The problem is that as of today there isn’t a better or even equivalent featured option.
1 Like
If it is not as polished, what in particular do you like about it?
If you need many features then your comment is true.
I, and probably others, need far fewer features and there are several options that do what I need. (I use an older version of 1PW and also Enpass.)
I’m still using v7.x of 1PW and will continue until it dies. The big problems with v8 originally were loss of DropBox storage which I can live with and the zero capability of local, user managed backup and restore. The latter has been resolved as we now know how to save the local SQL or whatever it is database and restore it independent of the 1PW cloud. While I prefer DropBox…using their cloud is acceptable. Their Secret Key which they claim makes it so much more secure is mostly BS…but in any event cracking in 10 trillion trillion centuries instead of 3 trillion trillion centuries is irrelevant…as long as the master password is good I’m happy with the security. If/when v7 fails to function any more I will have to do something…but I use the secure notes function in addition to password storage and there isn’t another product that provides that and the ability to use DropBox. If it does I will have to make a decision but I’m going with v7 as long as possible. The company is now mostly owned by VC who are only interested in profit…and the company focus is now on corporate clients rather than users and that’s a darned shame. The v8 client isn’t really very Mac like but again I can live with that…but until they admitted how one could backup and restore independent of their cloud v8 was a hard no for me and any other former sysadmin type that realizes password database is the most essential data one had and user focused backup and restore is mandatory.
Enpass is about the best of the alternatives but doesn’t do secure formatted notes…and I’m really suspicious of the encryption in Apple’s Notes app…it has never been vetted by outside security analysts to my knowledge and there are things in my Secure Notes that need to be safe.
Information on Apple’s Notes encryption can be found here. There’s a Wikipedia article on the method used and a write-up on how you decrypt notes after cracking the password.
Everything else. The functionality is very rich for a KeePass-based password manager. Unless you absolutely, definitely need a few little touches in the 1Password UI (customisable headers in your entries, semantically-rich custom fields, “Universal” autofill, slick entry sharing …) realistically you’re not going to notice. It does everything else right, including integrating with Safari using native APIs. Try it! It might be what you need. And it might not—if you really need an “online” password manager, I’d next suggest BitWarden.
I will definitely check it out. Thanks
Thanks Alan…I had seen those before but didn’t see any reason to change from 1PW when encrypted Notes were introduced. It’s also unclear and probably unlikely that Apple has allowed their encryption code to be audited as password managers typically do. That doesn’t mean there are errors in it…but audited code provides a higher degree of trust for the security.
I may end up using a combo of Enpass and Notes at some point…and will give Apple Passwords a whirl when it’s released…but as I noted in another reply the password manager is the most important data you have amd while a lot of the underlying code might be from Safari or Keychain areas…but Passwords will be a 1.0 release next month presumably…and entrusting ones most valuable data to a 1.0 product seems unwise. Hopefully it will become more fully featured and proven reliable and when it does it is another good alternative I’ve to consider.
I don’t get the impression that most password managers regularly have their code audited. For example, based on information on its website, Enpass has had its Windows and Android clients audited, but its Mac and iOS clients have never been audited as far as I can tell. I couldn’t find any information on any security audits of Strongbox. In contrast, 1Password 8 for Mac, Windows, Android, and iOS were audited in 2022.
Why do you think it’s unlikely Apple has had its code audited?
Standard Apple secrecy about pretty much everything. I have no inside info…obviously…but those password apps that have been audited use it as a selling point and it seems Apple would too if it were…and we would likely have seen assorted websites reporting it since like most things Apple it would have gotten leaked probably. I haven’t really looked at Apples Passwords yet since it isn’t released…but 1PW and others have additional features like completely secured secure notes as opposed to just contents, checking the site cert before autofilling (although Apple may have this), backup/restore (again Apple may have this as well),the ability to store images/licenses/passports/bank account data…all of which could be put in Passwords or Notes but not with a nice categorized interface, etc. I will take a look at it once released to see 8&mits a valid option for me…but it’s still a 1.0 product and would need more seasoning, users beating on it, etc before using it for critical data. As a long time sysadmin back in my working days…v1.0 PF anything wasn’t getting on a production server or workstation …you’re just asking for trouble there.