Thanks, Adam, for doing the work of comparing 1Password with Apple’s Passwords.
Over the many, many years I’ve been embedded in the Apple ecosystem, I’ve never regretted avoiding reliance on Apple’s own software. Back in the day Me.com could not keep two folders in sync across the internet. Thank goodness for Dropbox. I could list lots of passwords with Apple’s Keychain Access. But it was a no-brainer to move to 1Password. And when my photography hobby got serious I opted for Lightroom instead of Aperture. Thank goodness.
I suppose I should forgive Apple its bad track record, but I’ve got until next January to decide whether 1Password’s price hike is worth it. It’s not an unreasonable price increase, but I’m scrutinizing all my myriad subscriptions pretty closely these days and may find myself migrating to Proton Pass.
Not me for now. I’ll stick with the 1P family plan. Been using 1P since 2007 or earlier, just with Apple products. Good support, and I like the syncing between my Mac and iPhone.
I don’t understand this. From the very beginning I used 1P via Dropbox so that my passwords would sync between all my devices. Any password manager that doesn’t sync is useless to me (though I suppose someone without only one device wouldn’t care).
Are you worried that 1P’s cloud is a security risk and you’d prefer to use Dropbox or another cloud service? Or are you anti any cloud service? If so, then how do you sync between devices?
Well, in general I don’t trust ANY cloud. I do use iCloud password synching, that’s the cloud I distrust least. But I was just fine with having to re-enter passwords on each device.
Password managers do try to mitigate against infostealers, with varying degrees of success.
Salted/hashed password storage has been best practice since at least Unix System V which was released 43 years ago. Still, it’s surprising how many sites/systems still store plaintext passwords. A giveaway is when a site limits password length – a hashed password takes up the same amount of storage regardless of the length of the original password so there is no reason to limit lengths to anything less than hundreds of bytes.
Cloud storage is not necessary for sync. Peer-to-peer sync systems used to be common, but we seem to have forgotten about them in our cloud-crazy world. The prevalence of NAT routers didn’t help. I’ve used Resilio Sync (on the free tier) for reliable peer-to-peer, platform-agnostic syncing for years.
Maybe. It could also be a function of the cipher/hash. For instance, in old Old Days, Unix systems would use DES to generate the hash - encrypting a well-known string using your password as the key. Since DES only supports 8-byte keys, your passwords would be truncated to 8 characters.
Which is why you should only use a service where your passwords are encrypted in a way that prevents the even the password-provider from accessing your data without your master password (which you should not sync anywhere).
Any good system should encrypt your data locally, before it is transmitted to the cloud server, and they key should never leave your computer. Any system that does this (and doesn’t have a critical bug, of course), should be equally secure, as long as your local passphrase is kept secure.
It’s one of the things that makes choosing software difficult. I’m a VP of technology, and it is shocking how often we encounter interesting tools that we would be happy to purchase or license, but upon performing our due diligence, it becomes clear that security wasn’t even a design consideration for the product.
FWIW, this is particularly true for smaller developers and startup firms, but at least there is a good chance that they will take action when a credible prospect avoids or delays purchasing until the problem is addressed. In some ways, it can be a lot trickier to evaluate well-known platforms and apps.
There is a notes section but it doesn’t have any of the formatting options that 1PW does and there’s no indication how long they can be. I don’t see a way to create categories either (at least on the iPad version I just checked on). The app is good enough for basic passwords but for any more complex user case it is lacking…but then it’s a 1.0 version.
Locked Notes is another option…but I have not seen any security evaluation on that so it isn’t an option for me
A great deal of stealing and hacking happens on personal computers, both home and office.
Well, Macs are of course not completely immune to hacking, but I suspect the rate of compromise on home/office Windows machines is greater than the rate on Macs. The proxy I’d use for that is reported vulnerabilities, and particularly vulnerabilities that have been exploited, on Windows compared to Macs.
No disagreement here, but when you review statistics of compromises, you need to associate the stats with time frames and/or particular Windows releases.
Back in the days of Windows 2000 and XP, it was pretty much a free-for-all. Today, it’s much better.
I won’t say whether modern Windows 11 installations are better than contemporary offerings from Apple and the Linux community, since I haven’t reviewed recent statistics. I just want to make the point that you shouldn’t use Windows’ historic lack of security as the basis for assuming a similar lack of security in current versions.
A note can be up to 4096 characters long. I had a large amount of text generated, and pasted it into a Password note. Then I copied the note into Microsoft Word and used the Word Count tool to give me the result.
You have a point, BUT: any company that thinks it is a good idea to make screenshots every few seconds to index what the user does (Windows recall) deserves a little bit of distrust (IMHO).
I just checked the Keychain Access App on MacOS 26.3 and it does have a Secure Notes tab, if that’s is a suitable supplement to Passwords for those who need the feature.
It did pop up a couple of dialogs trying to get me to use Passwords but they had the decency to include a ‘don’t ask again’ checkbox.
I’m still on 1PW 6.8.9 and it suits my needs. Haven’t even opened Passwords .
I’m still using 1Password 7 as I hate the “rent a program” plans that have changed software purchases. When 1Password 7 finally breaks, I’ll need to make the choice to stay with it or switch to Apple Password.
My question though, is what am I risking by staying with a software program that is no longer supported. I’m storing my vault in my iCloud account after an apparent break-in into my Dropbox account.
So Apple has TWO password manger applications now? Keychain Access & Passwords? I figured the latter replaced former. So if KA has a Secure Notes, I wonder why Passwords doesn’t?
Eric, 1Pwd7 still works fine on Sequoia 15.7.4. I’m updating to 15.7.5 and will have to see if it still does. Update: yep, it still works.
Keychain Access isn’t really a password manager. Keychains track all kinds of security-related data, including passwords, secure notes and certificates.
As a password manager, its user interface is pretty tricky. The Passwords app accesses the same data (only the passwords in your keychains), but presents it in a far more useful way.
As strictly a Mac guy, I agree wholeheartedly that Passwords is all Mac users need. It’s seamless and partners nicely with iCloud’s mail’s Hide My Email