Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

is Passwords.app still leaking data to everyone having access to the system, as the old version does?

B

bsmr

macrumors 65816
Original poster
Oct 4, 2005
1,181
316
Germany
Hi,

is the new passwords.app still leaking data through keychain access as all older versions of macOS does?

When opening macOS keychain.app you can see under local objects > passwords > web-formular-passwords 'ALL' websites, usernames, reg.-dates of data you have within your Apple-Passwords!

Everything directly accessible, unlocked and open for everyone (except the passwords itself).

Can someone check, if this is still the case within the new app?!
 
Keychain Access in Sonoma only shows password after user password is entered. It is not enough to already be logged in, it required specifically to reveal password.
 
Mike Boreham said:
Keychain Access in Sonoma only shows password after user password is entered.
Click to expand...
Yes - indeed. But without login you can see every entry, every saved website within Apple Passwords and every username.

With all other password-managers they're protected!
 
bsmr said:
Can you try opening local keychain on the mac (does open without any credentials) and there you can find what I mean.
Click to expand...
It opens like you said. Why do you have a problem with the current set up? You said it can be opened without credentials but, that isn't true. The reason you noted what can be done is because credentials were already used to log into the Mac. If I want to see the password for an entry, I have to enter another credential. If you are trying to suggest a lack of security, I don't agree.

It is up to you to secure your Mac when walking away and that can be done with a tap of a key.

You can't compare this Mac process to a stand alone app because they aren't the same.
 
  • Like
Reactions: seezar and Tagbert
bsmr said:
Can you try opening local keychain on the mac (does open without any credentials) and there you can find what I mean.
Click to expand...
Keychain requires a password to open.

Screenshot 2024-06-23 at 18.30.50.pngScreenshot 2024-06-23 at 18.30.22.png
 
  • Like
Reactions: bsmr
bsmr said:
This is great news, as with Sonoma this is not protected!
Click to expand...
Hmm. I'm on 14.5 and I can open Keychain Access without a password, but can't see any website passwords in there: for those I need to open "Passwords" via System Settings and log in.
 
bsmr said:
Apple doesn't care! Just look here: https://lapcatsoftware.com/FeedbackAssistantBoycott/

I will not waste my time with this.
Click to expand...
I've gotten through to them, they do listen, but they get a sh*t ton of reports on the daily. And I'm betting many of those reports are useless whiny hot garbage. Is what it is though, I've filed a report. Took less than 2 minutes. FB14068308.

On the bright side, Sequoia locks up keychain access and passwords completely so some common sense prevailed lol
 
bsmr said:
Apple doesn't care! Just look here: https://lapcatsoftware.com/FeedbackAssistantBoycott/

I will not waste my time with this.
Click to expand...
And how exactly do you know Apple doesn’t care? Because there hasn’t been a fix released yet? Do you know how difficult it is to patch a bug, especially one that involves a high level of security? You can’t just write code, throw it in and call of a day. You have to make sure the new code doesn’t negatively impact the millions of other lines of code in the system. This takes a lot of time and a lot of testing.. otherwise the new code for the bug you’re trying to patch could cause several new bugs.

Until Apple specifically tells you “we don’t care”, then you don’t have enough information to make that claim.

Edit: And, yes, I have been writing code for many years.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back