macOS Monterey Features Dedicated Password Section in System Preferences, Built-In Authenticator and More

[riverfreak]

I use my computer at home, mainly to surf the web, no wi-fi. Am I really that vulnerable that I would need 2 factor authorization?

Good question, Steve333.

Where you use your computer and how you use it is of less consequence than the services you use and your level of personal security. Do you, for example, use the same password for multiple sites? Do you use the same email? Do you have accessible personal content that could be used for social engineering?

For your personal risk tolerance, you might decide to use 2FA only for important accounts, like banking. Unfortunately, even to this day, many financial services still don’t offer even basic SMS 2FA.

 

[riverfreak]

Yeah, so glad they're doing this. I HATE passwords, and though obviously this doesn't "solve" their existence, a built-in manager is at least something. It's absurd, to me, that passwords still exist, tbh. All the crazy-advanced tech in the world and we still use passwords! Haha... I guess it's the simple, seemingly obvious things that are the hardest to improve upon/innovate.

There are passwordless options available in some settings. But for people who hate 2FA, they’ll be in for a whole new world of hurt.

 

[Mick-Mac]

While I applaud Apple tackling passwords in a manner that is *much* more consumer friendly than Keychain Access, several things give me pause.
1. I believe Apple has kind of lost it's way with respect to software quality control. If I remember right, there were a couple disastrous security issues in recent years. One involved simply entering a carriage return in Terminal when prompted for the root-user password and you got access, the other was a similar thing where after the 3rd wrong attempt at your password it asked if you wanted for your password hint and when you said OK it literally just gave you your password! Those are just the ones that come to mind. I see mass evidence of poor software QC and consistency everywhere in Apple's universe.
2. About once (sometimes more) a year, for reasons unknown, I notice one of my four Apple devices just doesn't have the same data as the rest i.e. it's no longer being synced. That makes me tear my hair out because I've been entering and editing information randomly on all of those devices and now I don't know how long this has been happening for, how much data has been lost, and it's an effing mess sorting it all out. Apple is simply NOT bullet proof in it's iCloud syncing capabilities. If, like Dropbox, there was a a full history of past versions of everything that might help.

 

[TriBruin]

I would never, repeat never, trust my passwords to a 3rd party company's software that is free. "Free" means you're the product, always has and always will, and all their asking for is (unbelievably) your keys to the kingdom i.e. your precious passwords. I fundamentally just don't see how people can put such absolute trust in free software.

BitWarden is open source, so anyone can review the code and ensure that it has no suspicious code that could compromise your password.

The bad thing is (1) most people wouldn't know if there was suspicious code because they are not programmers. They are assuming that someone else is doing that.

Also, most people do not download the code from Github and compile themselves, they instead download the associated binary and assume the binary is built from the same code base as is posted.

I am not saying there is anything wrong with Bitwarden at all. I am just pointing out the claim that Open Source is safer is not necessarily true. For 99% of the people who use the software, they are assuming that someone else is verifying the code for them.

 

[riverfreak]

Yes and no. You really only need 2FA on your email -- since losing that means it's trivial to reset any other password and basically steal anything they are aware of you have.
Since most people recycle passwords -- that's double risk.
Companies lose passwords ALL.THE.TIME. And you never are told.
If a credit agency can lose your name, address, and SSN... and not be held accountable, there is zero incentive to keep your passwords secure for most places.

WiFi doesn't really matter unless you have a bored teenager with nothing else to do or became the target of someone (which usually requires you to be an interesting person somehow or another, which is rare). If someone hacks your WiFi, the worst they can do, generally is see what you're doing sort of. Encrypted stuff is still encrypted so they can't see that.

What you need to prevent is losing your email address. I would strongly recommend Authy (maybe the Apple one won't suck but... until we -know- , we don't know). Then add in your phone number.

In this situation, given a bit of elbow grease, you can get everything back. You can email your drivers license / ID to prove you are you, you can reset passwords, etc. Money transactions can be reversed / tracked, etc. Unless it's PayPal, then you lose anything in there (they are not regulated like a bank, this is by design on their part).

So you have to ask yourself firstly: What am I willing to lose?

If you could easily walk away from your digital life entirely at any moment for any reason -- then 2FA doesn't matter to you, most likely. Otherwise, if there is ANY data that is important to you -- first step is to lock that down. THEN investigate recovery of that -- usually email or cell phone methods -- and then make sure THOSE are secure.

some sage advice in the last paragraph here.

And this is what’s so great about things like 1Password. You can easily group your most important accounts either in their own vaults or with super handy tags. It makes it much easier to keep an eye on the most important things.

 

[tgara]

I’d really like iCloud Keychain to replace my 1Password subscription but 1Password is so more versatile than passwords. Let me save IDs, software licences, credit card with full infos and I’ll consider it

I use a password protected secure Apple note for those. I ditched 1Password several years ago since a combination of the built-in Keychain and secure Apple notes met my needs.

 

[Skoal]

Password managers are really helpful, but it is a terrible idea to store them on iCloud or any other service.

If there is one thing that you should self host - it is your password db.

I'm a big fan of Strongbox on both macOS and iOS.

Self hosting for most people is far worse an idea than 3rd party apps IMO. Most people don’t know what is involved in hosting much less maintaining server security.

 

[Apple_Robert]

BitWarden is open source, so anyone can review the code and ensure that it has no suspicious code that could compromise your password.

The bad thing is (1) most people wouldn't know if there was suspicious code because they are not programmers. They are assuming that someone else is doing that.

Also, most people do not download the code from Github and compile themselves, they instead download the associated binary and assume the binary is built from the same code base as is posted.

I am not saying there is anything wrong with Bitwarden at all. I am just pointing out the claim that Open Source is safer is not necessarily true. For 99% of the people who use the software, they are assuming that someone else is verifying the code for them.

I think it should also be noted, that Bitwarden is an actual business with business company security as it's focus. The free version to consumers does not immediately constitute nefarious company action for profit, as some here (not you) have alluded to out of ignorance. Bitwarden does offer a paid model at $1 a month for a few better options.

 

[FindingAvalon]

I would never, repeat never, trust my passwords to a 3rd party company's software that is free. "Free" means you're the product, always has and always will, and all their asking for is (unbelievably) your keys to the kingdom i.e. your precious passwords. I fundamentally just don't see how people can put such absolute trust in free software.

Sorry, but you don’t really understand how BitWarden and open source software works.

 

[TriBruin]

I think it should also be noted, that Bitwarden is an actual business with business company security as it's focus. The free version to consumers does not immediately constitute nefarious company action for profit, as some here (not you) have alluded to out of ignorance. Bitwarden does offer a paid model at $1 a month for a few better options.

Thanks for the clarification. I hadn't looked too closely at Bitwarden since I am a 1Password fan for many years.

 

[abetancort]

I use my computer at home, mainly to surf the web, no wi-fi. Am I really that vulnerable that I would need 2 factor authorization?

Yes. You are as vulnerable as anyone to password cracking or hacking.

 

[Apple_Robert]

Thanks for the clarification. I hadn't looked too closely at Bitwarden since I am a 1Password fan for many years.

I was a big fan of 1Password for years as well. It is still good software. With their continued focus on moving more and more towards business and Teams, along with the continued yearly fee, I found Strongbox and Bitwarden did the same things at a much lower cost. I paid a one time fee to Strongbox that was less than a 2 year sub with 1Password.

 

[Macbookprodude]

One has to ask themselves - why why every effing year Apple has to update the OS when most of us haven't even gotten to know Big Sur ? This is why I HATE Apple of today compared to the Apple of the Jobs era (2000-2011). at least with Tiger or Leopard you had those for at least 2-4 years before an update, but with Apple of today under Commissar Cook, it seems they don't care about the users. DISGRACE.

You obviously forgot the days of Tiger up to Snow Leopard or maybe you were in diapers at that era. To release a new OS every year is IMMORAL and Stupid !!! Jobs left us too soon, cool is a disaster for Apple Mac, the itoys well that makes more money than the Maca proven !

 

[Apple_Robert]

You obviously forgot the days of Tiger up to Snow Leopard or maybe you were in diapers at that era. To release a new OS every year is IMMORAL and Stupid !!! Jobs left us too soon, cool is a disaster for Apple Mac, the itoys well that makes more money than the Maca proven !

I think you are posting in the wrong thread.

 

[TriBruin]

I was a big fan of 1Password for years as well. It is still good software. With their continued focus on moving more and more towards business and Teams, along with the continued yearly fee, I found Strongbox and Bitwarden did the same things at a much lower cost. I paid a one time fee to Strongbox that was less than a 2 year sub with 1Password.

Looking at Strongbox it is missing one major feature that is a non-starter for me (at least i didn't see it.) Shared vaults and a family plan. My immediate family all use 1P based on my subscription. That is huge for me. Obviously everyone is different and if family sharing is not important there are more options.

Bitwarden does have family sharing and it is at a lower cost than 1P, but $20 a year is not enough to make me switch my family over.

 

[Apple_Robert]

Looking at Strongbox it is missing one major feature that is a non-starter for me (at least i didn't see it.) Shared vaults and a family plan. My immediate family all use 1P based on my subscription. That is huge for me. Obviously everyone is different and if family sharing is not important there are more options.

Bitwarden does have family sharing and it is at a lower cost than 1P, but $20 a year is not enough to make me switch my family over.

Strongbox supports Family Sharing.

Support - Strongbox

Helpdesk Read our how-to guides or contact our support team. Contact Us Please search the help articles first, as this will likely allow you resolve your issue much more quickly. The following articles address common problems: My Database Isn’t Syncing I Can’t Unlock My Database Strongbox...

strongboxsafe.com

 

[ignatius345]

Still missing a couple of important things that 1Password has:

- Option to upload attachments that, for example, contain backup codes

- Generate passwords inside the new System Preferences section

Yeah, yeah, I know, you can do it inside Keychain Access app, but this article is not about Keychain Access app, it’s about the new System Preferences section.

Also, shared vaults, which is a huge convenience in a family. The fact that I can just say "it's in 1Password" anytime anyone asks for a login, is itself worth the yearly subscription to me.

I don't know the UI of the new Keychain-based system, but 1Password's UI is quite good. I myself don't mind so much if something's a little harder to use or more opaque, but once you're the "IT support" person for your family, this stuff starts to matter a ton.

I am a 1password fan and share password records with my wife as well as have a lot of secure notes like passports, vax records, and a lot of other stuff. It's more than just passwords we may need in an emergency.

Same here. It's the default vault for all kinds of sensitive info. I suppose there's an element of lock-in there, but I'm a satisfied customer for sure. When something solves a problem completely, I'm more inclined to stick with it.

 

[TriBruin]

Strongbox supports Family Sharing.

Support - Strongbox

Helpdesk Read our how-to guides or contact our support team. Contact Us Please search the help articles first, as this will likely allow you resolve your issue much more quickly. The following articles address common problems: My Database Isn’t Syncing I Can’t Unlock My Database Strongbox...

strongboxsafe.com

Not that family sharing.

With 1P or BW, I can create shared vaults that I can give access to members of my family. For me, I have one vault that all members of my family have access to. We put our streaming passwords in this vault so we all have access to our Netflix, Disney+, etc. accounts. I have another vault that only my wife and i have access to. For the most part it contains our bank accounts and passwords, credit card, and other financial account info. If i were to pass away unexpectedly, she would still have access to all our accounts. Finally I keep several vaults for personal use just for convenience. For example all my personal passwords are separate from my work passwords.

 

[Apple_Robert]

Also, shared vaults, which is a huge convenience in a family. The fact that I can just say "it's in 1Password" anytime anyone asks for a login, is itself worth the yearly subscription to me.

That sounds like a hubby / dad easy cop out.

j/k

 

[Apple_Robert]

Not that family sharing.

With 1P or BW, I can create shared vaults that I can give access to members of my family. For me, I have one vault that all members of my family have access to. We put our streaming passwords in this vault so we all have access to our Netflix, Disney+, etc. accounts. I have another vault that only my wife and i have access to. For the most part it contains our bank accounts and passwords, credit card, and other financial account info. If i were to pass away unexpectedly, she would still have access to all our accounts. Finally I keep several vaults for personal use just for convenience. For example all my personal passwords are separate from my work passwords.

You can create multiple databases in Strongbox to share. If this doesn't fit the need, I tried. I have found Mark (the developer of Strongbox) to be very receptive to questions and suggestions. He is very good about replying to email.

Support - Strongbox

Helpdesk Read our how-to guides or contact our support team. Contact Us Please search the help articles first, as this will likely allow you resolve your issue much more quickly. The following articles address common problems: My Database Isn’t Syncing I Can’t Unlock My Database Strongbox...

strongboxsafe.com

 

[ignatius345]

That sounds like a hubby / dad easy cop out.

j/k

Big time. I'll cut any corner I can

 

[Mick-Mac]

BitWarden is open source, so anyone can review the code and ensure that it has no suspicious code that could compromise your password.

The bad thing is (1) most people wouldn't know if there was suspicious code because they are not programmers. They are assuming that someone else is doing that.

Also, most people do not download the code from Github and compile themselves, they instead download the associated binary and assume the binary is built from the same code base as is posted.

I am not saying there is anything wrong with Bitwarden at all. I am just pointing out the claim that Open Source is safer is not necessarily true. For 99% of the people who use the software, they are assuming that someone else is verifying the code for them.

So, true, I didn't realize BitWarden was open source so my comments about the user being the product don't apply. Sorry about that. However, my experience with just about every single open source thing I've ever used is that bugs can go for years without being addressed (if at all) and that the peer review process can be on the very brink of non-existent. All I'm saying is that open source does not equate with robust and bullet-proof software. I personally wouldn't use it for passwords, but clearly I do for other less sensitive things.

 

[Artemis70]

Password managers are really helpful, but it is a terrible idea to store them on iCloud or any other service.

If there is one thing that you should self host - it is your password db.

I'm a big fan of Strongbox on both macOS and iOS.

I would say that it is a very bad idea for at least 90% of computer users to self host the password db. Only people who know what they are doing should self host the password db.

 

[BasilFawlty]

I am a 1password fan and share password records with my wife as well as have a lot of secure notes like passports, vax records, and a lot of other stuff. It's more than just passwords we may need in an emergency.

I agree! 1Password is so much more than just a PW manager. Don’t see giving it up any time soon 👍

 

[Macbookprodude]

Wrong it was never cool (unless you’re 7 years old or younger).

That’s because Apple today is a toy company and it’s OS’s are toys and not resl
Productive OS’s anymore - after snow leopard everything went down hill !