I really like the idea of using this, but I've already been burned by apple once with their refusal to return my Apple ID that was compromised. If someone is able to gain access to your account and changes the password, removes all your trusted devices, changes the phone number that is associated with the account and activates 2FA for their phone number, you cannot get your account back without knowing the phone number associated with the account (the new one). This takes a hacker if they gain access to a trusted device less than a minute to accomplish. Apple will not help you. The lost/stolen ID, account recovery pages all boil down to knowing the new phone number associated with the account. You can still have access to the email associated with the account. It won't matter aside from adding insult to injury when you receive emails from your stolen account every month or so asking if you'd like to upgrade your iCloud account storage.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 18 Passwords App: All the New Features
- Thread starter MacRumors
- Start date
- Sort by reaction score
I have not read all the posts, but suspect this new app only works on the device it is installed on.
I have a few questions about this.
Did this person have access to one of your devices as well? Did you have 2FA turned on before your account was taken?
Was your account hacked by a stranger or was it taken by someone you know who knew your login?
I would think removing all trusted devices and changing the phone number in a short period would be considered very suspicious activity. Did Apple do anything in response?
Is there anything you could have done to prevent this that you would advise others (me) to do?
Thanks
They should’ve called it keychain as passwords is too specific. We need all other types that are sensitive. Also we need to store our server and volume passwords and credit cards, birth certificates, etc. Also is our passwords secured behind a passcode?!?
I had a headless server computer that was exposed to the internet and accessible via VNC. I used the same VNC password as the computer login password (was pretty good, but probably still susceptible to brute force). 2FA can be overcome by using a trusted device (or at least it could when this happened). One day while I'm driving, I receive about 15 push messages in rapid succession that my password has been changed, x device has been removed as a trusted device, y devices has been removed, etc. I pull over almost immediately, because I wasn't sure what was going on, but I knew it couldn't be good. By the time, I was able to get pulled over (I was on the freeway), I was locked out. Apple will not do anything. I've offered to give then any and all information they would need including old devices associated with the account, coming in, in person to a retail store with passport or government ID, etc. I also still have control over the email that is my Apple ID. In the end, unless you have the phone number associated with the account, you are locked out. Apple will not help you. I'm sure, I could sue them in small claims court (I guess there's been a fair amount about this for Facebook recently), but I'm just not doing that. I had no idea that there would be no way of recovering my account. I've called, chatted, elevated my case to as high a level as they would allow me, but in the end, there is just no recourse outside the legal system. Hacker was/is a stranger. They ended up getting nothing other than my account. But that does include all my info stored in iCloud like photos, files, etc. Really, the only thing that creeps me out is them having my family photos with all the metadata. When I was able to access the server computer (with a different admin account on the same computer), I saw that they had opened up a bunch of financial websites hoping that the same password was used or that maybe keychain had stored my passwords. I don't reuse passwords, so they weren't able to access anything.
Last edited:
I heard Satoshi is going to store his keys in the new password app. And if it’s good enough for Satoshi…
Most other 'passwords' apps store credit card info and it has nothing to do with the name.
You are passwording/protecting/locking/safeguarding your personal details.
I never imagined such good app existed. You made my day!
- The app is only 7MB (for my iPhone 13).
- No ads, no trackers, no cloud BS.
- App is lightweight.
- UI is awesome. Attention to detail.
- Nice configurations for scans.
The developer decided to focus in the app itself and not in collecting data. It asks for donation when you export but you can pay a single fee ($40) which I would gladly pay after trying the app some more.
Again, thank you for sharing this great app. I downloaded so many scanners and they all sucked.
Strangely, I had to go to open the website to point to the App Store because searching for QuickScan showed me different apps.
Enable Advanced Data Protection on iCloud. The Apple Notes are then encrypted end to end with the key on your devices only and not even available to Apple. Just like the password managers do and in a much more convenient format.
I note the poster above who had problems with corrupt notes. I have had some issue or another (lost notes, sync failures etc ad nauseam) with every online service I have ever used. Dropbox, Box, OneNote, etc. Notes has been the best of the lot for me in that regard, especially in the last 3 years or so. While your mileage may vary, I would still recommend notes, especially if you are all in on the Appleverse.
Each password in the Passwords app does have a “Notes” section, just under the website, that can be used for the old password.
Bitwarden is fantastic. Works on all operating systems, has free and a cheap premium level, and can easily import and export your data (in case theyre purchased out). It’s a lot better than using apples password app in its current state if you at all want platform flexibility and have a relatively minimal level of technical understanding. Apple password is great for folks with limited needs, want it all 110% seamless with the iPhone, and have very limited amount of fluency with technology .
Ps the premium features are fantastic.
I dont trust passkeys in scenario of loss of the device. I guess if the site turn off passwords and you lose your device, then you be screwed.
The first one is called Wallet.
The second one is called Photos.
Haven`t made up my mind on passwordmanagers even though I really should. What I do know is that I will get one that works on all platforms. Android, Windows, ios, mac, Linux even if I clearly prefer Apple hardware and certainly not Windows or Android. In general I prefer as much as possbile of software and pherperials to be platform neutral.
As far as password managers and so forth, they should work well with Yubikey and similar for 2 factor being able to keep the key separate from the device and so on.
Kind of lost confidence in the concept due to the LastPass scandals, and I still believe that anyone claiming their solution to be 100% safe and futureproof are lying. There is no such thing.
Meanwhile, something is often better than nothing, as long as it isn`t by the likes of LastPass.
Disregarding the crossplatform neutrality, I would argue Apple`s solution has a couple of advantages. 1: You can blame them. 2: They are probably the best guys to keep the number of potential attack vectors down on their platforms. (Like if they would tell you about "all breaches".....)
As far as password managers and so forth, they should work well with Yubikey and similar for 2 factor being able to keep the key separate from the device and so on.
Kind of lost confidence in the concept due to the LastPass scandals, and I still believe that anyone claiming their solution to be 100% safe and futureproof are lying. There is no such thing.
Meanwhile, something is often better than nothing, as long as it isn`t by the likes of LastPass.
Disregarding the crossplatform neutrality, I would argue Apple`s solution has a couple of advantages. 1: You can blame them. 2: They are probably the best guys to keep the number of potential attack vectors down on their platforms. (Like if they would tell you about "all breaches".....)
Go with Bitwarden. Never put all your eggs in one basket security-wise. Apple should have been there with a password app years ago, this is an opportunistic move. Don’t expect them to keep updating the app with functionality this is minimum viable product territory and it shows. I’d expect it to get about as many meaningful updates as Clips
I know you found quickscan already but you mentioned in iOS using Notes to scan....the Files app also has a scan. Often times my end destination for something scanned in is in Files anyway, so I open it, navigate to the destination, then use the scan in the Files app to scan in the page(s), name it, then done. But I don't use any fancy OCR stuff, and of course just plopping open an app like quickscan may be faster/easier for capture. I just don't like to have files in 2 locations (inside and app like quickscan, then exported to Files).
Can you apply a separate pin/passcode for passwords that is different from the global one used to open the phone?
what if someone steals your phone and gets your passcode to open the phone?
what if someone steals your phone and gets your passcode to open the phone?