Are Mac's safe enough to not require a password manager

rawdawg

macrumors 6502a
Original poster
Jan 7, 2009
508
102
Brooklyn
Hello,
I have recently considered using a password manager to keep track of all my passwords. Currently I use Chrome and it prompts me whether it should remember passwords/usernames for websites.

Is there a clear advantage of using a password manager from a security standpoint on a Mac? I'll less inclined to pay a subscription fee to simply remember my passwords for websites consider Chrome does this automatically. Are Mac's secure enough on their own to not need a password manager for additional security?
 

jgelin

macrumors 6502a
Jul 30, 2015
901
1,064
St Petersburg, FL
Hello,
I have recently considered using a password manager to keep track of all my passwords. Currently I use Chrome and it prompts me whether it should remember passwords/usernames for websites.

Is there a clear advantage of using a password manager from a security standpoint on a Mac? I'll less inclined to pay a subscription fee to simply remember my passwords for websites consider Chrome does this automatically. Are Mac's secure enough on their own to not need a password manager for additional security?
I think your question should instead be: do you trust Google to keep all your logins.
You are storing them on the Mac, but I do not believe that Chrome has access to the secure Apple Keychain in the computer, so they are saved to Google’s standard, not Apples as is used in Safari. So, I would say yes the Mac is secure, and keychain is too. But as far as if you want to go and trust google with all that information to be stored in their server that is up to you.
 

rawdawg

macrumors 6502a
Original poster
Jan 7, 2009
508
102
Brooklyn
I think your question should instead be: do you trust Google to keep all your logins.
You are storing them on the Mac, but I do not believe that Chrome has access to the secure Apple Keychain in the computer, so they are saved to Google’s standard, not Apples as is used in Safari. So, I would say yes the Mac is secure, and keychain is too. But as far as if you want to go and trust google with all that information to be stored in their server that is up to you.
Interesting, I see your point. That said is there a consensus in the community here that password managers are better than simply using Keychain? I hear more and more about people using password managers with subscription fees but don't know it's thats from falling victim to advertising or if they do offer man than keychain.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
30,313
10,051
California
That said is there a consensus in the community here that password managers are better than simply using Keychain? I hear more and more about people using password managers with subscription fees but don't know it's thats from falling victim to advertising or if they do offer man than keychain.
I think it depends on your usage. 1Password is nice if you want cross platform password sync, but for the average Mac user I see zero reason to spend all that money on 1Password. Keychain can manage your passwords just fine and it can sync them to an iOS device using iCloud Keychain.

Is there something more than that you require that cannot be done by Keychain?
 
  • Like
Reactions: Big Bad D

machtv

macrumors regular
Oct 6, 2014
171
41
my number 1 rule is "trust no one" not even apple. now go get yourself that password mgr
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
30,313
10,051
California
my number 1 rule is "trust no one" not even apple. now go get yourself that password mgr
I don't follow your comment at all. If you trust no one, then how do you trust the password manager?

If you don't want your passwords outside your control, then just use Keychain without iCloud Keychain turned on. All the passwords would then be stored locally on your Mac completely within your control. Same as if you used 1Password with no sync.
 

machtv

macrumors regular
Oct 6, 2014
171
41
uh because some password mrg's are open source and have zero control over your passwords. so if you forget your password mgr info your are out of luck no one can help you get the info back. because you are in 100% control. which is why i say "trust no one"
 

rawdawg

macrumors 6502a
Original poster
Jan 7, 2009
508
102
Brooklyn
Is there something more than that you require that cannot be done by Keychain?
To be honest until now I completely forgot about Keychain... :) But it sounds like a good alternative to buying a password manager subscription and prebuilt in OSX (go apple)

I was equally confused about machtv's comment but I guess his explanation makes sense if these programs have no control or way to save the passwords---i would assume those managers then also don't work between devices. I do know there are managers that do work between devices so I'm guessing those won't live up to machtv's suggestion to "trust no one"? I do not know enough about programing or how these programs work to know the details-- but if Keychain has an equal level of encryption, and provided they don't get hacked at apple, with my little knowledge I would assume they would be just as good.
 

0970373

Suspended
Mar 15, 2008
2,727
1,407
I use 1Password because Keychain doesn't work in apps. It also holds more than just passwords, works in multiple browsers, etc. so I get great use out of it. I've been using it for years and love it. I bought it as a standalone app on sale but I'd pay for it again if I needed to.

But I use keychain for some stuff also. I trust Keychain over Google Password Keeper if that's the question
 
Last edited:
  • Like
Reactions: Furzul

machtv

macrumors regular
Oct 6, 2014
171
41
here is just 1 of many open source pass mgr's and since it is open source you should be able to create your own database for it which means you should be able to use across all platforms and all locations
http://keepass.info/
 

stridemat

Moderator
Staff member
Apr 2, 2008
11,211
638
UK
So I used to use Keychain, but then we started having some Windows PC's in the house so I needed something that was cross platform. Now use one of the well know commercial password managers. It was annoying to set up from Keychain initially, but since it was completed it has made creating, saving and using complex passwords super easy (even on iOS devices).
 

RumorzGuy

macrumors 6502
Sep 17, 2008
263
81
Guam, Mariana Islands, U.S.A.
As a longtime Mac user, I am as paranoid as the next guy. As a result, I use a long, difficult, distinct password for every website that I visit. No two are ever the same.

Furthermore, rarely do I ever save a password online in order to make logins quicker and easier for myself. Not for Gmail, Yahoo, or the host of other forums, software sites, etc., that I visit on a regular basis.

Quite frankly, I think it is foolhardy to trust any online service to safeguard your personal data. I don't even use iCloud, or any other online backup services. Not only can they get into your data if they really want to, but online storage also cuts into your monthly bandwidth quota from your ISP, if you have such a quota.

In fact, I am so concerned about personal security, that I sometimes also clear out all of my web browser cookies as well, and start over again with the important ones.

I don't use password managers either, because I find them a bit too cumbersome, plus I worry about backdoors from unscrupulous developers. :)

Considering the sensitivity of your personal data, if you can't fully control it via whatever app you are using, then perhaps you should not be using that app.

On a side note, one obvious suggestion is to always lock your screen so that a password is required to view your computer's contents. That way, even if you do use a password manager, an intruder will have to make it through your login process first.
 

maflynn

Moderator
Staff member
May 3, 2009
66,663
33,514
Boston
Currently I use Chrome and it prompts me whether it should remember passwords/usernames for websites.
What happens if your mac was stolen, and thief reset your password. He could then open up Chrome, look at where you went, say your bank, and with auto login, have your financial information.


Is there a clear advantage of using a password manager from a security standpoint on a Mac?
The clear advantage is the storage of your passwords are done so encrypted in a password protected application
 

blasto2236

macrumors 6502a
Nov 4, 2012
782
385
What happens if your mac was stolen, and thief reset your password. He could then open up Chrome, look at where you went, say your bank, and with auto login, have your financial information.



The clear advantage is the storage of your passwords are done so encrypted in a password protected application
Well, in the case of Keychain, they still wouldn't have anything because you have to create a new login keychain after changing a user account password in OS X. Additionally, if FileVault was enabled, the Terminal reset in Recovery OS wouldn't even work.
 

Trhodezy

macrumors 6502
Dec 29, 2010
283
81
Simply put, I would use 1Password. I've used it for years and it is nothing short of superb. The staff and owner are/is amazing and very helpful and it's as secure as Google.

I used to use Apple's Keychain then it logged me out and I couldn't get back into it, causing the keychain to reset. I lost all my passwords for years of accounts. Never again.
 

adam9c1

macrumors 68000
May 2, 2012
1,775
285
Chicagoland
I am using 1password Without subscription.
I have total access to the data key, it is stored on my machine.
Because I want to access the data on multiple machines, I store the key on Dropbox.
 

mthomas184

macrumors 6502
Aug 11, 2016
406
479
Pittsburgh
I use both Keychain and 1Password. I use 1Password because I also have a Windows machine but I store app passwords in there since apps dont use keychain. You can never go wrong with either or both
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.