From what I have read on here thus far, the app uses the same passcode as the phone, if biometrics is unavailable.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 18 Passwords App: All the New Features
- Thread starter MacRumors
- Start date
- Sort by reaction score
I second the need for “previous password” support.
I’m not a big fan of Passkeys, at least not how it’s implemented.
In several occasions on my Mac Mini I get the option to log on with a passkey and it does so *without any biometric verification* (it has no Touch ID, Face ID). Huh? That shouldn’t be possible. The security feels too lax.
On my iPhone it recognizes my face so quickly that there is no longer a real barrier to get in. It’s “too good”.
For specific situations you need to put in some effort, because that effort is part of the security. Think situations where you might be forced to look at an iPhone under threat.
I get that this can happen with Face ID in general, but subsequently to access accounts this shouldn’t be as easy.
People also forget there's a legal difference: e.g TSA is legally allowed to get in your phone using Face ID, but they can’t force you to enter your password.
Not that I have anything to hide, but it’s none of anyone’s business.
I’m not a big fan of Passkeys, at least not how it’s implemented.
In several occasions on my Mac Mini I get the option to log on with a passkey and it does so *without any biometric verification* (it has no Touch ID, Face ID). Huh? That shouldn’t be possible. The security feels too lax.
On my iPhone it recognizes my face so quickly that there is no longer a real barrier to get in. It’s “too good”.
For specific situations you need to put in some effort, because that effort is part of the security. Think situations where you might be forced to look at an iPhone under threat.
I get that this can happen with Face ID in general, but subsequently to access accounts this shouldn’t be as easy.
People also forget there's a legal difference: e.g TSA is legally allowed to get in your phone using Face ID, but they can’t force you to enter your password.
Not that I have anything to hide, but it’s none of anyone’s business.
Right now, I believe 1Password and Bitwarden are the ones to choose from. KeepassXC doesn`t support phones I believe, Bitwarden uses azure for the cloud bit. I`m just scratching the surface, have to do some more homework closer to when "my stuff" is ready for it. USB C for 2FA and so on.
Biometrics may be helpful (very) for threats relating to whatever one does online which is A LOT. However, whenever there is a personal, face 2 face interaction with someone prone to violence which shouldn`t have access, it is quite the opposite. It`s a caveat.
One real life example from a court case: A witness unrelated to the event filmed serious police brutality, a policeman grabbed his phone, stuck it to the face of the witness, unlocked it and deleted all evidence related to the event. It is also a risk crossing certain borders (you shouldn`t have sensitive info on your device anyway when doing so), where authoroties copies everything on your phone. Chopping your thumb off and so on.
Don`t get me wrong, it IS convenient and convenience makes more people secure their devices, but there are caveats.
Anybody else get the feeling there may be Bitwsrden sockpuppets working the comments section here?
Every time there is a password related story, it seems there are various Bitwarden promotion narratives in play.
Every time there is a password related story, it seems there are various Bitwarden promotion narratives in play.
It's a popular cross-platform password manager with a very reasonable price that has a good track record and has been around for almost eight years. When 1Password 7 (with local vaults) stops working in my setup, I will very likely also migrate to Bitwarden. You can also run your own local sync server, which is a big plus for me.
Apple Password for the iApple infrastructure ... BW for everything else ... I sync between them (APW->BW) once a quarter ... so its not overly burdensome however, iApples's implementation of Passkeys isn't 100% compliant
It is fine to use BW if you need it for passwords only. However, it is not optimal solution if you use it for saving documents, images etc. BW does not allow to make full backup of your vault - it skips any attached file in backup and saves text fields only. It means you cannot make full backup of your vault and you will lose all these data if one day disaster happens on BW side.
Another BW limitation (in my eyes) it requires internet access. It doesn’t keep local copy of a vault (like 1P, for example) and you cannot access data in the vault if your internet connection is down.
Another BW limitation (in my eyes) it requires internet access. It doesn’t keep local copy of a vault (like 1P, for example) and you cannot access data in the vault if your internet connection is down.
This is good to know. BW was my planned migration path from 1Password (v7) but I may need to reconsider My options As I have a number of attachments (especially with software licenses)
Strongbox uses Keepass format and works on mac and iOS, iPadOS, so you can have a Keepass database that's also available for other platforms. Very happy with it so far in the last few months
I thought you have access to all data, but cannot add new entries while offline?!
Was thinking about the same... But putting all PW and data into an app which is developed by one single developer?
Is there any update or maybe some information about how it will be handled in final release?
According to their docs: "Your database will either be in the KeePass (.kdbx) or Password Safe (.psafe3) format."
So if something happens to the company or the developer, you'll always be able to use a different app that can manage one or both of those formats and/or import your database into a different format. Also means you can use it in Windows, Android, etc, anything that can read that database format, as far as I understand.
Well I am one of those suggesting Bitwarden, and I am certainly not anyone's "sock puppet".
Has it occurred to you that, perhaps, people keep suggesting it because it's good ?
It's cross platform, with browser extensions for most popular browsers, with export and backup functionality (all things that Apple Passwords is lacking), with web access, and the free plan is more than enough for most people.
If there is an update or further information pertaining to final release, I am unaware.
So at the moment the only option would be to go with Strongboxsafe (which actually is doing the same and more through their integration within macOS/iOS Auto Fill > but with more features) and/or 1Password which does have another approach.
Yeah, am aware there are "workarounds", but in general I prefer to avoid 3rd party solutions to 3rd party solutions. Who will be responsible when things goes wrong? That kind of thing tend to cause trouble either by security issues, API breaks, abandonment/lack of maintenance, app sold or simply by being tossed out by Apple. I just don`t believe it is a good, predictable long term solution. Never sure, but long term is good.
I hear that, but I see it more as using a particular app as a client to handle an open file format, like using any number of apps to handle markdown, or more comparably, an SQL database. The data isn't locked into the app.
Edit: I see your point about security issues etc. I suppose that's a judgement call as to whether a single dev is to be trusted less or more than a team
on iOS 17 and earlier… when you did Reset Network Settings on an iPhone… all the WiFi passwords were deleted from the iPhone and from all your Apple devices… requiring you to introduce every WiFi password again.
does this change with iOS 18 and passwords app and you no longer lose all WiFi passwords when you tap on Reset Network Settings in Settings - General - Reset?
thanks.
does this change with iOS 18 and passwords app and you no longer lose all WiFi passwords when you tap on Reset Network Settings in Settings - General - Reset?
thanks.
Very good question. Now that you mention it, I am curious about that aspect as well.
Even the biggest issue is code security.
I’ve used KeePass for over a decade, and it’s a fantastic application with a stellar reputation and the open source code that has received a proper security audit… on Windows.
I believe the Linux port is using the same code base.
Mac OS version seems like it’s outdated and hasn’t been updated for a while.
But then you turn to mobile, and it’s a bunch of 3rd party apps from various sources that share the same KeePass database but are unrelated to the original code. How really secure is any one particular app is anyone’s guess.