Normally I’m conflicted when a big tech company comes to stomp on a market of smaller app makers but the password manager industry has left me with little sympathy.<p>Years ago I bought 1Password via a one off payment and set it up to sync via my iCloud Drive. It all worked great. Then they took VC investment and quickly every new feature was locked behind a subscription gate. I switched to Bitwarden. Then <i>they</i> took VC investment and I’m sure will end up down the same path (and you could never use a third party storage service with BW AFAIK). A password manager’s remote storage doesn’t need to be anything other than a safely encrypted SQLite file, you ought to be able to save it anywhere.<p>I think everyone should have a good password manager in 2024 and non tech inclined folks shouldn’t have to battle with upsells and spammy notifications as a price for being secure. If that means they’re using Apple’s offering, so be it.
I've been an avid 1Password user for over 10 years, but since they gone full-throttle targeting the enterprise market, I'm getting more and more annoyed. It's increasingly buggy (right now, it thinks I haven't migrated from 1p7 which causes annoying interstitials that I can't close. Over a month and no fix yet.). They killed standalone vaults. Obvious feature requests (e.g archive an entire vault) sit there for years untouched. The value is increasingly not there anymore for me, and here's hoping I can finally jump ship this fall.
This needs to be multiplatform for it to be a viable option for the more tech inclined. I run all three major desktop operating systems plus iOS, so I use Bitwarden
So… this new app does <i>most</i> of what the depreciated “Keychain” app did, except now it’s got a iOS-looking UI. Huzzah, I guess, the “passwords” section in the iOS-restyled system prefs sure wasn’t substituting for Keychain for me. Passwords doesn’t appear to handle secure notes, though, and I still have a few of those, too.<p>I still really hate the iOS-restyled system prefs. Tiny unresizable text, a long vertical scroll. I can’t find a damn thing in it and just use the search bar every time and feel faintly annoyed about it.
I've been using Bitwarden for a few years. It seems to do everything I need, and is cross-platform.<p>I have a soft spot in my heart for `pass` (<a href="http://www.passwordstore.org/" rel="nofollow">http://www.passwordstore.org/</a>), but it's a pain to access it from my phone.
I started using Keychain pretty much primarily this year (other than 1Password at work) and it works pretty seamlessly for me (granted Apple devices only). Even the Chrome extension works quickly as if it were a native part of Chrome.<p>Glad they're splitting it out of System Settings into a dedicated app.<p>I've also started migrating family members to it. It'll be way easier for the less technical people since it's already tightly integrated in the devices and OS they use everyday.
I wonder if the biggest side benefit to a player like Apple getting into this game is the pressure it puts on web site developers to follow some kind of convention with their login forms. The vast majority of the time I have trouble filling a password, it's because the web developer did some wacky shit with the fields that make them unrecognizable, or in the worst case actively prevent pasting a password. It's one thing to blow off someone like 1Password, but Apple has a huge reach, they are not so easy to ignore.
I always feel like these password solutions are there to lock you into their platform. I would never use Apples nor Mozillas password solutions personally.
I've been using KeePassXC on Mac and Windows and sync them between each other with Unison[1]. I'd be curious to learn how others who are using KeePassXC are syncing there databases with iPhone.<p>[1] <a href="https://gist.github.com/jftuga/0265e5403d56373662b9513d8816e392" rel="nofollow">https://gist.github.com/jftuga/0265e5403d56373662b9513d8816e...</a>
I’ve had my iCloud account corrupted twice since they switched from dot Mac. Zero chance I’ll ever trust Apple with anything serious. I don’t even trust them to keep my contacts safe from corruption. Never going to trust them with my passwords.
I want to use this, but this post gave me pause:<p><a href="https://x.com/blader/status/1800263787746066646" rel="nofollow">https://x.com/blader/status/1800263787746066646</a><p>"apple sherlocked 1Password today, so i'd like to remind you that your Apple ID is only as secure as your carrier.<p>if you have 2FA on and get SIM swapped, attackers can lock you out of it PERMANENTLY.<p>last month it happened to me. make sure it doesn't happen to you: "<p>Getting locked out of all my passwords would be pretty disastrous. Did Apple announce a change to the account lockout procedure as well?
Thank god. I think 1pw has been mostly good, but it has frustrating quirks... Like requiring me to input the master password on the iOS app/OSX/Browser extension (on the same device) as if each of these apps have no way of communicating.<p>I constantly have issues with it not engaging on a form where I have to manually switch to 1pw, though it has gotten a bit better over the years.<p>I hate to see a company/product get sherlocked but I don't feel like password security was something we should need to have a subscription for.
I have already been using iPhone Passwords for all my passwords. Anyone else doing this? It autofills passwords on the phone and I can copy a password from the phone Passwords and paste it on my MacBook.<p>Whenever I do a password change, I have to do it on my phone, so that the new one will be stored. But that is fine with me. I’m happy to do that in exchange for being freed from “password managers”.
Timely with how official support for the old 1Password 7 apps probably won’t be continued for too much longer, with 1Password pushing users over to the notably worse v8 apps. I’ll probably switch.
I don’t quite understand how this will be different from what built in iPhone password manager.<p>Something I’d really like: let my iPhone act as a Bluetooth (obviously encryption will be necessary!) or USB keyboard, and have it hold my passwords/type them. That way I could keep my passwords all in one place, and manage them locally. Currently I use keepass when not on iOS, which is fine, but I don’t really want to have to expose my whole passwords file to a Windows machine, since they are traditionally infested with malware (and apparently MS is flirting with including their own first party malware).
My brother convinced me to try a 1Password family account, since it would be cheaper. Ever since, the Chrome plugin takes forever to login. Sometimes up to 5-6 seconds. And it really annoys me that they have so many resources and money, and it's still this expensive for a very very basic application, and slow to boot.<p>I tried out passwords, and combined with Safari, it's an absolute godsend compared to 1Password.
That does mean that I switched from Brave to Safari, and thus have YouTube ads, and so I'm now paying for YouTube haha
I think it needs multiple domains for an account. It appears this hasn’t changed from their current setup from the screenshots in the presentation.<p>I don’t want to switch from 1pass if I can’t set 2 or 3 separate webdomains for an account as I find this to be the most annoying feature of apple passwords, when a website has a separate register page from it’s login pages. In 1pass you can just delete the subdomain and add domains. Apple doesn’t allow you to edit at all :(
My annoyance with Keychain has been that items kind of appear there as I type in a username and password on the web. Feels rather ephemeral, like old "saved passwords" in Internet Explorer or whatever. Feels like I'm one browser cookie reset away from losing everything.<p>Whereas with 1Password I use a separate app to CREATE a new Login file for an app/website/anything. I can save that file with as much or a little information filled out as desired. Can create arbitrary info files for Passports, library membership cards, etc. I know the information for each is forever stored exactly as I created it, always syncing, never overwritten when I type in a different password and accidentally hit "save" in a webform.<p>I hope the new Apple Passwords app is more like the later; if so I would switch.
My main reason to use this would be to maybe have an easier time adding a login when I'm on mobile - hopefully Apple would make it as easy as with bitwarden's desktop browser extension where you can just click 'save' or 'update' after logging in<p>My main reason not to use it is because I guess not going to work as well with firefox desktop?
I think this will finally get me to switch from 1Password 7. I was never going to go to the new, subscription-only, electron-based 1Password, so its either hold out on 1P7 for as long as possible or look for something new.
We're BitWarden users in our house. We switched from LastPass after they double the price for the 2nd year in a row. We each have our own accounts, and then a shared organization.<p>If it were just me, I'd be tempted to just switch everything over. My wife is smart, and technically competent, but isn't interested in switching to new things until the pain points are too much. If I want to move to a new app or a new service, it can't be on a whim of mine, and it can't just be because I want to see what the new features are like.
And put all the eggs into the same basket? No, thanks. I prefer to spread critical responsibilities among a small group of "little tech" companies that offer clear and concise data portability among them.
It's good that Apple have decided to improve their offering for password management but a bit overdue and lacking in cross-platform support. Also, it's risky to allow large corporations control over our most sensitive information.<p>I have been working on solving password management as a local-first, cross-platform, open-source application[1]. It's a bit rough around the edges still (no browser extension yet!) but is worth trying as an alternative. Any feedback would be much appreciated!<p>The app is designed for zero vendor lock-in (after all this is our most sensitive data) and a self-hosted server is part of the design. We aim to make money offering a cloud platform for syncing and social recovery (digital inheritance) and eventually would like to also function as a Dropbox/Keybase alternative.<p>We will be releasing the open-source SDK[2] soon.<p>All comments or suggestions welcome.<p>[1]: <a href="https://saveoursecrets.com" rel="nofollow">https://saveoursecrets.com</a>
[2]: <a href="https://docs.rs/sos-sdk/latest/sos_sdk/" rel="nofollow">https://docs.rs/sos-sdk/latest/sos_sdk/</a>
I have to be missing something. Isn’t this just a new coat of paint over keychain? What’s so revolutionary about this?<p>A lot of people seem to be acting like this is a really big deal. Is it cause it’s available on windows now?
1Password has gotten progressively worse. It's now an Electron app (so it's slower to load), and some features have stopped working well.<p>They took VC funding to pivot to enterprise, anticipating that OS vendors would integrate basic password management features (what most of their usage at the time) into the OS.<p>So the consumer experience has been de-prioritized. I will not be renewing my 1Password subscription.
It works on Mac -and- Windows? Goodbye 1Password! The browser extension has been SO buggy for me on Safari ever since v8, I'm SO excited that I might finally be able to ditch it. I even mentioned it in a comment before[0]. Looks like the day has come!<p>[0]: <a href="https://news.ycombinator.com/item?id=36427945">https://news.ycombinator.com/item?id=36427945</a>
I was pleasantly surprised to see they said they would have a Windows app, but it's DOA for me unless they also offer a solution for Android :(<p>I love my mac and I love my pixel phone but sometimes being a Mac + Android user just sucks.
I was happy using Bitwarden until recent updates that basically block out the entire form input. It's a dark pattern to me, built off fear and that's not the perception I want to see in someone in charge of my passwords.
Are there APIs to get the iCloud sync into my own app? I'm all for iCloud syncing to my devices I just want a way to also get a backup in a file so if Apple decides to delete my account on a whim, I don't lose everything.
If I lose access to my Apple account (via hacking, being banned or otherwise), do I also lose access to all my saved password? Thats what I want to know.
I would guess the reality is companies like 1Password make almost all their revenue through B2B relationships. I doubt Apple will encroach too much in that space (lack of sales reps/support etc.)<p>Curious to see how this ends up impacting competitor's businesses or not though! If Apple gives themselves access to a bunch of integrations and APIs no one else can that sounds like they would be abusing their monopoly power...
Lack of Linux support and i'm not sure if it handles storing files (eg pdfs) is what would hold me from adopting this.<p>I use 1pass across all platforms.
I used to use keychain for my passwords. It worked really well until I tried to export data so I could use it on Linux. No dice. The way it looked there used to be an export function but then Apple decided to take it away. I think I'll stick to Bitwarden. Works reasonably well and I can back up my passwords with a simple export.
Companies like 1Password must be having a bad day. They have previously been held back by Apple, resulting in a poor user experience on iOS. And now Cupertino is entering into direct competition. Let’s see if Apple reaches feature parity and in particular, actually offers decent cross-platform support.
One of my biggest feature wishes finally come true. A few updates back they made the Passwords section in Settings one level less deep, and I was very frustrated they realized it should be easily accessible but didn’t bother making it a standalone app when Keychain existed on Mac.
Maybe I don't want "whoever" to be able to get into every one of my accounts by coercing Apple to give access to all my passwords.<p>There are groups that can do that coercion (eg. US and CPC governments), and there <i>may</i> be support staff et all in Apple that can get the same access.<p>For the same reason, I was unhappy that Keychain.app is auto synced to iCloud (and as per a past thread, even if you disabled it it may be reset).<p>So, of course, I don't have to use their app. Except that I suspect it will be built into the OS in a way that makes it hard to avoid, such as Keychain.<p>I would love it if there was a way I could setup my self-hosted BitWarden instance to be as integrated as Keychain is, and not use Apple or Google for passwords.
A password manager that doesn't have an open-source client cannot be truely checked. Therefore it cannot be trusted to encrypt them before being sent nor to not contain a backdoor.<p>Apple was part of the PRISM program, we know they gave access to our data for mass spying.
If this supports OTP, and ideally profiles, I'd likely cancel my 1Password subscription. I've been waiting for Apple to release something like this for a long time and surprised it took them this long.
Some earlier discussion ahead of the announcement: <a href="https://news.ycombinator.com/item?id=40613857">https://news.ycombinator.com/item?id=40613857</a>
I've never understood why there are some passwords that exist in the macOS keychain app that don't appear in the Passwords section of the macOS System Settings (I think the password for my WiFi hotspot is one of them). Can anyone explain this? Will the new Password app have 'everything' in it?<p>I always end up looking in the Keychain app to be sure to find what I'm looking for, but I dislike that app because it often takes several password entries to get to see a password.
> Considering this service would be operated and owned by Apple, likely to have a deeper integration across its iOS, iPadOS, and MacOS platforms, and doesn't have the same track record of security breaches as competitors, it should make for a compelling alternative for many users.<p>Is the reason for fewer security breaches perhaps that the data wasn't as valuable to attackers (until now) ?
I used to use Apple keychain and lost access to it at one point when I switched phones and no longer had a known device associated with my account. Even when I had the correct credentials, I could no longer access the keychain.<p>It may be my own ineptitude, but I won’t use it again.
You think people will migrate from LastPass to 1password or do you think this just limits new inbound.<p>Also if those two apps didn't have a product feature map way ahead of apple then they were doomed from the get go. They must have known something like this was a significant business threat if not existential risk...
I'll be interested to see if there is improved support for handling and syncing passkeys to multiple personal devices.<p>I'm a bit nervous after hearing about people having early adopter issues.<p>Hopefully there is some sort of fallback if something extreme like a house fire manages to destroy all of your personal devices at once.
Good. I already switched to iCloud Passwords for all my needs, but it's not very convenient now. No way to store bank card info, no way to store ssh passwords (I'm using fake domain myserver.ssh.com, but that's weird), no way to store key files. Hopefully it'll get better.
The early v8 release was pretty stained with skepticism from the entire community.<p>If anything 1password has proved to me that an Electron application can eventually be pretty seamless. I have been very impressed in MacOS and Firefox.
Can you store things other than passwords, e.g. credit cards? I doesn't seem so, but I only gave it a quick look. Would love to switch but that is a hard requirement for me. Also, does it only work well with Safari?
I’m concerned about how secure this will be. What happens, for example, if you experience a sim swap attack?<p>How will apple protect all of your password data in this case?<p>Will the setup allow for an additional password to prevent hackers from gaining access?
I really enjoy 1password, things, mind node, etc but I never seem to enjoy Apple apps other than Messages or I suppose Finder if you're being very specific. Maybe this one will be different.
Does webauthn have a protocol for username / password retrieval ? It would be nice to have a usb security token that is backward compatible with username + password login.
This is very welcome! I had previously used a Siri shortcut on my desktop that would launch the password setting. (which worked very well, but a dedicated app is better)
This is welcome. Central password management really should be an OS feature. Drives me crazy that every browser I use has a different credentials store and sync service.
enpass.io is great.<p>+ Can't beat convenience.<p>+ Cross platform<p>+/- free if you don't need mobile version<p>- Closed source<p>(no affiliation)
People should just use a sufficiently complex, memorized, password for their money/identity, and then a (mental) algorithm that allows deriving unique passwords for other services that are less important.<p>Only have to memorize 2-3 strings and more secure than a password manager since there's no third party in the loop.<p>Password Managers are a huge man-in-the-middle and liability in other regards (e.g. you don't have it present on a given device or on hand).<p>SSO from a single set of credentials is a much better solution. Multi-factor biometrics even better (outside of PII sensitivities)
Yeah there is a pretty good chance that once this rolls out I won't be using 1Password anymore.<p>I only use 1Password instead of native because I needed something that worked on Windows. Will need to see how well that works, but I just don't see a personal reason why I would not just use this when it works so much better on my iOS devices.
I for one will stay away. What if your Apple account get banned? Then you lose all your passwords?<p>It's the same reason I don't trust Google with all my picture or documents. At any point in time their algos can flag your account for wrong reasons and that's the end of your digital life.
For years, Keychain Access would copy disk image passwords from custom keychains into keychains that opened at login, defeating my attempts at extra security.<p>I don't trust 'Passwords'.
Yeah please continue your "only on ios" policy.
I will have a PW manager server on LAN and use it everywhere via VPN.<p>These are the reasons why I don't use Apple products despite the great hardware.
Here's Apple's big problem: it's not a replacement for so many alternatives because it isn't supported on all platforms.<p>Safari? Not on Windows.<p>Apple Music? This actually has a Windows client. I'm not sure how good it is. But Spotify supports Windows and even Linux.<p>Apple Password Manager? Will this be tied to iCloud? Will I be able to use it on Android? If I no longer have an iPhone will it be a pain to maintain and use?<p>A dog cannot serve two masters. A company like Apple doesn't see any of these things as a product. They're a means to an end: to push the iPhone platform (and hardware sales). That priority will always trump the interests of a product like this.<p>It's also why I refuse to buy more into Google products: it's too much of a risk to lose access to everything if Google wakes up one day and decides to suspend your account with no recourse other than making enough of a stink on social media such that an employee will actually look into it.<p>People don't want everything tied to one identity, one service, one login.
I wasn’t expecting this much hate towards 1Password in the comments. I was using Google Passwords, then migrated to Apple, finally to 1P7 and now 1P8. It’s one of the best software I’ve ever used and I don’t know what I’d do without it. Same goes for Fastmail as well.
Surprised to see <i>Forget LastPass</i>, as if it's the current incumbent. It very much isn't, at least in my perception. LastPass disgraced itself into irrelevance back in 2022.<p><a href="https://en.wikipedia.org/wiki/LastPass#2022_customer_data_and_partially-encrypted_vault_theft" rel="nofollow">https://en.wikipedia.org/wiki/LastPass#2022_customer_data_an...</a>
Pointless if it doesnt have cross platform. Apple devices already basically have a password manager, the main reason more people don't use it it is because it doesnt also work on android or windows, not because it's not a standalone app called Passwords.
It's good to see that 1Password is staying several steps ahead here to avoid being "Sherlocked" by Apple.<p>The new SSH key manager feature is an example of something Apple's unlikely to address for years, if ever. <a href="https://developer.1password.com/docs/ssh/manage-keys/" rel="nofollow">https://developer.1password.com/docs/ssh/manage-keys/</a>