Years ago I bought 1Password via a one off payment and set it up to sync via my iCloud Drive. It all worked great. Then they took VC investment and quickly every new feature was locked behind a subscription gate. I switched to Bitwarden. Then they took VC investment and I’m sure will end up down the same path (and you could never use a third party storage service with BW AFAIK). A password manager’s remote storage doesn’t need to be anything other than a safely encrypted SQLite file, you ought to be able to save it anywhere.
I think everyone should have a good password manager in 2024 and non tech inclined folks shouldn’t have to battle with upsells and spammy notifications as a price for being secure. If that means they’re using Apple’s offering, so be it.
I don't know if Apple Passwords will be a perfect fit for me, I'm hoping someone shares a deep dive on the product soon because I'm not in a position to use the beta, but I'm happy to see some more competition in the space.
There is a little bit of subtlety to this https://www.cs.ox.ac.uk/files/6487/pwvault.pdf
And it's not that big a deal to occasionally copy a password onto a Linux or Windows device, or better yet, use the iPhone to authenticate for it.
You can run your own BW server, or at least you could as of a few years ago. It's not well documented, but it was doable. The only reason I don't use BW is because the iOS app doesn't locally cache passwords, and I didn't want to open up my home network or set up a VPN just for a bitwarden server.
KeePass was a great bit of software but managing the vault syncing myself and having to wait for (and trust) the third-party Firefox extension to update was tiresome. For about a buck a month, LP was a pretty good deal and handled all of that overhead for me.
I eventually moved to 1Password and it's still what I recommend to most people. $45CAD a year is a pittance for how often I use it. The app and extensions are always up to date, they "just work" even for my 70 year old father. At $12CAD a year, Bitwarden is pretty damn reasonable too.
I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money. Yes, a power user can manage everything entirely with free software and a portable sqlite db but that isn't sensible approach for the vast majority of people.
I've been using it for nearly 20 years and it's been going down hill fast for the last 5, but 1Password 8 is an absolute clown car. It hijacks your passkey logins meaning that authenticating with Tailscale for me has gone from a single touch of the TouchID button on my Mac, to 1) click button that says "Unlock 1Password", 2) Click it again because it did fuck all the first time, 3) hit the global hotkey for 1Password, 4) open 1Password via Alfred because the hotkey has decided to stop working again, 5) touch the TouchID button to unlock 1Password, 6) switch back to the browser to find that my Tailscale auth has timed out, 7) back to iTerm to initiate the auth again, 8) if I'm lucky, I can now touch the TouchID button to use my Apple passkey, if I'm not, it's back to step 1.
I'd challenge anyone to name an app that has been ruined more by VC money than 1Password.
I'm sure 1Password doesn't care one iota about loosing individual users with attitudes like this. Until the forced to a monthly rent seeking hand in my pocket policy was deployed, I had been a vocal advocate for 1Pass. Now, they're about to loose me altogether
I’m finding most of the friction with 1Password I run into is actually Apple competing for autofill in Safari creating two completely different UIs above every form element.
The other issue I have is Safari Home apps not supporting extensions so you can only use Safari’s built in manager. I think that’s fixed in Sequoia.
I agree regarding 1pass, but at least it's still firmly trying to solve the password management problem. Apple is trying to solve the vendor lock-in problem (i.e. how can they lock more users in to their platform).
https://1password.community/discussion/128524/add-options-to...
Seriously, this is the kind of thing that an intern could knock out in a week. I don’t understand why it hasn’t been addressed.
> The Passwords app is free to download, available across iOS 18, iPadOS 18, and MacOS 15, and will also work with the Vision Pro and Windows computers, says Apple.
I still really hate the iOS-restyled system prefs. Tiny unresizable text, a long vertical scroll. I can’t find a damn thing in it and just use the search bar every time and feel faintly annoyed about it.
But my biggest one is wanting to store secure files. Think copies of a drivers license, signed documents or various certs and keys. That's not being covered here either for me sadly. It's not a super common situation for me so I can probably find an alternative app for that purpose.
Edit: Also for notes, I'd just password protect something in the Notes app. But that's just me.
I have a soft spot in my heart for `pass` (http://www.passwordstore.org/), but it's a pain to access it from my phone.
I use BW for all my personal stuff because my wife and I use it.
If your phone is android, I'd recommend https://passwordstore.app/ plus syncthing :-)
Glad they're splitting it out of System Settings into a dedicated app.
I've also started migrating family members to it. It'll be way easier for the less technical people since it's already tightly integrated in the devices and OS they use everyday.
The autocomplete attribute supports nearly everything you can imagine. Check this for a full list[2].
[1] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/In...
[2] https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes...
I will NEVER understand this one. Do they want me to pick a shitty password? I'm not gong to type a string of of 20 mixed-case and special characters into a private text box on my phone. It always takes 3 or 4 tries to even get it right.
There's not much else to add: it just worked. I wish all "lock in" were that open.
[1] https://gist.github.com/jftuga/0265e5403d56373662b9513d8816e...
Keepass is the closest I've ever felt to just having a wallet for my passwords. It should be ratified as a standard, so we can make Google and Apple provide "Export to Keepass" buttons in their apps.
Check Passlane here (I’m the author of it): https://github.com/anssip/passlane
https://x.com/blader/status/1800263787746066646
"apple sherlocked 1Password today, so i'd like to remind you that your Apple ID is only as secure as your carrier.
if you have 2FA on and get SIM swapped, attackers can lock you out of it PERMANENTLY.
last month it happened to me. make sure it doesn't happen to you: "
Getting locked out of all my passwords would be pretty disastrous. Did Apple announce a change to the account lockout procedure as well?
I constantly have issues with it not engaging on a form where I have to manually switch to 1pw, though it has gotten a bit better over the years.
I hate to see a company/product get sherlocked but I don't feel like password security was something we should need to have a subscription for.
Whenever I do a password change, I have to do it on my phone, so that the new one will be stored. But that is fine with me. I’m happy to do that in exchange for being freed from “password managers”.
Really no big difference, you’re still technically using a password manager.
Also you can access those passwords on Mac as well, it’s in settings just as you would find it in your phone. No need to copy from your phone and paste it, Mac can autofill. It can also autofill on other browsers through the dedicated right click menu, but it’s a bit more clunky than on Safari.
Fun fact, those same passwords can be accessed on windows now, install iCloud for windows and enable passwords. It uses a dedicated app on Windows.
I also enable keychain sync on my Mac so I can create passwords there too.
Right now for instance I have a Personal profile, and a few work specific ones around admin, development, and my day-to-day work to split things off easily. I have 1Password unlocked in one profile and it works in that, but if I switch to any other profile it needs to be unlocked, then it tells me it needs to reload the extension. Reloading it doesn't do anything but break it again. I have to fully quit Safari then it works again for some unknown amount of time then falls apart completely soon after (probably laptop sleep or something like that).
Just a shitshow all around from 1Password anymore. How the mighty have fallen due to profits and investors.
Something I’d really like: let my iPhone act as a Bluetooth (obviously encryption will be necessary!) or USB keyboard, and have it hold my passwords/type them. That way I could keep my passwords all in one place, and manage them locally. Currently I use keepass when not on iOS, which is fine, but I don’t really want to have to expose my whole passwords file to a Windows machine, since they are traditionally infested with malware (and apparently MS is flirting with including their own first party malware).
I investigated the bluetooth encryption and it didn't really seem up to the task. You could create a dongle that lived on wifi though that would do the same.
I tried out passwords, and combined with Safari, it's an absolute godsend compared to 1Password. That does mean that I switched from Brave to Safari, and thus have YouTube ads, and so I'm now paying for YouTube haha
This isn't my experience since the recent update that shows up a mini-login panel when trying to sign in. The old experience that opened the desktop app first was fairly slow.
I don’t want to switch from 1pass if I can’t set 2 or 3 separate webdomains for an account as I find this to be the most annoying feature of apple passwords, when a website has a separate register page from it’s login pages. In 1pass you can just delete the subdomain and add domains. Apple doesn’t allow you to edit at all :(
Whereas with 1Password I use a separate app to CREATE a new Login file for an app/website/anything. I can save that file with as much or a little information filled out as desired. Can create arbitrary info files for Passports, library membership cards, etc. I know the information for each is forever stored exactly as I created it, always syncing, never overwritten when I type in a different password and accidentally hit "save" in a webform.
I hope the new Apple Passwords app is more like the later; if so I would switch.
My main reason not to use it is because I guess not going to work as well with firefox desktop?
If it were just me, I'd be tempted to just switch everything over. My wife is smart, and technically competent, but isn't interested in switching to new things until the pain points are too much. If I want to move to a new app or a new service, it can't be on a whim of mine, and it can't just be because I want to see what the new features are like.
I have been working on solving password management as a local-first, cross-platform, open-source application[1]. It's a bit rough around the edges still (no browser extension yet!) but is worth trying as an alternative. Any feedback would be much appreciated!
The app is designed for zero vendor lock-in (after all this is our most sensitive data) and a self-hosted server is part of the design. We aim to make money offering a cloud platform for syncing and social recovery (digital inheritance) and eventually would like to also function as a Dropbox/Keybase alternative.
We will be releasing the open-source SDK[2] soon.
All comments or suggestions welcome.
[1]: https://saveoursecrets.com [2]: https://docs.rs/sos-sdk/latest/sos_sdk/
A lot of people seem to be acting like this is a really big deal. Is it cause it’s available on windows now?
I guess Apple just wants it to be more obvious that hey, you have a password manager already.
They took VC funding to pivot to enterprise, anticipating that OS vendors would integrate basic password management features (what most of their usage at the time) into the OS.
So the consumer experience has been de-prioritized. I will not be renewing my 1Password subscription.
Bitwarden has been lagging in implementing any consumer features for some years now (custom item types has been on the roadmap for six years and is still not done). Except for secure notes in Bitwarden, I don’t think you’d miss anything else in this app. Bitwarden is spending money and focus on the enterprise, just like 1Password has been. For the consumer segment, neither of these are good enough now.
But it might make other people who don't use a password manager start using one.
I love my mac and I love my pixel phone but sometimes being a Mac + Android user just sucks.
Passwords are saved on your device.
Curious to see how this ends up impacting competitor's businesses or not though! If Apple gives themselves access to a bunch of integrations and APIs no one else can that sounds like they would be abusing their monopoly power...
I use 1pass across all platforms.
There are groups that can do that coercion (eg. US and CPC governments), and there may be support staff et all in Apple that can get the same access.
For the same reason, I was unhappy that Keychain.app is auto synced to iCloud (and as per a past thread, even if you disabled it it may be reset).
So, of course, I don't have to use their app. Except that I suspect it will be built into the OS in a way that makes it hard to avoid, such as Keychain.
I would love it if there was a way I could setup my self-hosted BitWarden instance to be as integrated as Keychain is, and not use Apple or Google for passwords.
Apple was part of the PRISM program, we know they gave access to our data for mass spying.
I always end up looking in the Keychain app to be sure to find what I'm looking for, but I dislike that app because it often takes several password entries to get to see a password.
I assume the Passwords section of System Settings is only pulling up a subset of these, but I haven't upgraded macOS on my personal laptop in a long time (I'm on 12.4), so can't verify easily.
Is the reason for fewer security breaches perhaps that the data wasn't as valuable to attackers (until now) ?
It may be my own ineptitude, but I won’t use it again.
Also if those two apps didn't have a product feature map way ahead of apple then they were doomed from the get go. They must have known something like this was a significant business threat if not existential risk...
I'm a bit nervous after hearing about people having early adopter issues.
Hopefully there is some sort of fallback if something extreme like a house fire manages to destroy all of your personal devices at once.
This is already addressed and has been since Apple first launched support for passkeys. See the “Recovery security” section of the “About the security of passkeys” support document here: https://support.apple.com/en-us/102195
If anything 1password has proved to me that an Electron application can eventually be pretty seamless. I have been very impressed in MacOS and Firefox.
How will apple protect all of your password data in this case?
Will the setup allow for an additional password to prevent hackers from gaining access?
+ Can't beat convenience.
+ Cross platform
+/- free if you don't need mobile version
- Closed source
(no affiliation)
+ cross-platform
+ free as in beer
+ free and open-source software
Can't really comment on convenience, I moved from LastPass, but it has worked well for me.
Only have to memorize 2-3 strings and more secure than a password manager since there's no third party in the loop.
Password Managers are a huge man-in-the-middle and liability in other regards (e.g. you don't have it present on a given device or on hand).
SSO from a single set of credentials is a much better solution. Multi-factor biometrics even better (outside of PII sensitivities)
1. It's now easier to access passwords on the mac because you no longer are forced to use Safari to view passwords, nor have to sort through the technical entries/certificates in Keychain Access.
2. The app surfaces a prominently positioned button for one-click sharing and exporting of passkeys/passwords, whereas existing methods significantly lack in comparison.
3. It's the opposite of lock in to consolidate all types of passwords into a single consumer-level interface, when the alternative was hunting for them across the various apps and system panels.
4. It works with iCloud for Windows for cross platform support. Which also means you don't need a mac to participate in shared password groups.
I only use 1Password instead of native because I needed something that worked on Windows. Will need to see how well that works, but I just don't see a personal reason why I would not just use this when it works so much better on my iOS devices.
It's the same reason I don't trust Google with all my picture or documents. At any point in time their algos can flag your account for wrong reasons and that's the end of your digital life.
You have a completely free choice to use 1password, BitWarden, KeePass etc ..... Apple is not stopping you.
Forcing all browsers on iOS to use Safari is a different matter.
I don't trust 'Passwords'.
These are the reasons why I don't use Apple products despite the great hardware.
https://support.apple.com/guide/security/icloud-keychain-sec...
Safari? Not on Windows.
Apple Music? This actually has a Windows client. I'm not sure how good it is. But Spotify supports Windows and even Linux.
Apple Password Manager? Will this be tied to iCloud? Will I be able to use it on Android? If I no longer have an iPhone will it be a pain to maintain and use?
A dog cannot serve two masters. A company like Apple doesn't see any of these things as a product. They're a means to an end: to push the iPhone platform (and hardware sales). That priority will always trump the interests of a product like this.
It's also why I refuse to buy more into Google products: it's too much of a risk to lose access to everything if Google wakes up one day and decides to suspend your account with no recourse other than making enough of a stink on social media such that an employee will actually look into it.
People don't want everything tied to one identity, one service, one login.
I think this is exactly what _most_ people want.
With password management specifically, Apple has had a Chrome extension available for a while now which has allowed me to use it on other browsers/platforms. Not ideal, but good enough for most.
On top of that, they don't lock you in with passwords. You can easily import and export your passwords, just like you can with 1Password.
Apple Music has had a web client for a long time. iTunes has been on Windows for 20+ years and Apple Music was supported via that until recently when they built an Apple Music specific app.
This is EXACTLY what people want. Please remember that HN is not a cross section of the general public.
I don’t see why that would be a big problem for Apple.
As this article explains, this isn’t new functionality. It’s (mostly) a new UI for existing functionality, to make the hardware they sell and make lots of money on more attractive.
No, it's not Apple's problem, let alone be a big problem. Apple does not like to provide services for free on other platforms and isn't even very good at doing it for paid services. This passwords app is meant for those who use and depend on Apple's ecosystem, not as a generic competition for other password managers.
There's a difference between Google's products and Google's services. You can use either one without the other. I am a happy user of Google hardware, and am even happier to be almost entirely extricated from their services.
You'd be surprised. People want a neat solution so they don't have to deal with multiple nuissances.
They worry less about vendor lock-in (if they even understand the issue unless it's bitten them, and then they can consider the costs of switching as totally normal and expected, similar to how they just go find app replacements for platform-exclusive software).
This is what OAuth attempts to do, and most users and devs I know like it.
I'm well aware of the risks of putting all eggs into one basket. I'm already doing it with 1Pass (albeit with external MFA for some sites), so I see no difference with letting Apple manage it.
People literally want everything tied to one identity, service, and login. You are almost totally wrong. People do sometimes want to switch to something new when they feel what they've bought into hasn't met their expectations or has fallen behind in innovation. And guess what? Apple in very limited ways actually locks people into things like passwords, files, photos, notes etc. Their entire ecosystem is pretty easy to migrate away from, I've done it several times. Theres an import/export tool for most everything.
After this year you probably can't even say they are locking people into their ecosystem with iMessage.
https://en.wikipedia.org/wiki/LastPass#2022_customer_data_an...
The new SSH key manager feature is an example of something Apple's unlikely to address for years, if ever. https://developer.1password.com/docs/ssh/manage-keys/
