Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
IOS Apple IT Technology

Apple's iOS 14 May Turn iCloud Keychain Into a True 1Password and LastPass Competitor (theverge.com) 28

Apple's native iOS password manager may be getting an overhaul later this year with the presumed release of iOS 14 that will make it more competitive with third-party options like 1Password and LastPass, reports 9to5Mac. From a report: Right now, iCloud Keychain can store your passwords and help autofill them on the iPhone, where copying and pasting long strings of letters and numbers or manually doing so has been a headache since the advent of the mobile touchscreen. But it doesn't have reminders for changing those passwords like competitors do, and it doesn't support two-factor authentication (2FA) options. That means users are still stuck using potentially insecure methods like SMS or email in the event that they do have 2FA set up.
This discussion has been archived. No new comments can be posted.

Apple's iOS 14 May Turn iCloud Keychain Into a True 1Password and LastPass Competitor

Comments Filter:
  • I use iCloud Keychain, and at times when using it on the web I see complaints from it when it thinks a password is too insecure.

    Maybe that feature is not on iOS yet, though I thought I saw it there.

    • by saloomy ( 2817221 ) on Wednesday April 01, 2020 @02:12PM (#59898246)
      I have been using Keychain since its introduction on OS X years ago, and use it today as my password store that I meticulously curate. I am fully on Apple gear so it makes it easy for me. If I wasn't, cross compatibility would be an issue. I use the Keychain app on Mac OS when managing windows or linux environments that I have passwords stored for. Some of the things I personally wish they would overhaul:

      1. Some websites find the passwords incompatible. Either Apple is too complex, or not complex enough. That really sucks. I have to make up a random password.
      2. Password fields these days occur on pages after the user enters their login information. So it doesn't capture the username (damn you, Microsoft!). Some pages fix this now where it allows you to chose the username in the password dropdown. (Citibank credit cards still broken)
      3. Integration with the ssh command in terminal would be a god-send.
      4. Updating and saving the password in one application (like updating a password on the web) should automatically sync with other apps that consume the password. (tokenization of credentials for Apps would solve this)
      5. Keychain should log every time a password was accessed, so you can see passwords that are stale or no longer relevant.
      6. 2-factor keychain entry on iPhone works well. On Mac, they just ignore it IF there is no Touch-ID (Mac Pro). Works just fine on MacBook Pro.
      7. iPhone keychain only shows app passwords. Doesn't show Wifi Passwords (why?)

      Overall, I think one of the most important requirements here would be a more consistent implementation from software developers. I do wish Apple would automatically make passwords keychain-compatible during the app-review process. Its annoying how some apps work flawlessly with Keychain and discover relevant passwords based on URLs, and others just don't integrate at all. This seems to be when developers make their own custom password field HTML objects rather than using input type=password tags.
      • Thise are all great points, one thing I'll add is that I use a few websites that simply don't seem to register with the password manager (or at least iCloud Keychain), so each time I have to press "login" with empty fields to be taken to a page with password/udername entry fields that Keychain is able to autofill!

  • by Anonymous Coward

    I use lastpass on my linux and windows machines. How is this competitive if I can't use apple's code on them as a universal pw store? Or does this somehow involve Swift+blobs since it's cross platform?

    • by MachineShedFred ( 621896 ) on Wednesday April 01, 2020 @01:25PM (#59897988) Journal

      Exactly.

      It's not a competitor to LastPass and 1password unless it runs on Android and Windows. I want my password manager to run on all my things, not some subset of all my things which would make password management even more of a hassle.

    • Its designed to further lock you into Apples ecosystem. People use their phones more then their computer, so Apple is using iOS as the locking device to keep you locked in. Once you've saved all your passwords to iOS (as you'll more likely being logging into these sites on you phone), it'll create yet another barrier to cross when/if you try to leave Apple (same with things like movies, Apple TV+ etc....) And since people are more likely to choose the easier answer, they will more likely buy more Apple then
  • No thank you. I set my own password policy, i dont need Apple bugging me to change my methods. Hate the constant nagging of software these days.
  • Chrome (Score:5, Interesting)

    by backslashdot ( 95548 ) on Wednesday April 01, 2020 @01:20PM (#59897958)

    Make it available to Chrome and Firefox and make it easier to bring up the generate password feature.

    • This. If it's cross platform, then it's useful. If it's Apple only, it isn't. I do have an iPad mini, but I don't have any other apple hardware, nor do I plan to. It's all Linux, Android, and a Windows gaming computer + consoles for me.

  • When 1Password went monthly subscription, I found that Apple Keychain had improved over the years to the point of being just as good as the version of 1Password I had, so I switched to using Keychain and Safari Autofill as an alternative. Works just fine, and synchs to all my devices. It does not have its own two-factor, but when you do sign up for a two-factor site, macOS recognizes the text as a logon and sets up a one-click fill for you. No more having to copy over the two-factor code from your phone.

    • Apple Keychain on MacOS was foiled by a friend of mine who went in as admin and rm -r -f / and deleted the kernel. It would not boot up. When he reinstalled the OS his keychain was gone for all the settings it had for his passwords.
      • by _merlin ( 160982 )

        Not sure how he managed to do that. I've copied the Keychain data files to different machines and they've worked fine. I never used the iCloud synchronisation though, and I last used it with 10.6, so they could have screwed it up since then.

  • by blahbooboo ( 839709 ) on Wednesday April 01, 2020 @01:31PM (#59898022)
    Keychain is great, but it’s useless if you use multiple devices that aren’t all Apple. The nice thing about LastPass is it works on everything. Windows, macOS , android, iPhone, etc. Until keychain works across all the devices I need to use it is nowhere near a competitor to 1password or lastpass
    • by Anonymous Coward

      This is a feature not a bug.

      I wouldnt trust LastPass or any other program or trust any other OS to have access to my keychain.

    • Exactly. Besides which, 1Password and others haven't sat on their laurels. At this point, even if Keychain went cross-platform it'd need to add family account management before I'd ever consider it.

      My wife and I have our own vaults for personal accounts, plus a shared vault where our joint accounts are kept for things like utilities, Netflix, etc.. I also have elderly parents, and 1Password has been a lifesaver on more than one occasion. As the account admin, I've been able to pull up their vaults to provid

    • by antdude ( 79039 )

      Apple wants their users to use all their Apple products and services. :(

  • by TomGreenhaw ( 929233 ) on Wednesday April 01, 2020 @02:02PM (#59898194)
    I think not. Thinking about a authentication solution brought to us by the makers of iTunes gives me pause.
  • Reminders are arguably not important because for many sites you probably don't need to change the password if you have no reason to believe it was compromised. Assuming it was a strong, randomly generated password to begin with. After all, we are comparing to 1Password and LastPass so that is what I assume.

    And people can set their own reminders, whereas people can not make an application they don't control suddenly support 2-factor authentication. So imo the latter is more important than the former. I wou
  • Scare the bejesus out of me.

    Weren't we taught long ago to NOT put all our eggs in one basket?

    Humans are lazy.........

  • It won't replace 1password until

    1. Multiplatform
    2. Multi-identity: I have work/personal appleId's and need to access both sets of passwords.
    3. Peer to peer/Offline storage: Storing all the passwords in a single online seems like a terrible security risk.
    4. Have any concept of history: Mistakes/errors happen, history is important.

  • by Voyager529 ( 1363959 ) <voyager529 AT yahoo DOT com> on Wednesday April 01, 2020 @03:04PM (#59898408)

    Between Apple, Google, and Microsoft, I'd wager that Apple is the least-likely of the bunch to be incompetent or malicious with password storage. Given that too many people I know keep their passwords on their iPhones in clear text in their Notes, I'd consider a Keychain app a step up.

    That being said, here's a few password managers worth taking a look at:

    Team Password Manager [teampasswordmanager.com]. Not free and not open source, but cheap and self-hosted. The developer is responsive and releases updates regularly. While admittedly it is limited to only having a Chrome extension and Android app beyond the webUI (i.e. no Firefox or iOS options), it does have both of those. 2FA is limited to Google Authenticator, which is a pain on mobile devices, but an option.

    Teampass [teampass.net]. Free and legit Open Source, but it loses past that. The WebUI isn't exactly usable on mobile devices, but it easily has the most granular per-user permissions of the lot. There's an iOS app for it, but it requires an API to be added to the server side, installed separately, and I personally wasn't too successful when I tried. The only browser extension is for Firefox, requires the API, and is written by a third party (though hosted on Github). Still, if desktop-only access is okay, then it's one of the fastest and lightest weight in that context. As an added bonus, it supports both Google Authenticator and Duo for 2FA, and is one of the few that do.

    Bitwarden [bitwarden.com]. As far as feature completeness goes in the self-hosted password manager department, Bitwarden is without equal. Android and iOS apps, extensions for all the major browsers (including Opera and Edge?!), a CLI interface if you prefer, 2FA through Duo (if you want to pony up) and Google Authenticator (if you don't)...and plenty of other features one would want - an impressive lot for a free offering. That said, I personally found the UI to be pretty, but difficult to get it to do exactly what I wanted.

    Nextcloud [nextcloud.com]. I use this program to keep data on my phone synced back to my server at home; it's got a plugin for everything from photos to contacts to browser bookmarks to SMS...and one for password management. It's definitely not a do-one-thing-and-do-it-well option, and it is missing a lot of functionality of pure password managers, but as one more extension to an ecosystem and in comparison to Keychain, it's definitely an option.

    And, for those who don't want to do the client/server thing, KeePass and its cross-platform cousin KeePassXC are fantastic local applications.

    The options are extensive from there; Passbolt, Psono, and Syspass all get honorable mentions, with a list a mile long [alternativeto.net] of other options that span the gamut from FLOSS to commercial, file-based to cloud-based, sharing to personal.

    Apple extending the functionality of Keychain is good in that, if users stop using their 'notes' as a password manager, it's a step up. However, it's far from a requirement.

Your password is pitifully obvious.

Working...