PDA

View Full Version : Apple Announces iCloud Keychain, 1Password-Like Password Manager




MacRumors
Jun 10, 2013, 01:01 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2013/06/10/apple-announces-icloud-keychain-1password-like-password-manager-for-mac-os-x-mavericks/)


Today at Apple's Worldwide Developer Conference Keynote, while talking about Mac OS X Mavericks, Senior Vice President of Software Engineering Craig Federighi announced a new password manager called iCloud Keychain for Safari.

The feature can remember website logins, credit card numbers and WiFi network information and sync them across all systems. It can also autofill credit card information.

http://images.macrumors.com/article-new/2013/06/f1370886670.jpg
Federighi noted that iCloud Keychain can also generate and recommend passwords for users and then the system will use that password, if the user chooses, from then on.

Back in April 2012, MacRumors noted (http://www.macrumors.com/2012/04/23/apple-may-add-secure-password-suggestions-to-safari-with-os-x-mountain-lion/) that Apple had included strings in developer betas of Safari 5.2 hinting at secure password suggestions coming to Safari in OS X Mountain Lion. Apple did not, however, ultimatelyintroduce the feature for developer or public builds of Mountain Lion.

Article Link: Apple Announces iCloud Keychain, 1Password-Like Password Manager (http://www.macrumors.com/2013/06/10/apple-announces-icloud-keychain-1password-like-password-manager-for-mac-os-x-mavericks/)



mcrawley
Jun 10, 2013, 01:09 PM
Love it even though I will stick with my existing one (still need Windows capability). This gets the idea of password managers much more mainstream and that is a really, really good thing.

daneoni
Jun 10, 2013, 01:12 PM
In light of PRISM i'm wary...

lighthouse_man
Jun 10, 2013, 02:07 PM
In light of PRISM i'm wary...

Exactly. I don't know why I was expecting them to mention something about it today yet it makes sense for them not to.

timbos
Jun 10, 2013, 02:10 PM
LOL. I bought 1Password yesterday :rolleyes:

Ahheck01
Jun 10, 2013, 02:14 PM
LOL. I bought 1Password yesterday :rolleyes:

I feel ya, but think about how Agilebits must feel (the devs).

forgotmyhandle
Jun 10, 2013, 02:25 PM
Is the "Mac" back in the OS name?

unplugme71
Jun 10, 2013, 02:30 PM
I feel ya, but think about how Agilebits must feel (the devs).

Well 1password works for PC. It stores your CCID number. It can store other things like Serial Numbers/product keys for software, etc all securely.

So its existence is still capable and most likely will continue to use it. However, Apple is getting closer to killing off third-party apps.

I just closed my Pandora account for example.

gcortes
Jun 10, 2013, 02:50 PM
I'll try it out, but I have over 100 passwords in Roboform. Unless I can export from Roboform into keychain, I don't think I'll go with it. On the other hand, it's free.

poobear
Jun 10, 2013, 02:56 PM
In light of PRISM i'm wary...
They already have all your things don't worry

AppleMark
Jun 10, 2013, 02:59 PM
In light of PRISM i'm wary...

I felt the same way when they were demo-ing iWorks in the cloud.

SeattleMoose
Jun 10, 2013, 03:02 PM
The push to "the cloud" is being fueled by exactly this sort of "bait". This is a spook agency wet dream. No thanx.

cyclotron451
Jun 10, 2013, 03:17 PM
not an expert one by any means - but I've helped out on 10.7 & 10.8.1,2,3 & 4 beta-testing. I don't see anyway that I can let my data/keychain/iWork in the iCloud anywhere near CONUS.

looks like my work PCs will have to migrate to some form of locked-down Ubuntu. I guess I might buy a new MBA for the memories, but as with some of you other users - PRISM and its related technologies give me the message that I WANT TO CONTROL MY OWN DATA AND PII

NSA-Maverix, Nien Danke!

ugahairydawgs
Jun 10, 2013, 03:23 PM
not an expert one by any means - but I've helped out on 10.7 & 10.8.1,2,3 & 4 beta-testing. I don't see anyway that I can let my data/keychain/iWork in the iCloud anywhere near CONUS.

looks like my work PCs will have to migrate to some form of locked-down Ubuntu. I guess I might buy a new MBA for the memories, but as with some of you other users - PRISM and its related technologies give me the message that I WANT TO CONTROL MY OWN DATA AND PII

NSA-Maverix, Nien Danke!

To each his own. I'll take the convenience. If the NSA wants to read my boring ass email full of Amazon receipts and porn spam....then more power to them.

WilliamLondon
Jun 10, 2013, 03:32 PM
Agree with all the PRISM crap lately a statement in light of something like this wouldn't have been amiss, but aside from that, I've been wanting this functionality in Apple land for years. Tried 1Password, hated it (I'm in the minority I realise, but it just didn't work as I expected and was always asking me for information and popping up when I thought it should "just handle things"), so I'm thrilled to see this, especially since we lost some of this functionality when we lost iDisk.

This is a great addition in functionality, very glad to see this.

yojo056
Jun 10, 2013, 03:34 PM
This is just a feature being re-added that was taken out during the switch from MobileMe to iCloud. MobileMe had this feature long ago... but I feel that slowly as they refine iCloud their building back in features.

musio
Jun 10, 2013, 03:35 PM
if there is a way to store other credentials (serials, notes etc) then i feel bad for 1password.

timehacker11
Jun 10, 2013, 03:57 PM
LMAO at all the people worrying about privacy.

Let me ask them something: What privacy? YOU NO LONGER HAVE privacy, especially with the Patriot Act and Facebook and with nearly all of Facebook's members posting what they're doing every five seconds, iCloud Keychain seems like a text file compared to Facebook.

bigwig
Jun 10, 2013, 03:57 PM
if there is a way to store other credentials (serials, notes etc) then i feel bad for 1password.
Depends on how usable it is. The Keychain app isn't very usable even just for remembering things. If they copy the 1P interface wholesale, or have Safari hooks only for iCloud Keychain that 1P can't use, then yeah I can see a problem for Agile Bits.

movie-mac
Jun 10, 2013, 04:04 PM
if there is a way to store other credentials (serials, notes etc) then i feel bad for 1password.

That would seem unlikely, because it's just too confusing in the Apple universe and for the people this is targeted at. Serials you do not need, because you are supposed to buy your software through the Mac App Store and for notes there is the Notes app which syncs as well (I know, secure notes vs. "unsecure" etc.).

But I still think it will take away quite a bit of the market for 1P, especially because it isn't exactly cheap for both OS X and iOS. If you are Apple-hardware only, there is practically no reason to pay for 1P anymore.

definitive
Jun 10, 2013, 04:06 PM
so on computers this will only work through safari? meh if so

Rog210
Jun 10, 2013, 04:42 PM
I felt the same way when they were demo-ing iWorks in the cloud.

Yeah. I'm not going anywhere near this.

Boraxo
Jun 10, 2013, 06:03 PM
LOL. I bought 1Password yesterday :rolleyes:

+1 I bought mine a month ago. However I like the fact that 1Password resides on my machine, not on the cloud where government snoops can get it.

SBlue1
Jun 10, 2013, 06:04 PM
In light of PRISM i'm wary...

so if I forget one of my passwords I can ask the NSA? great!

Mattjeff
Jun 10, 2013, 06:07 PM
LOL. I bought 1Password yesterday :rolleyes:

Dido on that, and I got their calendar app... :o

----------

so if I forget one of my passwords I can ask the NSA? great!

haha (worried laughter) NSA has an app for that...

skippymac
Jun 10, 2013, 06:15 PM
LOL. I bought 1Password yesterday :rolleyes:
+1 I bought mine a month ago. However I like the fact that 1Password resides on my machine, not on the cloud where government snoops can get it.

I too bought it recently and was a little annoyed, but like you say, I like the cross platform goodness and the fact I can store it locally. I may find a place for both, especially if the iOS keychain thing works well with apps.

I feel ya, but think about how Agilebits must feel (the devs).

I was actually wondering if they heard about this in advance, (from Apple or otherwise) as they started a half price sale not 2 weeks ago, calling it a "pre-WWDC sale" iirc. Possibly trying to get as many sales as possible before this.

h00ligan
Jun 10, 2013, 06:18 PM
Agree with all the PRISM crap lately a statement in light of something like this wouldn't have been amiss, but aside from that, I've been wanting this functionality in Apple land for years. Tried 1Password, hated it (I'm in the minority I realise, but it just didn't work as I expected and was always asking me for information and popping up when I thought it should "just handle things"), so I'm thrilled to see this, especially since we lost some of this functionality when we lost iDisk.

This is a great addition in functionality, very glad to see this.

You might have used an old version. My only complaint is the iOS apps being so much better than the desktop app....though I am goin to point out one minor thing that annoys me in the iOS version to the devs

I don't think this will a) matter much to third party devs b)provide any real security to the end users who will use it.

They'll still use a four digit pin on the device and still use a eek password like grandma on the keychain. So.....

I doubt even that most the people talking s are running a 14 character random password on their phone and a different one on the 1password, and not jail breaking, and using VPN for all connections to their home network which then bounces to an anonymous VPN.

People won't even bother to type a s: after http

ckeck
Jun 10, 2013, 06:21 PM
To each his own. I'll take the convenience. If the NSA wants to read my boring ass email full of Amazon receipts and porn spam....then more power to them.

And that younglings is how your liberties and privacy perish. Seems like a minor issue now but this leads to far worse.

Very dangerous mentality.

IGregory
Jun 10, 2013, 07:04 PM
I feel ya, but think about how Agilebits must feel (the devs).

I'll withhold judgement until I see it. 1Password is at the top of the heap as far as I am concerned.

----------

I feel ya, but think about how Agilebits must feel (the devs).

I'll withhold judgement until I see it. 1Password is at the top of the heap as far as I am concerned. Plus, 1Password does other things like: secure notes, identities and accounts. 1Password will be updating its program shortly with enhancements.

----------

How did I do that?

stol
Jun 10, 2013, 07:32 PM
I feel ya, but think about how Agilebits must feel (the devs).

1Password is a cross-browser solution, so it wins the case. They should focus on pointing this out.

I can see though using iCloud Keychain with some not crucial passwords [e.g. MacRumors login :rolleyes:] mainly because I am usually bored to open the 1Password app on iOS and have to copy password or use the embedded browser.

Now regarding privacy/safety/PRISM/whatever issues, how is iCloud less secure than, say, Dropbox? (which is what 1Password suggests for keychain sync)

ckeck
Jun 10, 2013, 08:57 PM
Now regarding privacy/safety/PRISM/whatever issues, how is iCloud less secure than, say, Dropbox? (which is what 1Password suggests for keychain sync)

The 1Password key file is itself encrypted before it's placed on a service such as Dropbox. So if your data was shared by Dropbox as least you know that the keyfile is hardened, to some degree anyways.

I'm not sure on what scale Apple is actually participating in everything that is going on or if they would make your data available in wide open fashion. This is the main difference I can see with the information available.

ugahairydawgs
Jun 10, 2013, 09:39 PM
And that younglings is how your liberties and privacy perish. Seems like a minor issue now but this leads to far worse.

Very dangerous mentality.

That ship has sailed. To me the decision is not which online provider to use. Anything is vulnerable once it is online. So the true decision becomes what content do you let leave your local machine.

Stella
Jun 10, 2013, 09:51 PM
1Password works with the majority of login / info etc pages and has taken a long time to do so. Plus Agilebits are very responsive. I highly doubt Apple's solution will be as reliable and will be as responsive to fix bugs that cause login and other info pages not to work.

The existing fill functionality of Safari is so unreliable its not worth using.

I'm sure AgileBits will suffer loss of sales due to this, but they can advertise on significant shortcomings of iCloud keychain.
Also, whats to stop Agilebits from using the iCloud Keychain to integrate with 1Password, assuming Apple allow this?

As others point out - 1Password works with multiple browsers and multi-platform. Apple's solution will work for Safari and Mac only.

1Password 4 is just around the corner.. looking forward to v4.

thefourthpope
Jun 10, 2013, 10:12 PM
The biggest issue for me will be not wanting to re-submit all my logins. Right now they're in 1Password, and I doubt that Apple will include an "import from 1Password" option (1P does have "import from Safari"). So, my own issues with Apple having direct access to all of my logins aside (I have no reason to think the NA can't get into Agilebits), this likely won't be something I pick up.

----------



I'll withhold judgement until I see it. 1Password is at the top of the heap as far as I am concerned. Plus, 1Password does other things like: secure notes, identities and accounts. 1Password will be updating its program shortly with enhancements.


Given how poorly Safari handles autofill from my contact card (inconsistently distinguishes between multiple email/physical addresses, etc.) I also doubt they'll trump 1Password

iSee
Jun 10, 2013, 10:13 PM
I too bought it recently and was a little annoyed, but like you say, I like the cross platform goodness and the fact I can store it locally. I may find a place for both, especially if the iOS keychain thing works well with apps.



I was actually wondering if they heard about this in advance, (from Apple or otherwise) as they started a half price sale not 2 weeks ago, calling it a "pre-WWDC sale" iirc. Possibly trying to get as many sales as possible before this.

Add me to the list of recent purchasers!
Oh well. 1Password does seem to have some additional features and works on Windows too. And OS X 10.9 & iOS 7 aren't out yet.

thefourthpope
Jun 10, 2013, 10:15 PM
That ship has sailed. To me the decision is not which online provider to use. Anything is vulnerable once it is online. So the true decision becomes what content do you let leave your local machine.

I think you mean the content you choose to let leave your pen and paper :p. The always-on data connections have really blurred that local/online distinction.

ChrisA
Jun 10, 2013, 10:54 PM
To each his own. I'll take the convenience. If the NSA wants to read my boring ass email full of Amazon receipts and porn spam....then more power to them.

I agree. These people complain but don't think. They don't want to store email on the cloud because some one might see it. Well it is TO LATE. The email was already inside 3 to 12 email servers BEFORE you got to read it. Those servers get backed up and so now your old mails are on dozens of disk drives all over the world.

But it you store you email locally on you own drive you feel better because "you have control".

I currently have 100+ documents on iCloud, mostly made with Pages. It works well. I can work on a document at home on my iMac or on the macbook or I can even leave my computer at home and use one of the iMacs in the university library. It gets backed up for me. OK maybe someone can read it. but I'mm will to bet to $$ that it would be easier for you to break into my house and take my iMac then for you to get my data off iCloud.

Mr. Retrofire
Jun 11, 2013, 01:25 AM
Now regarding privacy/safety/PRISM/whatever issues, how is iCloud less secure than, say, Dropbox? (which is what 1Password suggests for keychain sync)
The OS X keychain has certain recovery options. It is easy for Apple to encrypt a second copy of your keychain with the public key of the NSA. Only the NSA can decrypt this copy of they keychain (public key cryptography). Apple has implemented a key recovery mechanism in FileVault 2, so a similar “invisible” recovery mechanism in the OS keychain would not surprise me.

rohitp
Jun 11, 2013, 01:33 AM
I sure hope there's a way to sync this w/o using iCloud. I use 1Password but stick to syncing on my network and do not use iCloud for that. Even my devices are backed up to my Mac's external HD.

I use iCloud for my contacts, etc., but for my passwords and login credentials... NO!! Good enough reason to stick with 1Password.

Yuppi
Jun 11, 2013, 02:27 AM
From a PRISM perspective the idea of storing your passwords in the cloud does not really make a difference. They can get access to your server side data anyway.

I think I will use both, 1Password and keychain. Keychain for stuff like WiFi passwords and passwords that I use frequently on a mobile device (which are not many). But the rest will still be managed by 1Password, because it works on many other devices, has a web page (which you can access with any browser from any device) and can store other data as well..

Lets wait and see what Apple is exactly doing with it. I just hope, and think that AgileBits will do this, that 1Password will work with the keychain export as well as import.

Michaelgtrusa
Jun 11, 2013, 04:33 AM
Can you back up this keychain? 1password will be ok for now.

tobyw7
Jun 11, 2013, 06:23 AM
+1 I bought mine a month ago. However I like the fact that 1Password resides on my machine, not on the cloud where government snoops can get it.

1Password actually supports iCloud and Dropbox for 1Password Anywhere - which lets you access your passwords from any web-enabled device. Obviously if you don't use that feature then it is all stored on your computer locally only.

chaosbunny
Jun 11, 2013, 07:55 AM
I don't have that many accounts so I don't need this. Plus I don't use iCloud or similar services anyway.

As long as I don't have to use stuff like that it's great for people who don't value their personal information.

cclloyd
Jun 11, 2013, 12:47 PM
Apparently my passcode isn't strong enough to use it on my iphone...

ChrisA
Jun 11, 2013, 01:10 PM
In light of PRISM i'm wary...

I assume the data are al encrypted before it leaves your device. If not then, yes this is useless. But let's assume the engineers at Apple were at least half way competent and used encryption with the key remaining on the device

----------

IAs long as I don't have to use stuff like that it's great for people who don't value their personal information.

I figure the information is encrypted. If it then you can show it to anyone without worry.

It's no worse then sending credit card information over the Internet. As long as your use https:// you are OK, well OK if you trust the end point (like Amazon) to not leak your data.

----------

I sure hope there's a way to sync this w/o using iCloud. I use 1Password but stick to syncing on my network and do not use iCloud for that. Even my devices are backed up to my Mac's external HD.

I use iCloud for my contacts, etc., but for my passwords and login credentials... NO!! Good enough reason to stick with 1Password.

If one wants to be paranoid, how do you know that 1Pasword is not sending your data to someplace? I don't think they do but I can't prove it. So it comes down to either (1) we use only Open Source software that we build ourselves or (2) we trust the people who sell us the service. So, why not trust iCloud to get is right? We can assume the data are stored using strong encryption.

Mr Rabbit
Jun 11, 2013, 01:52 PM
It can store other things like Serial Numbers/product keys for software, etc all securely.

Not sure how 1Password implements this (if it's the same "pop up and confirm" process like password or not) but wouldn't Keychain's secure notes provide similar functionality? Thats basically how I track my serials and account info at home, using secure notes that must be unlocked using your keychain password in order to view the sensitive content. If keychain is syncing your full keychain contents then it seems like this will be included.

isomorphic
Jun 11, 2013, 01:54 PM
I am a long-time 1Password user. I was one of the people who complained, loudly, when 1Password removed LAN-based syncing in favor of either iTunes or cloud-only options. (To AgileBits' credit, they now have a beta USB syncing utility which somewhat addresses the problem.)

It amuses me to see people suddenly concerned about cloud services, now that the PRISM news rubs everyone's face in it.

I'm sure iCloud Keychain will be very nice for those who use Safari only and don't care about the cloud. In the meantime I will keep my passwords file--encrypted or not--off cloud services.

I'm not opposed to cloud services for documents, but keeping all your passwords on third-party servers is just asking for trouble.

(Yes, a properly-AES256-encrypted file is unlikely to be decrypted--if the encryption has no bugs and there aren't any surprise escrow keys. Very recently Apple had a bug where FileVault was logging plaintext passwords to the bloody system console. The impact of that bug is much less severe when there aren't a zillion copies of your encrypted data everywhere.)

trainwrecka
Jun 11, 2013, 02:42 PM
Should have been titled: Apple resurrects a feature from .Mac and MobileMe and makes it better. This needs to come back.

jrm27
Jun 11, 2013, 03:46 PM
I currently use LastPass, and it has been great. I wish I could use it on my phone without jumping through so many hoops, but I haven't had too much of a problem with it yet.

I liek the idea that icloud keychain would be able to access all my passwords while on my iphone/ipad. That'd be really nice.

unplugme71
Jun 11, 2013, 04:04 PM
Not sure how 1Password implements this (if it's the same "pop up and confirm" process like password or not) but wouldn't Keychain's secure notes provide similar functionality? Thats basically how I track my serials and account info at home, using secure notes that must be unlocked using your keychain password in order to view the sensitive content. If keychain is syncing your full keychain contents then it seems like this will be included.

1Password allows you to enter more meta-data like purchase date, purchase price, purchase location (store), has fields for support email, support contact name, etc.

So when you want to price compare from last years version, or need support, you have your serial number, order number, email or phone number to create the request all from one screen.

Sure you can type it in notes, but 1Password does a great job of storing this info. Plus you can create tags for quick searching when you have a lot of serialized software titles.

----------

I am a long-time 1Password user. I was one of the people who complained, loudly, when 1Password removed LAN-based syncing in favor of either iTunes or cloud-only options. (To AgileBits' credit, they now have a beta USB syncing utility which somewhat addresses the problem.)

It amuses me to see people suddenly concerned about cloud services, now that the PRISM news rubs everyone's face in it.

I'm sure iCloud Keychain will be very nice for those who use Safari only and don't care about the cloud. In the meantime I will keep my passwords file--encrypted or not--off cloud services.

I'm not opposed to cloud services for documents, but keeping all your passwords on third-party servers is just asking for trouble.

(Yes, a properly-AES256-encrypted file is unlikely to be decrypted--if the encryption has no bugs and there aren't any surprise escrow keys. Very recently Apple had a bug where FileVault was logging plaintext passwords to the bloody system console. The impact of that bug is much less severe when there aren't a zillion copies of your encrypted data everywhere.)

This is why I hate that 1Password won't use WebDAV and only Dropbox or iCloud. I rather be the 'owner' of my data.

I have two Mac Mini's, one at my place and one at my parents, both behind a firewall. Both Mini's run OS X Server with a VPN connection to each other. Data is sync'd across regularly and encrypted. I can connect my iPhone and iPad over VPN to either server to get my data. This method provides me with an off-site location, ownership, data replication, and security. The fact they live 1,200 miles away also helps that if my server is down due to hardware or local network conditions, I can still connect to another region of the US where it may not be impacted. Or if I happen to visit them, I'm pulling data locally or from a closer 'server'.

Most apps let me sync my pref's or files using WebDav, except for 1Password. This is the one reason why I may actually ditch the app!

I wish I could setup another Mac mini on the west coast, as this would give me three geographic points to connect and replicate too.

WestonHarvey1
Jun 11, 2013, 04:48 PM
LMAO at all the people worrying about privacy.

Let me ask them something: What privacy? YOU NO LONGER HAVE privacy, especially with the Patriot Act and Facebook and with nearly all of Facebook's members posting what they're doing every five seconds, iCloud Keychain seems like a text file compared to Facebook.

People don't generally post their passwords for everyone to see on Facebook.

Why are you so upset that anyone is concerned about PRISM?

You know the NSA is not going to give you a special award for defending them, right?

isomorphic
Jun 11, 2013, 09:31 PM
This is why I hate that 1Password won't use WebDAV and only Dropbox or iCloud. I rather be the 'owner' of my data.

I have two Mac Mini's, one at my place and one at my parents, both behind a firewall. Both Mini's run OS X Server with a VPN connection to each other. Data is sync'd across regularly and encrypted. I can connect my iPhone and iPad over VPN to either server to get my data. This method provides me with an off-site location, ownership, data replication, and security. The fact they live 1,200 miles away also helps that if my server is down due to hardware or local network conditions, I can still connect to another region of the US where it may not be impacted. Or if I happen to visit them, I'm pulling data locally or from a closer 'server'.

Most apps let me sync my pref's or files using WebDav, except for 1Password. This is the one reason why I may actually ditch the app!

I wish I could setup another Mac mini on the west coast, as this would give me three geographic points to connect and replicate too.

If you are syncing from your Mac minis to another Mac, you can rsync over ssh. You can probably just rsync the ~/Library/Containers/com.agilebits.onepassword-osx-helper folder, although that would be more like a backup or copy rather than a true two-way sync.

I think 1Password will let you sync with one of their agilekeychain_zip files; you could copy the backup file from one Mac to another then do a sync. Sure it's a PITA but it's all on your private computers.

AgileBits seems responsive to their customers, so if I were you I'd drop them a line about private WAN syncing.

donutbagel
Jun 12, 2013, 12:08 AM
LMAO at all the people worrying about privacy.

Let me ask them something: What privacy? YOU NO LONGER HAVE privacy, especially with the Patriot Act and Facebook and with nearly all of Facebook's members posting what they're doing every five seconds, iCloud Keychain seems like a text file compared to Facebook.

How does Facebook's members posting what they're doing every five seconds ruin your privacy? FYI my name is essentially unknown to the "Internet". I was born January 1, 1960 :rolleyes:

----------

People don't generally post their passwords for everyone to see on Facebook.

Why are you so upset that anyone is concerned about PRISM?

You know the NSA is not going to give you a special award for defending them, right?

What is PRISM going to do, get into my YouTube account? If they feel like going in there, sure, go ahead. It looks like crap anyway because of the new layout.

redAPPLE
Jun 12, 2013, 03:38 AM
Is the "Mac" back in the OS name?

don't think so. the site (http://www.apple.com/osx/preview/) states it so.

AbSoluTc
Jun 12, 2013, 08:45 AM
Here is my response to another thread...

Maybe it's just me and how I use 1Password but these are really two different utilities. iCloud Keychain is used to store items you use online. 1Password I use to store those things as well as logins for routers, wifi, webpages, computers, any online credential, credit cards, cards, software license keys and the like. I need a secure place for that.

As far as I know, iCloud Keychain is for Safari only and for webpage login/transactions only. If that's all you need, great. For me, I want more. 1Password works for me. I have it on Mac, Windows, iOS and the like. Synced to my DropBox.

So yeah, two different types of utilities here.

Kissaragi
Jun 12, 2013, 08:52 AM
Nice to see this built in. Everyone should be using some kind of password manager these days unless they have a really amazing memory.

1password works very well tho so I cant see myself switching anytime soon.

lhunath
Jun 12, 2013, 09:00 AM
This is a pretty neat solution; the most exciting part of it being that passwords are generated for you: You don't need to invent your own "secure" passwords anymore. Inventing good passwords is really troublesome and most people fail at it anyway.

But I still don't like that the solution is based on an "encrypted vault" which is then synced between devices and stored in the cloud. That concept has a lot of important problems; and when it involves my passwords, I really don't ever want to run into trouble with any of them:

1. Your passwords need to sync before they become ubiquitously available. That means coming online with ALL devices, and waiting for the cloud service to sync between them. Never mind what happens when conflicts arise!
2. Your passwords are not reproducible without the cloud storage; which means if you lose access to your Apple ID, you lose access to ALL your passwords; since you don't actually know any of them.
3. There's a very important meme being broken here: Regardless of how much security and encryption is claimed: if you don't know HOW it works, you CANNOT trust that it is secure in the way that you need it to be secure. One example is Skype's encryption...
4. We may all trust Apple, but should you? And even if you should, given that it's subject to US laws and increasing surveillance, can you? Look to the future, there's no telling what the world will look like in 10 years, but I'm pretty sure I don't want anyone able to get into all my private stuff.

Anyway, if you're still with me, you may be interested to check out Master Password (http://masterpasswordapp.com); it generates your passwords, but doesn't store or sync them ever, and still makes them ubiquitously available with no risk of losing them. Check out the algorithm page if you're curious how. But note that the Mac app isn't on the App Store yet (will be in a few weeks).

OldSchoolMacGuy
Jun 12, 2013, 11:26 AM
I feel ya, but think about how Agilebits must feel (the devs).

Happens all the time (Growl being killed by Notifications in 10.8 for example). Have had Apple take and integrate many of our company's products over the years.

Sucks for the company but it's great for the end user as now everyone gets access to it without having to pay $50 for it.

You have two choices as a software developer when this happens. You can either give up and move on which is generally easier or you can push harder and make your product even better. Offer features Apple doesn't. Remember that small developers can react and change much quicker than a giant like Apple can. Apple rarely adds all of the features contained in the products they integrate. Make your product stand apart from what Apple offers. We've gone both directions in the past. With a couple products we've cut our losses and moved on, happy that we were able to sell it for so many years before it became part of the OS. With others we've added new features well beyond what OS X offers and it has made the product far more valuable and keeps it selling.

MuseumVisitor
Jun 12, 2013, 11:49 AM
I sure hope there's a way to sync this w/o using iCloud. I use 1Password but stick to syncing on my network and do not use iCloud for that. Even my devices are backed up to my Mac's external HD.

I use iCloud for my contacts, etc., but for my passwords and login credentials... NO!! Good enough reason to stick with 1Password.


Same with me.
As it is right now, they are all too scary for my private data to be in anybody's box or cloud.

I see no difference btw. 1P and iCloud Keychain if they are both using outside servers. Few people will recognize extra features of 1P but many many will not and will not pay for extra.

The only difference 1P can make if they reintroduce local wifi synching for people who want to have this choice. That alone would distinguish them from anybody else. However, no matter what/if/and when I would still be disappointed in 1P that they did not anticipate this need in advance.

I'm happy that Apple have this new function which creates more competition and can make other developers to listen to users' needs more closely. Otherwise, their business can be slowly getting smaller and smaller.

bedifferent
Jun 12, 2013, 12:08 PM
Maybe this will light a fire under the butts at AgileBits for 1Password for Mac. They've been great at updating their iOS app, but slow with OS X. 1Password for Mac 4.0 has been due for a long time, seems their focus is on iOS for greater market share. It still requires a desktop app, and a lot of 1Password users have given up on their excuses for delaying OS X updates.

----------

Here is my response to another thread...

Maybe it's just me and how I use 1Password but these are really two different utilities. iCloud Keychain is used to store items you use online. 1Password I use to store those things as well as logins for routers, wifi, webpages, computers, any online credential, credit cards, cards, software license keys and the like. I need a secure place for that.

As far as I know, iCloud Keychain is for Safari only and for webpage login/transactions only. If that's all you need, great. For me, I want more. 1Password works for me. I have it on Mac, Windows, iOS and the like. Synced to my DropBox.

So yeah, two different types of utilities here.

Actually, Safari prompts you when it detects a credit card purchase and asks if you would like to store that card for future needs. It also remembers licenses for software purchases and will be including more robust features in future beta's.

AbSoluTc
Jun 12, 2013, 02:51 PM
Maybe this will light a fire under the butts at AgileBits for 1Password for Mac. They've been great at updating their iOS app, but slow with OS X. 1Password for Mac 4.0 has been due for a long time, seems their focus is on iOS for greater market share. It still requires a desktop app, and a lot of 1Password users have given up on their excuses for delaying OS X updates.

----------



Actually, Safari prompts you when it detects a credit card purchase and asks if you would like to store that card for future needs. It also remembers licenses for software purchases and will be including more robust features in future beta's.

It won't let you add license keys for Windows products, wifi keys, passwords and the like. As far as I know. It's web based for safari, websites and buying things.

bedifferent
Jun 12, 2013, 03:52 PM
It won't let you add license keys for Windows products, wifi keys, passwords and the like. As far as I know. It's web based for safari, websites and buying things.

The Keychain app that has been in OS X (utilities folder) stores passwords, certificates, keys for a long time. Keychain syncing was included in .Mac and MobileMe, removed with the recent "iCloud" iteration. It never stored credit cards, but I made a few purchases in Safari in 10.9 and it prompted me to remember this card, something it has never done. I've also made a software purchase outside of the App Store, somehow it recognized a license key and requested the same. I have the sense more is to come as the beta's are released, but yes, it seems web based. I don't know about Windows information, but with iWork becoming web based and more iCloud cross platform support, it seems Apple is filling in voids for non Mac users in their services.

Oh and two-step verification(s) are more present, I've received requests for verification pins to a mobile device or secondary email account in Messages and other OS X account related app's.

liavman
Jun 13, 2013, 02:18 AM
they threw in Wi-Fi passwords there too. Interesting. This can come in handy with the current Apple TV or the rumored future TV to get them on the wifi network automatically. Entering a long sequence of WI-FI password using that awful remote is a big pain point indeed.

macgabe
Jun 14, 2013, 02:30 AM
All depends on implementation.

Apple has a very mixed track record with minor software projects and syncing. Often doesn't update them for years or locks you into awkward systems.

Let's hope the Keychain is more reliable than Notes, which will happily delete the last note you've written, on quit.

If it's completely reliable, works cross-browser, and you can use wifi syncing (Air Drop?) instead of the cloud, I might just dump 1password for it. But, unfortunately, I think it it's more likely to be aimed at people who use no password manager currently.

Notes is no replacement for Evernote, iPhoto no replacement for Lightroom, Spotlight not quite as good as Butler, Text Edit not a patch on Textwrangler, Pages is feeble compared to Word, but they're all OK (except Notes) for low level use.

musio
Jun 14, 2013, 11:17 AM
Apple
Pros - it's free
Cons - it's in the cloud and once in the cloud, everybody can peek in..

1Pass
Pros - Sensitive data is yours and nobody has the file but you.
Cons - it costs

timehacker11
Jun 14, 2013, 02:12 PM
People don't generally post their passwords for everyone to see on Facebook.

Why are you so upset that anyone is concerned about PRISM?

You know the NSA is not going to give you a special award for defending them, right?

Defending the NSA? Your joking, right?

"People don't generally post their passwords for everyone to see on Facebook."

Are you seriously comparing posting passwords on Facebook with storing passwords in the cloud? Correct me if I'm wrong, but I can't see what you store in your iCloud account, but I'm sure I'll be able to see some information about you on Facebook. Your at the same level of risk of storing passwords on your computer as you are in the cloud.

The main reason I'm "upset" (as you put it) that anyone is concerned about PRISM is because you REALLY think the Government JUST started spying on people in 2007?

WestonHarvey1
Jun 14, 2013, 02:24 PM
Are you seriously comparing posting passwords on Facebook with storing passwords in the cloud? Correct me if I'm wrong, but I can't see what you store in your iCloud account, but I'm sure I'll be able to see some information about you on Facebook. Your at the same level of risk of storing passwords on your computer as you are in the cloud.

You were the one who seemed to be making the comparison. You were making the cynical "don't tell me you're worried about your passwords, I saw what you had for dinner on Facebook last night" argument.

GaresTaylan
Jun 14, 2013, 05:47 PM
Anyone else having issues with getting it to work? I started it up on one Mac and then tried to add my phone and a second mac to it. I enter in my 4 digit code and it says its sending a verification code to my phone - yet I never get one.

mrapplegate
Jun 14, 2013, 05:48 PM
I can't get it to keep generated passwords. Clearly a beta.

Extcee
Jun 15, 2013, 07:32 AM
I can't get it to keep generated passwords. Clearly a beta.

Same.. I have set my MacRumors password to an iCloud generated..

Can't seem to find this in Keychain, Safari Passwords or on my iPhone although iCKeychain is turned on on both devices.

Davmeister
Jun 15, 2013, 07:34 AM
Nice to see this built in. Everyone should be using some kind of password manager these days unless they have a really amazing memory.

1password works very well tho so I cant see myself switching anytime soon.

Can you explain how it works, for e.g., with Facebook? One thing I enjoy about using my own password is that I can go on Facebook wherever I am. Furthermore, if I delete and reinstall the Facebook app, or eBay app etc. on my iPhone I know the password and can sign in straight away. If Safari generates a random one when signing up for Facebook/eBay, I won't be able to remember it, or?

I know its not as secure but can you explain this?

Thanks

Steeley
Jun 15, 2013, 08:09 AM
I can see though using iCloud Keychain with some not crucial passwords [e.g. MacRumors login :rolleyes:] mainly because I am usually bored to open the 1Password app on iOS and have to copy password or use the embedded browser.

Same here. I use 1Password but I don't like having to either use its in-built browser on my iPad or copy/paste to Safari to login to basic sites. I'll probably use them concurrently for a while.

If anything, this will stop me upgrading to 1Password 4 for now.

One thing I hope is that they'll add it the keychain to the iCloud web interface. I do some work in Windows and it'd be good to have access in a browser window.

Oui
Jun 15, 2013, 09:13 AM
To each his own. I'll take the convenience. If the NSA wants to read my boring ass email full of Amazon receipts and porn spam....then more power to them.

This is the kinds of people that have put the US in its current state.

ugahairydawgs
Jun 15, 2013, 09:24 AM
This is the kinds of people that have put the US in its current state.

Do explain

GaresTaylan
Jun 16, 2013, 12:31 PM
Im still having a lot of issues, but thats to be expected with a beta.

When I finally do manage to get a new device added, it seems to turn keychain off for all my other devices and I have to go back in and turn them back on.

In addition, like others have said, it doesn't seem to consistently sync information. Like with this site, my login info is being entered automatically on one machine only. I even cleared it out and resynced it with keychain - but it never makes its way to my other devices.

ajalro
Nov 25, 2013, 07:36 AM
The biggest issue for me will be not wanting to re-submit all my logins. Right now they're in 1Password, and I doubt that Apple will include an "import from 1Password" option (1P does have "import from Safari").

Is there a way now?

thefourthpope
Dec 9, 2013, 07:03 PM
Is there a way now?

Not that I've found. Safari just asks when I fill in a login form via 1password.