People don't generally post their passwords for everyone to see on Facebook.
Why are you so upset that anyone is concerned about PRISM?
You know the NSA is not going to give you a special award for defending them, right?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Announces iCloud Keychain, 1Password-Like Password Manager
- Thread starter MacRumors
- Start date
- Sort by reaction score
People don't generally post their passwords for everyone to see on Facebook.
Why are you so upset that anyone is concerned about PRISM?
You know the NSA is not going to give you a special award for defending them, right?
If you are syncing from your Mac minis to another Mac, you can rsync over ssh. You can probably just rsync the ~/Library/Containers/com.agilebits.onepassword-osx-helper folder, although that would be more like a backup or copy rather than a true two-way sync.
I think 1Password will let you sync with one of their agilekeychain_zip files; you could copy the backup file from one Mac to another then do a sync. Sure it's a PITA but it's all on your private computers.
AgileBits seems responsive to their customers, so if I were you I'd drop them a line about private WAN syncing.
How does Facebook's members posting what they're doing every five seconds ruin your privacy? FYI my name is essentially unknown to the "Internet". I was born January 1, 1960
----------
What is PRISM going to do, get into my YouTube account? If they feel like going in there, sure, go ahead. It looks like crap anyway because of the new layout.
Here is my response to another thread...
Maybe it's just me and how I use 1Password but these are really two different utilities. iCloud Keychain is used to store items you use online. 1Password I use to store those things as well as logins for routers, wifi, webpages, computers, any online credential, credit cards, cards, software license keys and the like. I need a secure place for that.
As far as I know, iCloud Keychain is for Safari only and for webpage login/transactions only. If that's all you need, great. For me, I want more. 1Password works for me. I have it on Mac, Windows, iOS and the like. Synced to my DropBox.
So yeah, two different types of utilities here.
Maybe it's just me and how I use 1Password but these are really two different utilities. iCloud Keychain is used to store items you use online. 1Password I use to store those things as well as logins for routers, wifi, webpages, computers, any online credential, credit cards, cards, software license keys and the like. I need a secure place for that.
As far as I know, iCloud Keychain is for Safari only and for webpage login/transactions only. If that's all you need, great. For me, I want more. 1Password works for me. I have it on Mac, Windows, iOS and the like. Synced to my DropBox.
So yeah, two different types of utilities here.
Passwords in the cloud
This is a pretty neat solution; the most exciting part of it being that passwords are generated for you: You don't need to invent your own "secure" passwords anymore. Inventing good passwords is really troublesome and most people fail at it anyway.
But I still don't like that the solution is based on an "encrypted vault" which is then synced between devices and stored in the cloud. That concept has a lot of important problems; and when it involves my passwords, I really don't ever want to run into trouble with any of them:
1. Your passwords need to sync before they become ubiquitously available. That means coming online with ALL devices, and waiting for the cloud service to sync between them. Never mind what happens when conflicts arise!
2. Your passwords are not reproducible without the cloud storage; which means if you lose access to your Apple ID, you lose access to ALL your passwords; since you don't actually know any of them.
3. There's a very important meme being broken here: Regardless of how much security and encryption is claimed: if you don't know HOW it works, you CANNOT trust that it is secure in the way that you need it to be secure. One example is Skype's encryption...
4. We may all trust Apple, but should you? And even if you should, given that it's subject to US laws and increasing surveillance, can you? Look to the future, there's no telling what the world will look like in 10 years, but I'm pretty sure I don't want anyone able to get into all my private stuff.
Anyway, if you're still with me, you may be interested to check out Master Password; it generates your passwords, but doesn't store or sync them ever, and still makes them ubiquitously available with no risk of losing them. Check out the algorithm page if you're curious how. But note that the Mac app isn't on the App Store yet (will be in a few weeks).
This is a pretty neat solution; the most exciting part of it being that passwords are generated for you: You don't need to invent your own "secure" passwords anymore. Inventing good passwords is really troublesome and most people fail at it anyway.
But I still don't like that the solution is based on an "encrypted vault" which is then synced between devices and stored in the cloud. That concept has a lot of important problems; and when it involves my passwords, I really don't ever want to run into trouble with any of them:
1. Your passwords need to sync before they become ubiquitously available. That means coming online with ALL devices, and waiting for the cloud service to sync between them. Never mind what happens when conflicts arise!
2. Your passwords are not reproducible without the cloud storage; which means if you lose access to your Apple ID, you lose access to ALL your passwords; since you don't actually know any of them.
3. There's a very important meme being broken here: Regardless of how much security and encryption is claimed: if you don't know HOW it works, you CANNOT trust that it is secure in the way that you need it to be secure. One example is Skype's encryption...
4. We may all trust Apple, but should you? And even if you should, given that it's subject to US laws and increasing surveillance, can you? Look to the future, there's no telling what the world will look like in 10 years, but I'm pretty sure I don't want anyone able to get into all my private stuff.
Anyway, if you're still with me, you may be interested to check out Master Password; it generates your passwords, but doesn't store or sync them ever, and still makes them ubiquitously available with no risk of losing them. Check out the algorithm page if you're curious how. But note that the Mac app isn't on the App Store yet (will be in a few weeks).
Happens all the time (Growl being killed by Notifications in 10.8 for example). Have had Apple take and integrate many of our company's products over the years.
Sucks for the company but it's great for the end user as now everyone gets access to it without having to pay $50 for it.
You have two choices as a software developer when this happens. You can either give up and move on which is generally easier or you can push harder and make your product even better. Offer features Apple doesn't. Remember that small developers can react and change much quicker than a giant like Apple can. Apple rarely adds all of the features contained in the products they integrate. Make your product stand apart from what Apple offers. We've gone both directions in the past. With a couple products we've cut our losses and moved on, happy that we were able to sell it for so many years before it became part of the OS. With others we've added new features well beyond what OS X offers and it has made the product far more valuable and keeps it selling.
Same with me.
As it is right now, they are all too scary for my private data to be in anybody's box or cloud.
I see no difference btw. 1P and iCloud Keychain if they are both using outside servers. Few people will recognize extra features of 1P but many many will not and will not pay for extra.
The only difference 1P can make if they reintroduce local wifi synching for people who want to have this choice. That alone would distinguish them from anybody else. However, no matter what/if/and when I would still be disappointed in 1P that they did not anticipate this need in advance.
I'm happy that Apple have this new function which creates more competition and can make other developers to listen to users' needs more closely. Otherwise, their business can be slowly getting smaller and smaller.
Maybe this will light a fire under the butts at AgileBits for 1Password for Mac. They've been great at updating their iOS app, but slow with OS X. 1Password for Mac 4.0 has been due for a long time, seems their focus is on iOS for greater market share. It still requires a desktop app, and a lot of 1Password users have given up on their excuses for delaying OS X updates.
----------
Actually, Safari prompts you when it detects a credit card purchase and asks if you would like to store that card for future needs. It also remembers licenses for software purchases and will be including more robust features in future beta's.
----------
Actually, Safari prompts you when it detects a credit card purchase and asks if you would like to store that card for future needs. It also remembers licenses for software purchases and will be including more robust features in future beta's.
It won't let you add license keys for Windows products, wifi keys, passwords and the like. As far as I know. It's web based for safari, websites and buying things.
The Keychain app that has been in OS X (utilities folder) stores passwords, certificates, keys for a long time. Keychain syncing was included in .Mac and MobileMe, removed with the recent "iCloud" iteration. It never stored credit cards, but I made a few purchases in Safari in 10.9 and it prompted me to remember this card, something it has never done. I've also made a software purchase outside of the App Store, somehow it recognized a license key and requested the same. I have the sense more is to come as the beta's are released, but yes, it seems web based. I don't know about Windows information, but with iWork becoming web based and more iCloud cross platform support, it seems Apple is filling in voids for non Mac users in their services.
Oh and two-step verification(s) are more present, I've received requests for verification pins to a mobile device or secondary email account in Messages and other OS X account related app's.
they threw in Wi-Fi passwords there too. Interesting. This can come in handy with the current Apple TV or the rumored future TV to get them on the wifi network automatically. Entering a long sequence of WI-FI password using that awful remote is a big pain point indeed.
All depends on implementation.
Apple has a very mixed track record with minor software projects and syncing. Often doesn't update them for years or locks you into awkward systems.
Let's hope the Keychain is more reliable than Notes, which will happily delete the last note you've written, on quit.
If it's completely reliable, works cross-browser, and you can use wifi syncing (Air Drop?) instead of the cloud, I might just dump 1password for it. But, unfortunately, I think it it's more likely to be aimed at people who use no password manager currently.
Notes is no replacement for Evernote, iPhoto no replacement for Lightroom, Spotlight not quite as good as Butler, Text Edit not a patch on Textwrangler, Pages is feeble compared to Word, but they're all OK (except Notes) for low level use.
Apple has a very mixed track record with minor software projects and syncing. Often doesn't update them for years or locks you into awkward systems.
Let's hope the Keychain is more reliable than Notes, which will happily delete the last note you've written, on quit.
If it's completely reliable, works cross-browser, and you can use wifi syncing (Air Drop?) instead of the cloud, I might just dump 1password for it. But, unfortunately, I think it it's more likely to be aimed at people who use no password manager currently.
Notes is no replacement for Evernote, iPhoto no replacement for Lightroom, Spotlight not quite as good as Butler, Text Edit not a patch on Textwrangler, Pages is feeble compared to Word, but they're all OK (except Notes) for low level use.
Last edited:
Defending the NSA? Your joking, right?
"People don't generally post their passwords for everyone to see on Facebook."
Are you seriously comparing posting passwords on Facebook with storing passwords in the cloud? Correct me if I'm wrong, but I can't see what you store in your iCloud account, but I'm sure I'll be able to see some information about you on Facebook. Your at the same level of risk of storing passwords on your computer as you are in the cloud.
The main reason I'm "upset" (as you put it) that anyone is concerned about PRISM is because you REALLY think the Government JUST started spying on people in 2007?
You were the one who seemed to be making the comparison. You were making the cynical "don't tell me you're worried about your passwords, I saw what you had for dinner on Facebook last night" argument.
iCloud Keychain issues?
Anyone else having issues with getting it to work? I started it up on one Mac and then tried to add my phone and a second mac to it. I enter in my 4 digit code and it says its sending a verification code to my phone - yet I never get one.
Anyone else having issues with getting it to work? I started it up on one Mac and then tried to add my phone and a second mac to it. I enter in my 4 digit code and it says its sending a verification code to my phone - yet I never get one.
Same.. I have set my MacRumors password to an iCloud generated..
Can't seem to find this in Keychain, Safari Passwords or on my iPhone although iCKeychain is turned on on both devices.
Can you explain how it works, for e.g., with Facebook? One thing I enjoy about using my own password is that I can go on Facebook wherever I am. Furthermore, if I delete and reinstall the Facebook app, or eBay app etc. on my iPhone I know the password and can sign in straight away. If Safari generates a random one when signing up for Facebook/eBay, I won't be able to remember it, or?
I know its not as secure but can you explain this?
Thanks
I can see though using iCloud Keychain with some not crucial passwords [e.g. MacRumors login
Same here. I use 1Password but I don't like having to either use its in-built browser on my iPad or copy/paste to Safari to login to basic sites. I'll probably use them concurrently for a while.
If anything, this will stop me upgrading to 1Password 4 for now.
One thing I hope is that they'll add it the keychain to the iCloud web interface. I do some work in Windows and it'd be good to have access in a browser window.
Im still having a lot of issues, but thats to be expected with a beta.
When I finally do manage to get a new device added, it seems to turn keychain off for all my other devices and I have to go back in and turn them back on.
In addition, like others have said, it doesn't seem to consistently sync information. Like with this site, my login info is being entered automatically on one machine only. I even cleared it out and resynced it with keychain - but it never makes its way to my other devices.
When I finally do manage to get a new device added, it seems to turn keychain off for all my other devices and I have to go back in and turn them back on.
In addition, like others have said, it doesn't seem to consistently sync information. Like with this site, my login info is being entered automatically on one machine only. I even cleared it out and resynced it with keychain - but it never makes its way to my other devices.