This idea of using the Apple keychain for everything hits the sweet spot for my significant other. I was looking at using a 1Password family plan, but she is very busy and doesn’t want to invest any time into learning to use a password manager or any other software unless unavoidable. She reminds me of Scotty in the Star Trek movie where he is speaking commands to a 9” screen Mac via its mouse. She is Apple only but there will be a few bumps to iron out such as passwords for Quicken. I am going to give it a whirl. 
As I understand, the new Unified (Beta) option for self hosting Bitwarden is built on Docker and since there is a macOS version of Docker, I’d guess that Bitwarden can be hosted on macOS.
Having said that, I agree that deploying self hosting (on any platform) is beyond the average user; it’s not something that I’d try.
1 Like
I’m somewhat inspired (well, at least motivated) to try and move all my 1PW logins to Apple’s Password and see how it goes.
It annoys me Apple has two locations for password management (Keychain Access and Settings/Passwords) and neither of them are in Applications like a ‘normal’ Apple app. Keychain Access could be put in the dock but its interface and functionality are terrible. You can move the Passwords setting to the dock by digging into System/Library/PreferencePanes but I don’t understand why they wouldn’t simply make it a standard app.
Apple Passwords requires a lot of futzing around which 1PW doesn’t - it’s just very clunky and unfriendly. Despite this, I’ll give it a go but I’m not too confident.
Yes, but in the main way I use an app like this - create a new login, or login to a site where I already have a password - it works fairly well to recognize the login, offer to create the password (or to save the password if you’ve filled it in for a site where you have an existing account), and does a good job recognizing a third party app on iOS to fill in the login.
And note that I was taking specially about iCloud Keychain, which on the Mac is in Safari’s password settings. Not Keychain access.
As I said, I don’t use it (in fact I’ve had passwords installed there from iOS that I recently made sure were in 1Password and cleared these out,) I need more from a password manager. Just to give an example, those sites that ask recovery questions when you create an account - I always create random words and store them manually in 1Password as extra fields. It means cut and paste when I need to fill them in, but that happens rarely. I also store a few secure notes in 1P, and email account details, passport info for the family (including scanned copies in case we need them if we travel), etc. But just for storing site user ids and passwords, including 2FA codes, it’s a nice what I’ll call entry-level system.
And there does appear to be a way to import a CSV password file on a Mac. I did a similar import when I started using 1Password when I moved from Lastpass 6 years ago.
- What prompted you to leave LastPass 6 years ago?
- What criteria lead you to choose 1Password?
I think I’ve mentioned this before, but
-
The sale of Lastpass to LogMeIn immediately made me want to switch to something else. I was super-worried that a company that wasn’t focused on a password manager, run by the people who designed it and managed it for years, would likely one day be a problem.
-
When I first bought a Mac in 2007, I wasn’t using a password manager, and I chose 1Password. But I switched to Lastpass in 2009 when I bought my first Android phone. At the time 1Password did not have a good solution for Android. So, I had a history with 1Password, and I like their model for cross-device sync, and I’d already switched to iPhone by then (though I believe that 1Password has a real solution for Android now, too.). At that point I probably also thought about doing a family plan for everyone, but I know my wife has no interest in it at all, so I don’t think that’s happening. She was a “write it in a notebook” person for a long time until she now has everything in iCloud Keychain.
When I imported everything into 1Pass in 2017, I spent time in Lastpass changing all of my user ID and password fields to the word “nothing”, erased all my secure notes, and left it for a bit, then erased everything from the account, then a week or so later deleted my account. I wanted to be absolutely sure that my data was worthless in case Lastpass didn’t really delete the account and somehow somebody had figured out how to hack into accounts. I wasn’t even thinking about backups being stolen.
2 Likes
Wow. Yes, that is of concern. And yes, those are great links. I read it all, and will dig a bit deeper as well. Thanks.
BTW: the firm that did that assessment years ago (never of Mac version, never of iOS version) seems to have not published anything new on their website in 2 or 3 years since, which also raises questions.
It’s really difficult to believe the sad state of available password managers. Seems like all of them require your passwords on their servers, and the 1 with good features that lets you maintain full control of your data has apparently been avoiding any serious assessment while saying that security is a high priority…
When I looked at the link you provided, it seems to be instructions for importing a password file to/from Safari, not the Apple Keychain.
I’d think that to import/export passwords to/from the Keychain, it needs to be done from the Keychain Access app itself, as discussed here:
It looks like Keychain Access prevents a user from migrating away from it since, according to the page, “You can’t export passwords from Keychain Access.” By selecting older version of macOS on this page, this prohibition became apparent with macOS Big Sur 11.0 (since I don’t see this warning in older versions of the Keychain Access User Guide.
This lockin troubles me.
Yes, I am talking specifically about iCloud Keychain, which syncs using iCloud end to end encrypted with all iCloud Apple devices. Not keychain access. These are the passwords that are available in settings / passwords on iOS and in the Passwords tile in Safari settings on MacOS.
It doesn’t do secure notes. But Apple already has a Notes app that can do end to end encryption if you need that, and iOS 16 and Ventura now allow the notes encryption to be unlocked with your device passphrase and biometrics. (They used to use a discrete password that you created yourself. They still can - you just have the option to use your passphrase or Face ID / Touch ID to unlock if you wish.)
As I think previously noted, Apple cannot decrypt iCloud Keychain. To Apple it’s just a random blob. (Well, pseudo-random).
1 Like
There is no difference between Safari and iCloud Keychain password database.
I agree with everything you’ve said here and I still use 1Password version 7, too. Do you have any idea what you’ll use when version 7 finally breaks?
NB Safari on iOS (and iPadOS, not sure about macOS) will auto fill credit card data, including CVVs (remembered on-device).
But it’s not part of the iCloud Keychain, as far as I know, it’s a separate setting under Safari auto-fill “Saved Credit Cards”. It does seem to be synchronised, somehow.
Emergency Access by someone with power of attorney or other designation in case of injury, illness, stroke, etc.
Our solution to this is my wife’s master Password Wallet password is in my 1Password vault and vice versa…and our son is on our 1PW subscription with access to a 911 vault which has the codes for all of our computers and devices and garage code and he has a key…and he also has a paper copy of those in his safe. Once he gets the 911 vault he becomes us and can get into iCloud and whatever else he needs.