Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Are Mac's safe enough to not require a password manager

R

rawdawg

macrumors 6502a
Original poster
Jan 7, 2009
550
111
Brooklyn
Hello,
I have recently considered using a password manager to keep track of all my passwords. Currently I use Chrome and it prompts me whether it should remember passwords/usernames for websites.

Is there a clear advantage of using a password manager from a security standpoint on a Mac? I'll less inclined to pay a subscription fee to simply remember my passwords for websites consider Chrome does this automatically. Are Mac's secure enough on their own to not need a password manager for additional security?
 
rawdawg said:
Hello,
I have recently considered using a password manager to keep track of all my passwords. Currently I use Chrome and it prompts me whether it should remember passwords/usernames for websites.

Is there a clear advantage of using a password manager from a security standpoint on a Mac? I'll less inclined to pay a subscription fee to simply remember my passwords for websites consider Chrome does this automatically. Are Mac's secure enough on their own to not need a password manager for additional security?
Click to expand...
I think your question should instead be: do you trust Google to keep all your logins.
You are storing them on the Mac, but I do not believe that Chrome has access to the secure Apple Keychain in the computer, so they are saved to Google’s standard, not Apples as is used in Safari. So, I would say yes the Mac is secure, and keychain is too. But as far as if you want to go and trust google with all that information to be stored in their server that is up to you.
 
jgelin said:
I think your question should instead be: do you trust Google to keep all your logins.
You are storing them on the Mac, but I do not believe that Chrome has access to the secure Apple Keychain in the computer, so they are saved to Google’s standard, not Apples as is used in Safari. So, I would say yes the Mac is secure, and keychain is too. But as far as if you want to go and trust google with all that information to be stored in their server that is up to you.
Click to expand...
Interesting, I see your point. That said is there a consensus in the community here that password managers are better than simply using Keychain? I hear more and more about people using password managers with subscription fees but don't know it's thats from falling victim to advertising or if they do offer man than keychain.
 
rawdawg said:
That said is there a consensus in the community here that password managers are better than simply using Keychain? I hear more and more about people using password managers with subscription fees but don't know it's thats from falling victim to advertising or if they do offer man than keychain.
Click to expand...

I think it depends on your usage. 1Password is nice if you want cross platform password sync, but for the average Mac user I see zero reason to spend all that money on 1Password. Keychain can manage your passwords just fine and it can sync them to an iOS device using iCloud Keychain.

Is there something more than that you require that cannot be done by Keychain?
 
  • Like
Reactions: Big Bad D
my number 1 rule is "trust no one" not even apple. now go get yourself that password mgr
 
machtv said:
my number 1 rule is "trust no one" not even apple. now go get yourself that password mgr
Click to expand...
I don't follow your comment at all. If you trust no one, then how do you trust the password manager?

If you don't want your passwords outside your control, then just use Keychain without iCloud Keychain turned on. All the passwords would then be stored locally on your Mac completely within your control. Same as if you used 1Password with no sync.
 
  • Like
Reactions: wlossw, tennisproha and owbp
uh because some password mrg's are open source and have zero control over your passwords. so if you forget your password mgr info your are out of luck no one can help you get the info back. because you are in 100% control. which is why i say "trust no one"
 
Weaselboy said:
Is there something more than that you require that cannot be done by Keychain?
Click to expand...

To be honest until now I completely forgot about Keychain... :) But it sounds like a good alternative to buying a password manager subscription and prebuilt in OSX (go apple)

I was equally confused about machtv's comment but I guess his explanation makes sense if these programs have no control or way to save the passwords---i would assume those managers then also don't work between devices. I do know there are managers that do work between devices so I'm guessing those won't live up to machtv's suggestion to "trust no one"? I do not know enough about programing or how these programs work to know the details-- but if Keychain has an equal level of encryption, and provided they don't get hacked at apple, with my little knowledge I would assume they would be just as good.
 
I use 1Password because Keychain doesn't work in apps. It also holds more than just passwords, works in multiple browsers, etc. so I get great use out of it. I've been using it for years and love it. I bought it as a standalone app on sale but I'd pay for it again if I needed to.

But I use keychain for some stuff also. I trust Keychain over Google Password Keeper if that's the question
 
Last edited:
  • Like
Reactions: Furzul
here is just 1 of many open source pass mgr's and since it is open source you should be able to create your own database for it which means you should be able to use across all platforms and all locations
http://keepass.info/
 
So I used to use Keychain, but then we started having some Windows PC's in the house so I needed something that was cross platform. Now use one of the well know commercial password managers. It was annoying to set up from Keychain initially, but since it was completed it has made creating, saving and using complex passwords super easy (even on iOS devices).
 
As a longtime Mac user, I am as paranoid as the next guy. As a result, I use a long, difficult, distinct password for every website that I visit. No two are ever the same.

Furthermore, rarely do I ever save a password online in order to make logins quicker and easier for myself. Not for Gmail, Yahoo, or the host of other forums, software sites, etc., that I visit on a regular basis.

Quite frankly, I think it is foolhardy to trust any online service to safeguard your personal data. I don't even use iCloud, or any other online backup services. Not only can they get into your data if they really want to, but online storage also cuts into your monthly bandwidth quota from your ISP, if you have such a quota.

In fact, I am so concerned about personal security, that I sometimes also clear out all of my web browser cookies as well, and start over again with the important ones.

I don't use password managers either, because I find them a bit too cumbersome, plus I worry about backdoors from unscrupulous developers. :)

Considering the sensitivity of your personal data, if you can't fully control it via whatever app you are using, then perhaps you should not be using that app.

On a side note, one obvious suggestion is to always lock your screen so that a password is required to view your computer's contents. That way, even if you do use a password manager, an intruder will have to make it through your login process first.
 
rawdawg said:
Currently I use Chrome and it prompts me whether it should remember passwords/usernames for websites.
Click to expand...
What happens if your mac was stolen, and thief reset your password. He could then open up Chrome, look at where you went, say your bank, and with auto login, have your financial information.


rawdawg said:
Is there a clear advantage of using a password manager from a security standpoint on a Mac?
Click to expand...
The clear advantage is the storage of your passwords are done so encrypted in a password protected application
 
maflynn said:
What happens if your mac was stolen, and thief reset your password. He could then open up Chrome, look at where you went, say your bank, and with auto login, have your financial information.



The clear advantage is the storage of your passwords are done so encrypted in a password protected application
Click to expand...

Well, in the case of Keychain, they still wouldn't have anything because you have to create a new login keychain after changing a user account password in OS X. Additionally, if FileVault was enabled, the Terminal reset in Recovery OS wouldn't even work.
 
Simply put, I would use 1Password. I've used it for years and it is nothing short of superb. The staff and owner are/is amazing and very helpful and it's as secure as Google.

I used to use Apple's Keychain then it logged me out and I couldn't get back into it, causing the keychain to reset. I lost all my passwords for years of accounts. Never again.
 
I am using 1password Without subscription.
I have total access to the data key, it is stored on my machine.
Because I want to access the data on multiple machines, I store the key on Dropbox.
 
I use both Keychain and 1Password. I use 1Password because I also have a Windows machine but I store app passwords in there since apps dont use keychain. You can never go wrong with either or both
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back