:root=PASSWORDS` in
| Safari.
|
| For macOS, you can make the same shortcut open `/Library/Appl
| e/System/Library/CoreServices/SafariSupport.bundle/Contents/P
| referencePanes/Passwords.prefPane`.
|
| A single shortcut can be used to accomplish this, using the
| OS check and an `if` condition.
|
| Then add the shortcut to the home screen as an icon and it'll
| also show up in Spotlight search.
| voytec wrote:
| _Rebuilding Spotlight index..._
| bonestamp2 wrote:
| These are great tips for power users, I love it!
|
| That said, this also proves that for non-power users: it
| needs an app and it needs integration with other browsers if
| it wants to be as easy to use (for most people) as the
| popular password managers.
| yamtaddle wrote:
| On iOS, my _only_ password manager I 've _ever_ used is the
| built-in Apple one.
|
| I just tapped the "search" field on the home screen, and
| typed "passw".
|
| "Top Hit": A store link to the LastPass password manager
| (which I do not and have never used--the button has the text
| "get", it's not installed and doesn't have the cloud-icon for
| previously-installed apps)
|
| From there, it's three suggested Siri web searches:
| "passwords", "password manager", and "password generator"
|
| Then two safari-iconed links (I assume these would search
| with my default search engine in safari?): "passwords on
| iphone" and "passew"
|
| Searching inside the "settings" app is only marginally
| better. It's all much, much worse than it was a few iOS
| releases ago.
| kenver wrote:
| A shortcut helps
|
| https://www.icloud.com/shortcuts/71fea01c333341878e4355df52c.
| ..
| toxik wrote:
| No results for "passw"
| throwaway290 wrote:
| I write "keychain" usually, it appears after "key" already.
| shagie wrote:
| I've pinned Keychain Access in my tool bar. Finder,
| System settings, Keychain - right at the top.
| AdmiralAsshat wrote:
| > If you are 100% Mac then it's a good product. Going outside
| of the walled Apple garden leaves a lot to be desired.
|
| I think Apple would consider this "working as designed."
| OsintOtter69 wrote:
| gigachad MacOs enjoyer
| asciii wrote:
| > I think Apple would consider this "working as designed."
|
| _Incoming_ iTunes Password Manager, next event :P
| lozenge wrote:
| With passkeys, now every platform can enjoy this level of
| lock in!
| warning26 wrote:
| Yeah, that's why I'd never touch passkeys. It feels like
| you're basically locking yourself into a weird ecosystem
| that you'll never be able to escape from.
| stouset wrote:
| This is kind of silly.
|
| If you're using hardware 2FA, you should _absolutely_
| have backups. I 've used YubiKeys for years and have one
| in my laptop, one on a keychain, and one in a safety
| deposit box.
|
| Passkeys are _just another instance of this_. I have
| added Passkeys to all of my accounts with 2FA and it 's
| somewhat more convenient (significantly more convenient
| for mobile devices). But every account _also_ has all my
| YubiKeys attached as second factors.
|
| There is no lock-in. And while it's inconvenient and
| annoying to have to add multiple keys to every account,
| that is _already_ the reality if you 're responsibly
| using hardware second factors.
| rootusrootus wrote:
| I hope not. I'm patiently waiting on 1Password to release
| their implementation of passkeys so I can have it work on
| all my devices, Apple or not.
| stouset wrote:
| Just use Passkeys. Any account that allows 2FA allows
| multiple second factors. You should be setting up backup
| second factors anyway if you don't want to risk getting
| permanently locked out of all of your accounts.
|
| Plus, putting second factors in the same location as your
| first factor (e.g., 1Password) seems to pretty much
| defeat the entire purpose of having a second factor. If
| you're using strong passwords with 1Password, your second
| factor is basically only defending against a leak of your
| password database. If you're storing your second factor
| in that same password database, what are you gaining?
| cstrahan wrote:
| Well, with the exception of AWS, unless something has
| changed recently -- they notoriously only support one
| second factor (i.e. if you use YubiKeys or similar, you
| can only use one).
| stouset wrote:
| Yeah, AWS is the only exception I've encountered :)
|
| But if you have backup second factors ( _you have backup
| second factors, right?_ ) and you're worried about
| Passkey lock-in for whatever reason... just use that
| other second factor for AWS or any other account which
| supports only one.
| JimDabell wrote:
| You can add multiple MFA devices since November of last
| year:
|
| > Now, you can add multiple MFA devices to AWS account
| root users and AWS Identity and Access Management (IAM)
| users in your AWS accounts. This helps you to raise the
| security bar in your accounts and limit access management
| to highly privileged principals, such as root users.
| Previously, you could only have one MFA device associated
| with root users or IAM users, but now you can associate
| up to eight MFA devices of the currently supported types
| with root users and IAM users.
|
| -- https://aws.amazon.com/blogs/security/you-can-now-
| assign-mul...
| jorvi wrote:
| Isn't the whole point of Passkeys that you can't ever
| lose them, since they're tied to your biometrics..
| stouset wrote:
| They're not tied to your biometrics. They're stored
| inside the TPM of your device, which is _unlocked_ by
| some form of biometrics.
|
| But if you lose all the devices with your passkeys on
| them, they are gone for good.
| zarzavat wrote:
| I'm super curious what a backup second factor is for the
| average user who has only one device: a phone, that
| sometimes gets lost or is stolen.
|
| Feels like these things are designed by Californians with
| no idea of how the world is.
| stouset wrote:
| If you're in this category, your alternative to Passkeys
| _at all_ is SMS or no 2FA whatsoever. Enabling Passkeys
| does at least ensure that you have a minimum of two
| separate devices so you already do effectively have some
| form of backup of your second factor.
|
| My comment is targeted at someone who is savvy enough to:
| a) care about having "real" 2FA, and b) is concerned
| about lock-in, and c) is extremely sensitive to being
| locked out. For someone like that, you're _already buying
| YubiKeys_ or some equivalent. And if you don 't already
| have some, you're never prevented from using them later.
| howinteresting wrote:
| > Plus, putting second factors in the same location as
| your first factor (e.g., 1Password) seems to pretty much
| defeat the entire purpose of having a second factor.
|
| Not quite! 1password itself counts as two factors:
| something you know (the master password), and something
| you have (the additional secret key).
|
| Passkeys in 1password would eliminate phishing as a
| problem.
| stavros wrote:
| Yep, same with BitWarden. That would be fantastic.
| WWLink wrote:
| > I think Apple would consider this "working as designed."
|
| Punishing us geeks who like using multiple different kinds of
| OS on their phones and computers. :(
| michael1999 wrote:
| A limited GUI is also available within Safari on desktop. It is
| a tab under Preferences. It makes working in Chrome bearable.
|
| Agree the UI is terrible in iOS.
| Schiendelman wrote:
| On 3, at least: Apple assumes you'll use search on device. If
| so, it's: 1) Swipe down 2) Type "p" 3) tap autocomplete result
| in "settings" group.
| airstrike wrote:
| But if you search on Mac using spotlight you need to type
| "keychain" smfh my head
| sagarkamat wrote:
| Agree on most of this but Keychain Access IS a standalone app
| on the mac so slightly confused about the comment about it
| being buried in System settings. Its still a pain to go to the
| app and copy a password for non-Safari browsers though.
| leesalminen wrote:
| I just do cmd+space -> type "pass" -> Return -> fingerprint.
| That gets me to my iCloud Keychain. I used to use Keychain
| Access but like the UI of the Passwords tab of Settings more.
| maccard wrote:
| I use 1password. cmd + shift + space opens a spotlight-like
| dialog for 1password. First access requires a fingerprint.
|
| It also works on Windows!
| wmeredith wrote:
| > If you are 100% Mac then it's a good product. Going outside
| of the walled Apple garden leaves a lot to be desired.
|
| This has been the Apple way since the 1980's
| OsintOtter69 wrote:
| Last pass had a major incident recently iirc.
| palata wrote:
| I moved to Bitwarden right after it, and I can't believe how
| much better it is in terms of UX \o/. I whish I had made the
| move years earlier.
| hot_gril wrote:
| 4. New passwords overwrite old ones. Easy to accidentally lose
| passwords in slightly odd situations like logging into an
| account whose password you just reset.
|
| But I like it overall. Even though I use multiple browsers, I
| don't mind treating Keychain as the master DB and occasionally
| copying passwords out of it. Part of this is because I use
| Safari exclusively for the extra important things like my bank.
| Euphorbium wrote:
| 2. Dont know what you are talking about, I use brave and get my
| passwords filled in from keychain. 3. Cmd-space keychain opens
| up keychain
| hnrodey wrote:
| Thank you for sharing that. I was not aware. I will try this
| tonight!
| fitzroy wrote:
| I use this Menubar short cut for Passwords, so it's only 2
| clicks and fingerprint away.
|
| https://www.icloud.com/shortcuts/22133925f3e34579b22951d6593...
| nailer wrote:
| I was about to say the same thing: Apple has a password
| manager? I'd consider Apple Passwords to be less than half a
| password manager.
| X-Istence wrote:
| > I use Safari a lot but if I'm in a different browser then my
| passwords are unavailable.
|
| Chrome used to be tied into Keychain but they went their own
| way a long time ago, which is a damn shame.
| vanilla_nut wrote:
| I believe Apple only lets you use certain APIs (like
| Keychain) if you distribute only through the App Store.
|
| That policy has really killed a lot of functionality on
| macOS. I suspect it will cause fiction on iOS when the EU
| forces them to allow alternative install sources.
|
| Personally, it grates me when Apple cripples functionality
| this way to try to keep us stuck in their platform. Can't use
| Firefox with Keychain. You can only view your current Apple
| Card balance on an iOS device -- not even a macOS device. At
| the end of the day, I hate being manipulated so much that it
| actually pushes me _away_ from the platform to see this
| scummy behavior.
| someNameIG wrote:
| Is there a reason Chrome, Edge, and Firefox aren't on the
| Mac app store? I know the yearly dev account costs can be
| an issue for small developers but Google, Microsoft, and
| Mozilla are already paying that as they release apps on the
| iOS App Store.
| [deleted]
| bobbylarrybobby wrote:
| If I had to guess, the review process would just be a
| hindrance to them for nearly no benefit (is there
| anything besides the keychain API that would entice
| them?).
| JPws_Prntr_Fngr wrote:
| I will always regret being _just slightly too late_ to
| enjoy Apple 's golden era. When, yes, using an iPod meant
| locking into iTunes, but at least you didn't have Tim Cook
| nagging his captured audience into signing up for Apple
| Music Subscription Plus - Now for Families!
| smaccona wrote:
| I guess they want compatibility/password sharing between
| Chrome on Mac, Windows and Linux, which I can understand.
| whstl wrote:
| There seems to be a Google Chrome extension called "iCloud
| Passwords" but it only has two stars, so I don't think you'll
| be positively surprised.
|
| Also, on iPhone it's ok-ish but on Mac the experience is a
| subpar too: Keychain, the app you use to view your passwords,
| feels like a 90s Visual Basic application. Plus you can't
| organize your accounts, and even if you prefix them to "sort by
| name", the special name you give is lost after using it.
|
| On the other hand, I already have other Apple cloud stuff and
| kinda trust them, so I suffer through it. And other password
| managers aren't anything to write home about either to make me
| change :/
| notyourwork wrote:
| +1 to subpar on Mac. iPhone is about the only surface where
| its seamless/smooth. The rest leaves me constantly
| frustrated.
| deergomoo wrote:
| > Keychain, the app you use to view your passwords
|
| Huh, I never realised Keychain showed iCloud Passwords. I
| always just use Safari (which is inconvenient in its own way
| admittedly).
| comex wrote:
| Note that macOS now has _three_ "apps" to view your
| passwords, three different UIs for the same database. There's
| Keychain Access, there's the Passwords section of System
| Settings, and there's the Passwords section of Safari
| preferences (which is the same UI as the pre-Ventura System
| Preferences app's Passwords section).
|
| The other two have even less organization functionality than
| Keychain Access, so this probably doesn't help you, but the
| blog post was talking about the System Settings version so I
| wanted to point it out.
| kccqzy wrote:
| What's wrong with Keychain Access? It hasn't changed its
| appearance since more than a decade. That's a good thing for
| familiarity. Early Mac OS X apps have incredibly good design
| that doesn't waste space.
| 9dev wrote:
| Guess which app is ripe for a Swift UI redesign soon!
| whstl wrote:
| But it does waste a lot of space... there's a lot of
| duplication of keys (which are deduplicated in the iPhone
| app), and with other information (somehow I have hundreds
| of "com.apple.cloudd.deviceIdentifier.Production" in
| there). And I already mentioned organization fails. Plus
| it's kinda insecure as it enumerates your accounts
| exhaustively without asking for a password like
| iPhone/Safari (granted, not a problem specific to this
| app). And the interface to view the passwords is terrible.
| Old and familiar is not synonyms with "good".
|
| However now that comex pointed me to the Password in the
| "System Settings" app, I at least can use it and it's fine
| if Keychain is left as is.
| taylorlapeyre wrote:
| Apple makes a iCloud Passwords chrome extension:
| https://chrome.google.com/webstore/detail/icloud-passwords/p...
| hnrodey wrote:
| Maybe this was it...IIRC the user must also have iCloud For
| Windows installed? It's been several months since I tried
| this setup. For my personal user experience it was
| unacceptable.
| larrik wrote:
| Windows only! It doesn't work on Mac!
|
| I honestly didn't know that was possible before that
| extension.
| animal_spirits wrote:
| Chrome on mac should by default be able to work with the
| Apple password keychain
| rootusrootus wrote:
| No, Google has not implemented support for Keychain in
| Chrome. AFAIK neither has Firefox.
| aequitas wrote:
| They actually removed support for Keychain, Chrome on
| macOS used to support it in the past.
| azinman2 wrote:
| And this annoys me greatly. I want cookies, bookmarks,
| and passwords to be owned by the system. That way I can
| switch between browsers with ease, and that would also
| lower the bar for new browsers to come out.
| mattmcknight wrote:
| I switch between systems more than I switch between
| browsers.
| toxik wrote:
| I absolutely do not want this.
| danudey wrote:
| Agreed. This sounds like a nice user-friendly feature
| until you realize what a colossal privacy disaster this
| would be for any malicious app that the user grants these
| permissions to.
|
| "DerpCo Derpolizer would like to access your stored
| cookies. This allows us to automatically log into your
| DerpCo account!" and then bam, they hoover up your login
| data in an instant and send it off as part of their
| telemetry.
|
| Much better to have a system like (for example) sign in
| with Apple where you can easily click a button to have
| the system authenticate you, but no one gets access to
| anything without specifically asking for it.
| Camillo wrote:
| Meaning it ought to, but doesn't, right?
| hcurtiss wrote:
| And it's slow two star garbage.
| dwighttk wrote:
| It's not great, but the app you are looking for on macOS is
| Keychain Access
| xivzgrev wrote:
| Also, if your phone is stolen / lost and someone can guess your
| 6 digit passcode, then all your passwords are exposed.
|
| That was biggest deal killer for me.
| AdamGibbins wrote:
| Edit: Removed initial comment, confused my iOS faults.
|
| Keychain its current configuration is risky, given its coupled to
| your iPhone password which many people frequently enter in a
| public setting. One shoulder surf followed by a phone theft and
| they've unlocked everything - including your iCloud account
| (which you can change the password on using iPhone password
| only).
| buildbot wrote:
| It needs biometrics or passcode to unlock?
| Jaxan wrote:
| > you can access it when your phone is unlocked without any
| additional authentication.
|
| No you can not. On my iPhone I have to authenticate with my
| finger print or pin code again for the passwords.
| azinman2 wrote:
| If I go to system settings > password on iOS, it then requires
| Face ID to get in. So I'm not sure what you're talking about.
| Under Face ID & passcode you can also require Face ID for a
| password auto fill. So I don't think any of this is correct.
| sabin1001 wrote:
| [dead]
| simonklitj wrote:
| Are you sure? I always have to scan Face ID, whether it's to
| open the "Passwords"-section in Settings or to have it
| automatically paste a password on a website/app. How do I
| access these things without additional authentication?
| DantesKite wrote:
| I get the impression Apple doesn't want a dedicated app for
| passwords because they don't want people to think about
| passwords.
|
| It shouldn't be something people manage, hassle, or worry over.
| They likely want people to just be able to open their phones and
| have it uniquely identify them seamlessly across a variety of
| sites.
|
| Unfortunately, they're not quite there yet.
| CharlesW wrote:
| > _I get the impression Apple doesn 't want a dedicated app for
| passwords because they don't want people to think about
| passwords._
|
| I think you're right. Ventura's Passwords Settings shows that
| they're in transition away from the archaic Keychain app to
| _something_. My guess is that they 're skating to where the
| puck will be in 2025 when Passkeys are universally supported,
| and for most use cases auth will be automatic.
| ElijahLynn wrote:
| Good point, the end goal is probably some sort of biometric MFA
| solution.
| thom wrote:
| Gimme something to make family passwords easy (eliminate
| passwords!) Enable Apple ID logins for kids. Throw your weight
| around to move safety settings into some sort of open web
| standard. I've got 1Password but the daily pain of managing a
| family of users with various accounts is just too much right now
| and I would pay almost any amount of money to have a simple
| solution that I never had to think about.
| geuis wrote:
| I _really_ want to use Keychain for all of my password
| management. But nothing works.
|
| Like I'm in serious need of a highly secure cross browser/cross
| platform password solution.
|
| On my phone, everything is fine. But I use Chrome on MacOS and my
| Windows desktop. Chrome used to use Keychain on MacOS, but some
| years back Google changed the product to tie into their own user
| accounts. I refuse to sign into a browser itself just to use the
| web.
|
| The iCloud password extension for Windows (chrome/edge)
| absolutely DOES NOT WORK. I have tried getting it to work for the
| better part of a year. Finally gave up and removed the useless
| thing.
|
| I probably dumbly still trust Apple's security policies and would
| prefer to use Keychain as my fits-all-sizes security tool, but
| the combo of product incompatibilities and non-working Apple
| authored software makes it impossible.
| cglong wrote:
| I appreciate Apple adding the ability to export your passwords,
| but it's ridiculous it took until 2021 for this to happen.
| sacnoradhq wrote:
| This is unnecessary because it's a problem that's already solved.
|
| - BitWarden - for personal use, stores 2FAs and acts as an iOS
| password source. (The claimed attacks were mitigated)
|
| - Keeper - for enterprise use, stores 2FAs and acts as an iOS
| password source
|
| - Duo - for 2FA for enterprise use with backup text mechanisms.
| Edit: Duo's primary app mechanism is similar to Google Gmail
| app's mechanism of a yes/no popup to approve a 2FA request
|
| ^ The above are cross-platform and extend beyond Apple.
| Despegar wrote:
| I guess everyone is over the anti-"self-preferencing" policy push
| over the past few years and is back to normal. Sherlocking is in
| fact good.
| OCISLY wrote:
| I still miss Mozilla Lockwise.
| benatkin wrote:
| At least Firefox makes it easy to view your Firefox passwords.
| In Chrome it's nested in settings and the text box where it
| shows the password is tiny.
| rohan_ wrote:
| >(And it all syncs across your devices, for free?!)
|
| IMO the worst part about apple keychain is they can't be used
| with Chrome (the most common browser for mac!)
| apike wrote:
| I too find this frustrating, but I'm curious about the claim
| that Chrome is the most common browser on Mac. I sometimes see
| this claim, but I struggle to find any data to back it up.
|
| The US government web analytics
| (https://analytics.usa.gov/data/), which seems like a
| reasonable source for general usage in the US, show Safari
| substantially ahead of Chrome on Mac.
|
| Have you seen any sources that show Chrome ahead of Safari on
| Mac for a general audience?
| fckgw wrote:
| You can, Apple has an extension for iCloud Keychain.
|
| https://chrome.google.com/webstore/detail/icloud-passwords/p...
| rohan_ wrote:
| Windows only
| snowwrestler wrote:
| > iCloud Passwords is a Chrome extension for Windows users...
| sargun wrote:
| I believe this is as much on the Chrome side as it is on the
| Apple side:
| https://bugs.chromium.org/p/chromium/issues/detail?id=312105
|
| Chrome could access those natively on Mac, or use the keychain
| as the native backing store, from what I can tell.
| mattkevan wrote:
| I've always used Keychain Access to view/manage passwords. If
| they cleaned up the UI a bit it'd do pretty much exactly what
| Cabel is talking about here.
| teeeg wrote:
| i would prefer icloud keychain allows an alternative password - i
| refrain from adding some credentials to the keychain since my
| passcode is easy to steal?
| isleyaardvark wrote:
| Reading other comments in this thread and I feel like I am
| taking crazy pills. There was a big article that I thought a
| lot of people had read and would realize having passwords saved
| under an iCloud account is a recipe for disaster, since only a
| phone passcode is necessary to gain full control of an iCloud
| account.
|
| https://news.ycombinator.com/item?id=34984821
| thiht wrote:
| I'd never use a password manager built by Apple for the same
| reason I don't use Chrome's password manager or Firefox's
| password manager. All these passwords managers have strong
| incentives for "working best on <platform>(tm)". I want a
| password manager independent from any platform like Bitwarden or
| 1Password, because it's actually valuable for THEM to target all
| the platforms they can.
| kernal wrote:
| Setting up TOTP on an iPhone. I had no idea it could do this.
|
| https://support.apple.com/en-ca/guide/iphone/ipha6173c19f/io...
| abraxas wrote:
| If Apple password manager is anywhere as well thought out as
| their 2FA for Apple TV then I don't want to come next to it
| within 10 light years.
|
| Every time it asked me to either "confirm on your iPad" (I have 3
| of those around the house) or "confirm on your iPhone" (I have 0
| of those) I was ready to hurl shit. SMS option buried in some
| dark pattern, of course.
|
| If these companies want to encroach in the secrets management
| space they really need to hire more qa and test more than a
| single happy path. The number of failure modes in these systems
| is astonishing for the billions of dollars these companies can
| throw at the problem.
| Tepix wrote:
| I suggest you move to Ross 248, which is a mere 10.3 light-
| years away. However, 32000 years from now it will be the
| closest star to our sun at 3.024 light-years so keep that in
| mind!
| twobitshifter wrote:
| I think there's a setting for that in setup. Is your problem
| that Apple thinks you have a iPhone or that you have to
| interact with the tv on a second device?
|
| As with all things apple when you buy in you get the best
| experience. That feature on AppleTV works really well with an
| Apple Watch.
| capableweb wrote:
| Which really sucks and puts you off from getting more Apple
| devices if you're a person who slowly buys into the ecosystem
| rather than go all-in without testing things.
|
| Personally, I was a fan of Apple laptops between something
| like 2010 - 2015, but after that I just couldn't deal with it
| anymore, as I had a Android phone and nothing else Apple.
|
| Fast forward to 2019, Apple finally releases a phone that
| fits in my tiny hands, so I get a iPhone 12 Mini, thinking
| that the CarPlay experience will be loads better than Android
| Auto on a measly Moto G.
|
| But holy smokes if I wasn't wrong, CarPlay is a UX disaster
| and I can't wait for the iPhone to break somehow or get too
| slow because of OS upgrades, so I can justify buying a new
| phone again.
|
| Just the simple fact that a phone calls covers the entire
| screen (which I use for GPS) seems like such a simple use
| case that they somehow missed, that I just wanna bin the
| entire system and I'll never buy Apple hardware for daily use
| again.
|
| I still have to use Apple laptops for software I release, but
| every time, I'm reminded how great the UX used to be, but how
| far they have fallen. Really sad to see. Windows is no better
| either, each version gets worse and worse...
| teabee89 wrote:
| I will tell my family to use iCloud Keychain the day when it
| works across all major browsers and OSes. Or at least that they
| provide an API to sync with other password managers.
| twobitshifter wrote:
| Anyone know how to use Microsoft otp with another app?
| galad87 wrote:
| They already have an app, Keychain Access, but for weird reasons
| they integrated the new features into System Setting instead of
| expanding the existing app.
| waboremo wrote:
| Fully in agreement here, getting people used to Apple Passwords
| can be a task purely because it's stuffed into settings.
|
| Would like to see them in the process of transitioning it away
| from settings, also include the ability to change the name of the
| entries. Multiple URLs per login would be great too (or even a
| linking of separate entries). Think these are the biggest things
| keeping many general users still relying on the likes of
| 1Password/Bitwarden, which is where I disagree with the writer
| here, I think third party password tools should be replaced by
| sane defaults as soon as possible outside of niche cases.
| sholladay wrote:
| I don't personally care much whether Passwords is in Settings or
| a separate app. But I do have one problem with it. As far as I
| can tell, you must save a password for a site in order to use the
| TOTP 2FA feature. I don't want my device filling in passwords for
| me because it defeats the purpose of a password being "something
| I know". The 2FA code is more like "something I have" and I'm
| okay with the device filling that in, but not the password.
|
| There doesn't currently seem to be a way to set up only the 2FA
| code for a site.
| shortcake27 wrote:
| The "something you know" is your devices
| pincode/passcode/iCloud password, not the password to the
| website. If you know the password to a website it means you're
| reusing passwords or using a pattern to generate passwords,
| both of which are less secure than randomly generated passwords
| (especially the former).
|
| Of course, nothing is stopping you from saving a bogus password
| either.
| sholladay wrote:
| I don't buy it. Complex, random passwords are great against
| brute force attacks but that's not usually how these things
| play out.
|
| Many password breaches are caused by technical lapses on the
| part of a platform, where password complexity often becomes
| irrelevant. Your password gets hovered up along with everyone
| else's and eventually gets decrypted, and tried en masse
| against other platforms. In this scenario, even a simple
| pattern for passwords is probably enough to prevent the
| problem from spreading, as long as it's not too obvious.
|
| The other way passwords often get compromised is from someone
| looking over your shoulder or key logging, infrared on PIN
| pads, etc. In this scenario, your system is WAY, WAY worse,
| since one password unlocks the kingdom, and that password is
| frequently being used.
|
| As it stands, if someone peeks over my shoulder and discovers
| my phone password, then steals my phone, it's damaging but
| not game over. They can't access any websites.
|
| If I allow my phone password to be the only gatekeeper to
| access everything, IMO that's lousy security.
| muhammadusman wrote:
| I resisted using 1Password for a long time but then once I got
| into the 1P world, it was better than all the alternatives.
| LastPass is unsafe, Dashlane has subpar experience, and all the
| proprietary ones are missing tons of features.
|
| Chrome, Firefox, Apple, I'm sure Windows too, have all their own
| password managers and all of them are hard to use and expect you
| to only have devices in their ecosystem.
|
| 1Password is worth every penny for how well they've kept up with
| updating their apps and their prevalence on all platforms. And
| the 2FA integration is great too!
| sabin1001 wrote:
| [dead]
| dwheeler wrote:
| > And it all syncs across your devices, for free?!
|
| Really? My Linux devices? Android? Windows? I don't think so.
|
| I recommend considering one of the _most_ important features of a
| password manager is that it doesn 't force you to use a single
| manufacturer's products forever. Even if you swear undying fealty
| to Apple (or anyone else) today, you might change your mind in
| the future. 1Password, Bitwarden, and others allow me to switch
| PC manufacturer, phone manufacturer, browser, and so on.
|
| I can't tell you how many people used to think "Internet Explorer
| is popular, it'll always be the one and only browser". That did
| not end well.
| geocar wrote:
| > Even if you swear undying fealty to Apple (or anyone else)
| today, you might change your mind in the future.
|
| Changing my mind is easy enough: I can export my iCloud
| passwords to a csv file, and I've done this to transfer a bunch
| of passwords to Firefox Linux desktop.
|
| I'll tell you something though: If Bitwarden leaked passwords
| nothing would happen because America has very weak consumer
| protections, but if Google or Apple leaked passwords, they'd be
| hit in every EU member state for GDPR.
|
| Some of these things are outside of my control, and using a
| password manager is too useful that I think it's worth a little
| risk, but I can't justify trusting any company unless they've
| got some skin in the game, and Bitwarden specifically wants to
| disclaim all liabilities? AgileBits thankfully is in Canada and
| you can at least sue them for what you've paid them in six
| months, but I personally have passwords more important than
| that. Surely there's someone else you could recommend?
| dwheeler wrote:
| LastPass' entire business model was about protecting
| passwords, and passwords still got leaked. Most prople want
| security, not "ability to sue" which is not at all the same
| thing.
| error503 wrote:
| Self-host vaultwarden at the cloud provider of your choice?
| monocularvision wrote:
| Am I the only person on Earth that needs sharing of passwords
| among my family? Any time folks bring up password solutions, they
| are always missing this requirement for me.
|
| 1Password is a life-saver in this regards. All my kids have their
| own vaults but for the little ones I have them use a shared vault
| between my wife and me so we have access to their passwords. I
| can also easily share passwords for services like Netflix so the
| kids don't have to bug me.
|
| It has been great for teaching kids about password hygiene (what
| makes for a good password) and management (don't reuse
| passwords!).
|
| And it being cross-platform is great for my older kids with
| gaming PCs.
| ellisv wrote:
| I agree that is one of the big issues with keychain. You _can_
| share keychain items with people but it is awkward.
| jtbayly wrote:
| Are you referring to Airdrop password and passkey sharing?[1]
| That's the only way I can find other than manual copy/paste.
|
| Also, I very much doubt if I later change the password I
| shared via Airdrop that it will update on the other person's
| device... which is half the point.
|
| [1]: https://support.apple.com/guide/iphone/share-passkeys-
| passwo...
| probablynish wrote:
| Bitwarden lets you do this with an 'Organization'. Free to
| share things between two accounts, looks like $40/yr to share
| between up to 6 users.
| whalesalad wrote:
| A 1pass team w/ my wife was a huge level-up.
| elbigbad wrote:
| Same, anytime the family creates a new account that everyone
| else should have access to (utilities, streaming services,
| bank information, pass codes, etc) we just create it in the
| shared vault. It's a game changer.
| Hamuko wrote:
| > _Am I the only person on Earth that needs sharing of
| passwords among my family?_
|
| I needed to share my Netflix password back in the day. My
| random alphanumerical 32-character password with special
| characters drove my family up the wall though. But in general,
| passwords are for personal use only.
| cmnt wrote:
| It's incredible how Apple make it's users happy to lock-in in
| their eco-system. I don't really know Apple eco-system but it
| seems weird to migrate from tierce app (already well integrated)
| like Bitwarden to keychain. I've lost count of the people who
| have switched from their Music App to Apple Music for no reason
| other than "it's Apple". Apple make good hardware and their eco-
| system seem amazing too, but people should see the advantages to
| be not entirely depedent from a company.
| deergomoo wrote:
| > but people should see the advantages to be not entirely
| depedent from a company
|
| I think you're overestimating how much the average person
| thinks or cares about their computing platforms. They want
| something that works and gets out of the way, and to that end
| having everything come from one company is a feature, not a
| bug.
|
| I mean I consider myself a power user and I still use iCloud
| Keychain purely because I was already using Safari when it
| launched, so it already had all my passwords. I recognise the
| advantages of third-party offerings, but to me they're not
| enough to bother moving all my stuff over.
|
| Similarly I still use a third-party 2FA app because I was using
| it before Apple added it into iCloud Keychain (and also because
| the third-party app has an Apple Watch app and I've grown
| accustomed to reading the codes off my wrist).
| defulmere wrote:
| Every time I see a question like "Why doesn't Apple build $THIS?"
| I assume the answer is "because they'll make more money selling
| 3rd-party $THIS in the app store".
| culturestate wrote:
| _> I assume the answer is "because they'll make more money
| selling 3rd-party $THIS in the app store"_
|
| Apple has a long and storied history of doing almost exactly
| the opposite - any sufficiently popular third-party utility
| either gets bought and integrated (eg Workflow, Dark Sky) or
| Sherlocked (eg f.lux, Watson).
|
| Apple takes a _very_ long-term view of revenue generation, and
| the App Store commissions from $random_app are _way_ less
| valuable to Apple than the LTV of a customer who's locked into
| buying Macs and iPads because of Apple's proprietary version of
| $random_app.
| elsurudo wrote:
| I use Keychain Access app, but admittedly the UX there is
| terrible. I wish it was nicer, and also integrated with browsers
| other than Safari.
| tacker2000 wrote:
| The worst thing is when I register a new password to a website on
| my Mac on Firefox and then want to login to the site on my
| iPhone. I literally have to type the (complicated) password again
| so that it gets saved in Keychain.
|
| Why wont Keychain allow Firefox sync? This seems like an
| extremely common use case.
| richardw wrote:
| You should see the horror that is changing your country and phone
| number. I spent weeks hunting around the phone to stop weird
| things from happening. You would think Apple were smart enough to
| say "it looks like you've changed details. Can I update the
| plethora of places I use your number?"
| r0m4n0 wrote:
| I think a few problems imho:
|
| 1)they don't do cross platform software well so they would never
| make a windows app, chrome extension, android integration etc.
| It's either all or nothing which I would never buy into (even as
| an iPhone and mbp user)
|
| 2) there are actually a ton of use cases here that make the
| software actually very complex and high stakes. I'd wager the
| pros don't outweigh the cons. Also apple isn't known for complex
| software with niche use cases. Honestly their current
| safari/iphone password manager is trash
|
| They do a few things well and rely on lock-in and ecosystem
| sylens wrote:
| Even if macOS and iOS are my primary work (and personal)
| platforms these days, I still like a solution that works great on
| Windows, Linux, and Android as well.
|
| I'm pretty happy with 1Password - it does all of the things
| mentioned in this article with more platform support
| ehsankia wrote:
| Exactly, this is why many of the Apple services are useless
| unless you are 110% in their ecosystem. At least Apple Music is
| the _one_ app they somehow made available on Android and
| Windows.
| cglong wrote:
| Apple Music started its life as Beats IIRC, so a good cross-
| plat UX was part of the acquisition. See also Shazam.
| mmmmmbop wrote:
| There's a feature on the AirPods that allows you to enroll
| them in your iCloud account enabling Find My.
|
| All you need to do is connect the AirPods to an iCloud-
| enrolled Apple device, and it will automatically connect to
| that iCloud account.
|
| Oh, but it's not any iCloud-enrolled device, it must be an
| iOS device. Connecting them to my MacBook didn't do anything.
|
| I went into the Apple Store to ask for a solution to that
| problem. They legitimately asked me why I'm buying AirPods if
| I don't have an iPhone -- they're called _Air_ Pods after
| all... Anyway, their proposed solution was for me to buy a
| refurbished iPad for $450 to connect the AirPods to my
| iCloud.
| lfciv wrote:
| I find 1Password to be sort of a pain when signing up for new
| accounts on my iphone - the generate secure password & autofill
| doesn't always work for me - on the web it's great though
| Hamuko wrote:
| I considered 1Password when shopping around for a new password
| manager, but the pricing of the subscription and the fact that
| it was an Electron app killed it for me.
|
| Currently test-driving a smaller alternative with a one-time
| payment.
| Schiendelman wrote:
| I think the reason Apple hasn't prioritized this is that with
| their login with Apple implementations and passkeys, the utility
| of copying/pasting or looking up a password is dropping over
| time.
| aeharding wrote:
| You can make an iOS shortcut to make it appear as an "app"
| (launches keychain manager). I did this for some elderly folk,
| works great.
| hot_gril wrote:
| I've been using Keychain since 2003. Only now am I aware that it
| does TOTP. I've been avoiding TOTP like the plague this whole
| time because I don't trust the other apps not to somehow get me
| locked out.
| ElijahLynn wrote:
| One problem with that is if a person has a non-Apple product,
| Apple won't build the app cross-platform, so they are even
| further locked into Apple hardware then.
|
| Might not affect that many people. But it would surely limit
| choice for those who don't even know about the lock-in later in
| their lives.
| m000 wrote:
| Any attempted lock-in is guaranteed to attract attention of EU
| regulators.
|
| This is what Apple probably wants to avoid. They won't be
| allowed to play a "Safari" this time (i.e. all password
| managers are allowed, as long as they are a frontend to our own
| password manager).
|
| Also, having the password manager as a separate app, it is
| likely they will be asked to provide a standalone password
| migration API for third party password managers. This would
| make switching to another ecosystem trivial for moms & pops,
| who currently need to deal with CSV import & export* if they
| want to move their passwords out of iCloud.
|
| * Not sure what the situation is ATM, but a few years back
| exporting passwords from iCloud was not directly supported. I
| had to run a third-party AppleScript script to generate a CSV
| to import in another password manager.
| pantojax45 wrote:
| I wish you could add a second password or different passcode on
| top of iCloud Keychain / apple passwords.
|
| I get nervous at how easy it is to compromise all passwords:
|
| 1. Give someone your phone passcode, they can change apple
| account password. P0wned
|
| 2. Have iCloud Keychain on laptop... other user account resets
| password on account. (Or use it on work computer without
| realizing)
|
| 3.
___________________________________________________________________
(page generated 2023-03-27 23:00 UTC)