Secure way to store passwords / logins / PINs etc.

[0929037]

Greetings!!

I still do care about Find My case ( https://forums.macrumors.com/threads/find-my-doesnt-work-device-does-not-matter-anyone.2290180/ ), but there is one more thing...

I would like to have a close-access to some of my sensitive data (for example Macrumors / gmail / eBay / bank account login and password or PIN card or secret answers).

There is Keychain iCloud option, but... Mac Keychain let You add and configure many chains for any reason. Unfortunately, when it comes to iPhone, its strictly connected with browsing. I mean, I need to make up some addresses or logins in most cases, for example: Login-"different sites" or "my pin card", address-"pass*for*different.sites.com" or "need#to#pay#with#thatPIN.com" if I want to add a password or anything.
User can't skip that. Moreover, Safari stores that either (it's unnecessary in more cases for my needs).
But there is Notes app! May I use it for that kind of thing if I use "Locked" notes? Is it safe to use it for my passwords, pins, etc.? Even for AppleID password and login? Is it as safe and secure as KeyChain? Or just secure enough?

I just need something trully secure for my Apple ecosystem. Something that let me store anything (for example: "my bank pass: 123", "pass for my RAR files: 321", "login to bank: 123 and pass:abc", "my Apple Recovery Key: like-bananas") safely...

Thank You for any response!
Best Regards!

 

[mystery hill]

1Password or Bitwarden.

 

[DLCastro]

One more vote for 1Password

 

[Lee_Bo]

Another 1Password user here. Tried LastPass but it just “felt unfinished “.

 

[0929037]

Ok, I get it - 1Password rocks
Does it mean Notes.app with Locked option is trash comparing to 1Password? Using Locked Notes.app is insecure and inconvinient? iCloud Keychain is nothing interesting either?
I would like to stay with Apple apps as tight as possible :\

 

[mystery hill]

Does it mean Notes.app with Locked option is trash comparing to 1Password?

Yes.

 

[mystery hill]

The Notes app is safe as your phone is protected with a passcode, and Touch ID or Face ID.

If you password protect notes then they will be protected even if someone is using your phone while unlocked.

iCloud also has excellent security.

 

[mystery hill]

If you want to only use Apple services, then iCloud Keychain and locked notes aren’t a bad option.

 

[adrianlondon]

I recommend Bitwarden.

Locked notes would be fine too, but I use Bitwarden as I use Firefox and that can't access keychain.

 

[0929037]

If you want to only use Apple services, then iCloud Keychain and locked notes aren’t a bad option.

I recommend Bitwarden.

Locked notes would be fine too, but I use Bitwarden as I use Firefox and that can't access keychain.

Thank You again for Your response
I know that 1Password/Lastpass/Bitwarden looks and is great. It has many features that makes Your life more convinient and secure, I guess.
But... What if the most important for me is possibility to save login/password OR just a PIN card OR secure questions OR something like Apple Recovery Key? This flexibility (and security!) is what I need.
1. Keychain on iPhone sucks in comparision to Mac because it has just 3 gaps- url (I need to make that one up in most cases because there is no URL when it comes to PINs or secure questions etc.), login (something like description in most cases) and password (or PIN or something secretish). It is visible in iPhones Passwords, Mac Keychain Access and Safari (that one is unnecesary for me).
2. Notes.app is much more flexible but I have no idea if it's secure and private while transferring from\to iCloud and reading\writing or just using...

Is 1 or 2 (second is the one I prefer) a way, or my passwords will be endangered and the only way is just third-party app or learning it all by heart? :\

 

[mystery hill]

A password manager like 1Password, LastPass, or Bitwarden, will let you generate a strong random password for items that don’t have a login URL.
They also allow you to edit the title or description.

Notes is secure as your phone and the note is protected by a passcode, Touch ID, or Face ID. iCloud is secure as long as you have a strong and unique password for your Apple account, and have 2-factor authentication enabled.

iCloud Keychain is encrypted in such a way that not even Apple can see your passwords.

 

[0929037]

A password manager like 1Password, LastPass, or Bitwarden, will let you generate a strong random password for items that don’t have a login URL.
They also allow you to edit the title or description.

Notes is secure as your phone and the note is protected by a passcode, Touch ID, or Face ID. iCloud is secure as long as you have a strong and unique password for your Apple account, and have 2-factor authentication enabled.

iCloud Keychain is encrypted in such a way that not even Apple can see your passwords.

I get it - Keychain and Notes.app are as secure as my AppleId login method. This is good against thiefs/hackers.
But how about Apple Crew? Keychain stuff can't be viewed even for them? How abouts Notes.app? Can Apple Crew access my Locked Notes?
Would You dare to stored Your AppleID and Banking account passwords on Locked Notes from Apple?

 

[mystery hill]

But how about Apple Crew? Keychain stuff can't be viewed even for them?

Yes, passwords in iCloud Keychain can’t be viewed by Apple.

How abouts Notes.app? Can Apple Crew access my Locked Notes?

Yes, they will technically be able to access your locked notes, though there are very strict policies on who can access your data. Generally, they will only hand it over to a government agency if required to by law.

Would You dare to stored Your AppleID and Banking account passwords on Locked Notes from Apple?

Apple don’t need your Apple ID password to access your iCloud data. They can already do that now.

Banking passwords can usually be reset if someone has access to your email account as that’s where the link is sent. If you use Gmail, then technically someone at Google can reset your bank password. If you’re using iCloud mail then someone from Apple would already be able to reset the password now.

 

[0929037]

Haha, You are right^^
But how about other stuff?

Apple Recovery Key? Banking cards PINs? Something not connected with AppleID mail? Secret Questions and other sensitive data?
If I do not need fancy auto-filling or how-strong-my-pass-is reminders features... Is Notes.app all I need in that case or if security+privacy is on the first place for me, I should forget about Notes.app and consider Keychain or something third-party only?

 

[mystery hill]

Banking cards PINs?

They would need to have possession of your bank card to use the PIN.

Is Notes.app all I need in that case or if security+privacy is on the first place for me, I should forget about Notes.app and consider Keychain or something third-party only?

If you don't trust Apple employees and don't want any law enforcement or government agency to have access to your sensitive data then you should use either iCloud Keychain for passwords, or a dedicated password manager like 1Password or LastPass, to store passwords and other information.

 

[0929037]

Got it!
So my Notes (Locked) are encrypted, but Apple or government agencies may still have access to my Notes. It is kinda safe to store my sensitive information there if I trust them, right?

 

[Runs For Fun]

Thank You again for Your response
I know that 1Password/Lastpass/Bitwarden looks and is great. It has many features that makes Your life more convinient and secure, I guess.
But... What if the most important for me is possibility to save login/password OR just a PIN card OR secure questions OR something like Apple Recovery Key? This flexibility (and security!) is what I need.
1. Keychain on iPhone sucks in comparision to Mac because it has just 3 gaps- url (I need to make that one up in most cases because there is no URL when it comes to PINs or secure questions etc.), login (something like description in most cases) and password (or PIN or something secretish). It is visible in iPhones Passwords, Mac Keychain Access and Safari (that one is unnecesary for me).
2. Notes.app is much more flexible but I have no idea if it's secure and private while transferring from\to iCloud and reading\writing or just using...

Is 1 or 2 (second is the one I prefer) a way, or my passwords will be endangered and the only way is just third-party app or learning it all by heart? :\

Strongbox will give you that flexibility. You can fill in whatever fields you want. So if you don't have a URL for an entry you don't need to worry about it. I didn't think Bitwarden had mandatory fields but I could be wrong. I'm fairly certain any good password manager out there doesn't have mandatory fields.

 

[0929037]

Strongbox will give you that flexibility. You can fill in whatever fields you want. So if you don't have a URL for an entry you don't need to worry about it. I didn't think Bitwarden had mandatory fields but I could be wrong. I'm fairly certain any good password manager out there doesn't have mandatory fields.

Thank You alot for Your contribution!
But what should I do if I want to stay as close to Apple ecosystem as possible?
Is Keychain my only option and I just need to fill URL and UserName gaps with some kind of random crap (password gap is all I need)?
Or maybe Notes.app is safe option either (are Locked Local notes more secure and private than Locked iCloud notes?)?