Apple To Launch 'Passwords' App, Intensifying Competition With 1Password, LastPass

Apple will introduce a new app called Passwords next week, aiming to simplify website and software logins for users, according to Bloomberg. The app -- offered as part of iOS 18, iPadOS 18, and macOS 15 -- will be unveiled at Apple's Worldwide Developers Conference on June 10. Powered by iCloud Keychain, Passwords will generate and manage passwords, allowing imports from rival services, and support Vision Pro headset and Windows computers.

Security

[Baron_Yam]

If all your passwords are accessible from your computer, then following the rule 'a chain is only as strong as its weakest link', every account you store in that password manager is no safer than your local workstation logon.

Multi-factor authentication is far better than a million long and complex passwords stored in a password manager protected by one simple password.

Do not use a password manager. Do not join every Internet site you visit using the same password. Do use MFA.

Re:Security

[DarkOx]

The chances someone attacks and compromises my PC - extremely remote.. Its not even on when I am away from it!

The odds someone password sprays some popular web application - all day every day

the odds someone decides to target 'me' and uses resources like "have I been pwnd" to see what breaches my e-mail address have been exposed in and backs into what online services I might use and does a targeted password guessing attack - certainly non-zero..

Frankly strong complex passwords that are unique per site - are a really solid and effectively control. Doubly so when coupled with even very weak MFA like OTP via SMS. MFA bypasses do happen; phones get ripped from your hands while in use by thugs on the street and kept unlocked until they can ripp you off other ways using that access.

The MOST secure thing you can probably do is use a password manager with a LOCAL datastore on your PC, that you keep 'somewhat' secure in your home, and further protected with a strong master password used for key derivation for use with good encryption. Yes this means can't login to stuff when you can't access your home PC.

Re:Security

[Baron_Yam]

The MFA-bypass I see most often is a 365 access token getting intercepted when someone is using free WiFi. Microsoft is working on changing their communications to prevent this method of compromise, but I don't know when that will be deployed or if it will be done for all versions of Office currently in use.

Re:Security

[fph il quozientatore]

What? 365 access tokens are exchanged on the network unencrypted? Seriously? Has Microsoft fallen that low?

Re:Security

[Ksevio]

Of course not. They use SSL like pretty much all traffic these days

Re:Security

[rabun_bike]

I adhere to the "no cloud" policy with regards to storage of my passwords. As a security and software engineer with a specialization in cryptography I could not find a modern password program that (a) had no built in ability to connect to cloud systems (b) was a self contained native executable (c) runs on Linux, Mac, and Windows natively (d) and most importantly encrypted passwords / secrets protected by a hardware security token not tied to the target machine such as a TPM module. So I spent 2 years during COVID building a password manager for myself and my wife that does what I want. It took a lot of time to reverse engineer many of the Yubikey PIV smartcard calls so I don't have to rely on any 3rd party code to communicate with the Yubikey. The program encrypts every password to personalized Yubikeys via the PIV standard using RSA 2048 keys encrypting a AES-GCM key protecting the secret, it has zero network capabilities, it can run off a USB stick with a self-contained executable, every password is uniquely encrypted and cannot be decrypted without touching a registered Yubikey and/or using the Yubikey PIN for each password and not just when you first open the password "vault." And of it runs on all my different desktop environments. What I don't know is does anyone care? Would anyone want something like this except for me? It would be interesting to know as thus far many of my colleagues find it interesting but don't seem to get the level of security I have gone to LOL..

Re:Security

[FictionPimp]

I use apple's hide my email feature combined with a password manager for access today.

Every site has a unique email address and unique password and MFA if supported. It's seamless and easy to use. Sure you could compromise the device and gain access to my password manager, but then you need a MFA bypass. Plus the password manager is locked so you need that password. I'm comfortable with that. Even if you use the OSX built in password manager you have to prompt your fingerprint to auto-fill. It's good enough and perfect is the enemy of good.

Re:Security

[DarkOx]

yep I have a separate system I use exclusively for work (it belongs to my employer but I 'administer it') I do use Apple's keychain there, but I do not sync it to icloud.

Re:Security

[strikethree]

The chances someone attacks and compromises my PC - extremely remote.. Its not even on when I am away from it!

I could swear you said this ironically... and then I read the rest of your words. WTF dude? Seriously? Your PC is being attacked every time you do anything on the Internet. Yes, "you" are not important enough to attack, but your computer is and in fact, is being tested constantly. Better keep up on your patches if you are going to have such naive views about your safety.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Security

[UnknowingFool]

I recall reading somewhere that MFA is the easiest most effective security to implement, preventing something like 90% of common attacks. Take this all with a grain of salt, as I am not bothering with finding citations :)

Effective but I do not know about "easy" though. For a consumer getting an authentication app is not difficult nor the setup for each site. For the backend systems, I do not know. Now the difficulty is worth the increased security.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Security

[Anonymous Coward]

Yep super easy to setup there and in many other places too. I even have MFA for SSH on my *nix boxes, which are purely personal use, it was pretty trivial to setup. Seeing all of these financial institutions still using SMS or email for MFA is just purely asinine. They could implement MFA, supporting an authenticator app for their login system in a couple hours of dev, testing and deployment.

Re:Security

[UnknowingFool]

Do not use a password manager. Do not join every Internet site you visit using the same password. Do use MFA.

You do realize you set up conflicting conditions? How do you remember all the passwords you have created again? Oh right use MFA that not every site has. That is like advocating every one not drive their own car; use the subway in your town that does not exist.

Re:Security

[Baron_Yam]

If necessary, pen and paper work fine so long as it's not a sticky note on your monitor.

Re:Security

[UnknowingFool]

Bahahaha. Your solution is to use an archaic system that no IT department would ever approve. Instead of keeping passwords somewhat secure in a program; keep them completely insecure. Sure.

Re:Security

[Baron_Yam]

Congratulations on your excellent choice of an appropriate username.

Re:Security

[UnknowingFool]

Do you admit that instead of advocating for a system that is somewhat secure but not enough for you; you advocate for doing something completely insecure? I take it you never worked in a high security environment. Writing down passwords at a minimum will get you fired. If it is government related, that might come with criminal charges. That is what you are advocating because you do not seem to have thought out your plan.

Re:Security

[Anonymous Coward]

Only UnknowingFool I see here is Baron_Yam. Not writing down passwords is one of the pre-reqs to get into the "password security 101" class. Looks like you haven't even passed kindergarten on password security, just sit down and let the big boys work. Maybe you can learn a thing or two.

Re:Security

[Anonymous Coward]

Correct! I use pen and paper and I have my web cam looking at the paper so I can find it in Microsoft Recall if I lose my paper so everything is safe. I use Roman Numbers to encode digit so joke's on them!

Re:Security

[UnknowingFool]

All your passwords are "I II III IV"?

Re: Security

[beelsebob]

Wait, you think that pen and paper is more secure than an encrypted database stored locally on your computer?

Re: Security

[UnknowingFool]

Yes he does. Next thing he will tell you is to make passwords as short as possible. Also only use numbers. That is why all my passwords are "1234"

Re: Security

[iAmWaySmarterThanYou]

I use 123. The same as my luggage so I don't forget.

Re: Security

[UnknowingFool]

I see you have not upgraded your luggage to the latest version. Guess your luggage is not l33t.

Re: Security

[iAmWaySmarterThanYou]

I find it hard to remember my code on 4 or the even more difficult 5 digit luggage.

Everyone knows 123. Who can remember 1234 or 12345... c'mon!

Re: Security

[RKThoadan]

Everything always depends on the threat model. A sticky note on your monitor with an appropriately complex passwords is incredibly resilient against remote attacks. An encrypted database stored locally is also very strong, but theoretically could be copied off and eventually brute forced.

Re: Security

[UnknowingFool]

As someone pointed out, this system loses advantages if it has to be used away from a fixed location. Carrying all your password in paper form is not ideal if the computer is mobile. Like a smart phone or traveling with a laptop.

Re:Security

[iAmWaySmarterThanYou]

Lol, when I was a college kid working IT for random department, I had to help one of the admins who was having trouble logging into the school's mainframe or whatever the fuck it was. It required "tn3270" (some name like that) to login.

So, I'm there for 30 seconds and she says she's going to lunch, the department master passwords are on a piece of paper taped to her desk under her keyboard and she walks out. *boggle* It wasn't a post it note on her monitor, right?

Ok, so it turns out she just can't type. I get right in and find myself at an interface that lets me look at and *change* the grades and class list of any student in both current and previous semesters. Very tempting but holy shit. I logout without altering anything and leave but probably could have gotten away with anything.

Is that the kind of security you're talking about?

Re:Security

[Tony Isaac]

And you're supposed to carry this paper with you everywhere you go?

Re:Security

[Kerry Boehm]

I hope this is sarcasm

Re:Security

[UnknowingFool]

From my experience with this poster is that they post ideals but when pressed when practical problems, they often have no answers or clue as they do not seem to have any real experience in whatever situation about which they have strong opinions. In this case, it seems he or she has never worked in a corporate IT environment where writing down passwords is a fireable offense. Or in a government environment where that is a prosecutable offense.

Re:Security

[penguinoid]

Was I not supposed to be using the password P@ssword1 for every dumbass site that wants a login for no reason?

Re:Security

[peril]

Uh - I think you mean - use MFA where you can - the password manager is not directly accessible without (typically) a MFA login itself, and then it protects individual credentials so there are no credentials shared with any online account.

The problem that password managers help / solve is password portability between platforms, so that for instances - you have access to the same vault on windows, mac, linux, android, ios.

Not to argue the point of MFA - that's 100% accurate, but rotating your password, having unique passwords, and having mfa protection of the vault are the big benefits of 1Password / Bitwarden ; Can't really consider LastPass in this category because of how awful their breach responses have been.

Re:Security

[ctilsie242]

If I were able to concoct a new password for every site which is unique... which can be hard, (as I can't just use a HMAC with a sitename because some sites have different password rules, so one master PW being used to hash the host name isn't going to cut it,) maybe not using a PW manager is good. However, it is about addressing the weakest links. Credential stuffing and brute force PW guessing is a major attack vector. Many sites don't have lockouts, and if they do, the attackers just use another IP range. So, protecting against that requires long, random passwords. This is what a PW manager goes well with. foo.com gets a randomly generated password completely different from bar.com, and no amount of guessing can link the two, assuming a decent modern CSPRNG.

Now for the PW manager. Because all eggs are in one basket, the password manager has to be well designed. For example, not just passwords have to be encrypted, but URLs, usernames, memos... anything that goes into a database entry. If URLs are not encrypted, sites that use URLs to authenticate can be compromised with ease, or sites that use URLs for auth tokens are vulnerable, not to mention the concern that the PW manager, assuming a cloud based backend is harvesting the URLs to sell. Architecture-wise, having a passphrase and a secondary AES key seems to be solid, like how 1Password does things, and how Codebook has a sync key. This stops any attempts at brute-forcing cold. Downside of cloud password managers is that you have to depend on their cloud backend.

If one is just needing a PW manager for oneself, nothing wrong with KeePass. Copy a keyfile to all the endpoints, store the .kdbx database on a cloud provider (GDrive, Dropbox, whatever), set a decent passphrase, and go with that. An attacker who gets into the cloud provider can't brute force the database.

If one needs to share passwords, then something with a good reputation. 1Password, BitWarden, and for the enterprise, Keeper.

I have two practices. First, I use one PW manager for passwords. This is used with the browser as an extension/add-on. I use a second PW manager for 2FA codes, and this is used on my smartphone. This way, if the desktop is compromised, 2FA codes are out of reach, and vice versa.

Another thing I do is, on a clean machine with an encrypted partition, is back up all the password manager data, export it as text, be it JSON, CSV, or whatnot. This way, if something happens, I can restore, or just migrate to another PW manager. The backups being in plain text need to be protected, so I have these stored on a LUKS volume on an encrypted USB flash drive [istorage-uk.com]. This way, if someone finds the USB drive and guesses codes, it will erase itself. However, if the hardware encryption is weak, LUKS is known and good, effectively providing "two-factor" authentication for encryption.

The big thing is finding a known good PW manager.

Bonus points if it can do PassKeys, so you can move a PassKey between machines.

Re:Security

[Bill, Shooter of Bul]

Uhm. No. Every account is only as safe as:

The complexity of the password used.
The presence of a second factor for the login
The security of the site the password is used.
The security of your browser/ application used to access their system.
The complexity of the password on the password manager.
The presence and security of the second factor of the password manager
The security design and implementation of the password manager.

Re:Security

[iAmWaySmarterThanYou]

Don't forget the network in between, the transport layer and the security of the PC/device and OS it runs.

A keylogger can ruin your whole day.

Re: Security

[beelsebob]

The choice is to use a password manager, which in the case of Appleâ(TM)s verifies something I have, and (something I am or something I know); or to use a shit password that I can remember for each web page. It verifies this every time I try to access a password, not only at login.

Alternatively I can use a shit password that I can remember for each web page.

In both cases I can combine this with the web pageâ(TM)s 2 factor auth.

It would be utter idiocy to *not* use a password manager to generate very good passwords, and/or pass keys.

Re:Security

[ceoyoyo]

The weak link is usually the unhashed password database of that website you're using. That remains true whether you stick your password in a password manager or a sticky note on your monitor. The password manager means you can give each one of those websites a different password.

Windows /linux

[ZERO1ZERO]

I use keychain all the time. But its annoying when im on a windows pc and i dont have access to my passwords Can some solution be made here

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Windows /linux

[brickhouse98]

Sure. Just use a cross platform solution like Bitwarden.

Re:Windows /linux

[Xenolith0]

Bitwarden is one of the very few "SaaS" things I pay for. At $10/yr the benefits I get are amazing.

I get encrypted cloud sync across my Linux desktop, browser extensions for firefox and chrome, laptop, andriod tablet and iphone.

And, the big thing that initially made me switch to BW, I can setup "emergency access" so that if I get run over by a train, my family can "request access" to my vault, and, if I don't cancel the request within 3 days, they get full access. EVERYTHING is in my BW account. Credit cards, passwords, full disk encryption keys.

Re:Windows /linux

[iAmWaySmarterThanYou]

You only have to be held hostage for 3 days?

Re:Windows /linux

[mkosmo]

Bitwarden is the answer to most of these problems... cross-platform/cross-everything, FOSS, audited, cheap/free.

Re:Windows /linux

[cmseagle]

There's an iCloud client for Windows that'll give you access to your passwords.

Re:Windows /linux

[dynamo]

Write a small program in your head to generate your passwords.

Re:Windows /linux

[mkosmo]

Your head will never be as random or secure as an actual RNG doing its thing on your behalf. And it's entirely possible to reasonably secure passwords in a password manager.

Not really new

[joh]

All the functionality is already there, they're just breaking it out into an app of its own.

Re:Not really new

[bill_mcgonigle]

Sounds like with Safari losing its artificial monopoly they want to have an option for users to not wander away with Chrome or Bitwarden, etc.

It's weird that with 2FA and passkeys and FIDO on the rise that in 2024 they name it Passwords.

That seems like a 2007 name.

Re:Not really new

[UnknowingFool]

What do you mean? Apple's password system Keychain [wikipedia.org], has existed as part of the OS since 1999. Safari leverages it. The main UI however has been using the Settings UI. This app appears to be a new interface for the subsystem.

Re: Not really new

[beelsebob]

This has nothing to do with Safari. Keychain has been a thing since before Safari existed, and has allowed 3rd party apps to prompt the user for passwords since way back then. I think itâ(TM)s even existed since before OS X!

Passwords already exists

[Anonymous Cward]

The only difference is a minor UI change so that it can appear as an independent app instead of within Safari on macOS, or Settings in iOS/iPadOS. This is not an innovation, it is a small common sense step to make accessing TOTP tokens easier when apps and websites like PayPal bugger up their UI design in a manner which stops the usual biometrics-driven autofill prompt from working. If Apple do things right this time, it will also let folks export their passwords in bulk on iOS for once.

Re:Not really new

[cob666]

All the functionality is already there, they're just breaking it out into an app of its own.

Based on what I've read, yes, Apple will be using iCloud Keychain to store passwords. There is already a really nice app that also uses iCloud but not their Keychain called Minimalist:
Minimalist Password Manger [minimalistpassword.com]

Minimalist seems a bit more flexible that what Keychain currently offers so let's see how Apple actually bolts a front end onto their Keychain. Curious to see if this is another example of Apple providing the bare minimum requirements and expecting users to just adapt their usage to another crippled UI. If it's better than Minimalist, I might switch over but I've already paid for Minimalist so there's no huge incentive to migrate right off the bat.

Re:Not really new

[ceoyoyo]

They're addressing a pretty obvious oversight. Macs have a Keychain app so you can actually see your passwords, add notes, generate passwords, all the usual stuff. On iOS it's currently just a list of everything they shoved in Settings pretty clearly as an afterthought.

I really want more...

[aaarrrgggh]

With the iCloud lockout attacks that have been happening lately this seems like a bad idea. But then we are stuck with the reality that something is needed-- I manually entered a 21-character password for a critical account over 20 times a day to try to be more secure... but then you add risk for other types of attacks.

The weakness of Apple's system is that with the phone and passcode a thief is golden. How do you really make it secure AND usable?!

This is not really a password app competitor

[alispguru]

It is just Mac/IOS app wrappers around the password storage that iCloud already has.

As such, it's Apple-only.

Other password storers can start worrying when Apple releases Android/Windows apps to access those passwords.

That should not happen for a LONG time - Apple has a bad track record on cross-platform service apps (iTunes for Windows, anyone?), and I would be afraid of using something like that on really critical stuff like my passwords. I say this as an Apple user since 1993 (Quadra 605).

Re:This is not really a password app competitor

[UnknowingFool]

That should not happen for a LONG time - Apple has a bad track record on cross-platform service apps (iTunes for Windows, anyone?), and I would be afraid of using something like that on really critical stuff like my passwords?

And what do you use for your passwords? Pen and paper?

yes...

[Anonymous Coward]

The lock on your house is more likely to work than any digital mechanism which can be hacked through god knows how many schemes and more importantly you will know if your house is ever broken into. What's wrong with paper? Just the fact it was invented thousands of years ago?

Re:yes...

[UnknowingFool]

1) Er what? Lockpicking tools have existed for centuries so I would not place that much stock in locks made for average consumer. They do not keep out professionals. They keep out neighbors. 2) Are you advocating using a completely insecure system of pen and paper to secure passwords? Just checking. 3) No company I know would allow for passwords to be on pen and paper. Some companies will fire you for that.

Re:This is not really a password app competitor

[Chris Mattern]

Personally, I'm fond of Password Gorilla, which is a handy cross-platform password app that doesn't depend on any external service, only your own computer.

Re:This is not really a password app competitor

[Voyager529]

And what do you use for your passwords? Pen and paper?

I've been using Team Password Manager [teampasswordmanager.com] for a while now at work, though we used Teampass [teampass.net] before it. Vaultwarden [github.com] + Bitwarden has been a fantastic move for my personal password management.

There's also Passbolt, Buttercup, KeePass and a few forks thereof.

Moving on from the free / open source options, there's Keeper and Steganos and mSecure, which do local storage. If you're open for cloudy options, LastPass still exists (Lord knows why), Dashlane and 1Password are still very popular, and ProtonMail now offers a password management solution as a part of their suite. So does Surfshark and NordVPN. Google and Microsoft also offer browser-based password management; I'm sure there's a way to access that data in a mobile app somehow.

Ultimately, Apple is entering into a pretty crowded field, and really all they're doing is making a dedicated app wrapper for the Keychain functionality they've had for decades. Those who are using it can continue to do so. As others have stated, the new-Apple-devices-only policy is a liability, rather than an asset, since pretty much every service I've listed has a means of using the service on Windows, Mac, Linux, Android, and iOS.

So no, pen and paper isn't the only option at all.

Re:This is not really a password app competitor

[alispguru]

On Macs, iCloud for passwords in Safari and iOS/macOS apps.

I also use mSecure with the password save file in Dropbox, just to have things in more than one place - don't want a single point of failure (like my Apple ID, say...) to lock me out of the web.

Re:This is not really a password app competitor

[cmseagle]

As such, it's Apple-only.

Other password storers can start worrying when Apple releases Android/Windows apps to access those passwords.

There's already an iCloud client for Windows that gives you access to your keychain passwords.

Re:This is not really a password app competitor

[alispguru]

Shows how little I follow Windows these days. It definitely exists, and reviews are mixed.

A true cross-platform password app these days has to support Mac/iOS, Windows, and Android at a minimum, with web access for the rest of the universe.

Re:This is not really a password app competitor

[reanjr]

It's right in the summary:

"Passwords will ... support ... Windows computers"

Paywall

[Zak3056]

Paywall free link here. [archive.is]

Bitwarden

[devlp0]

I'm very happy with Bitwarden thanks, and it's free!

Sounds promising.

[SvnLyrBrto]

I've been looking for a replacement for 1Password ever since they decided to stop being an honest company selling an honest product at an honest price and embraced the Zynga model of nickel-and-diming people to death with recurring payments. And then they doubled down on turning into a shit company making a shit product by aping Evernote and abandoning a very good native app in favor of a half-assed web app in an Electron wrapper. But, as awful and contemptible as both moves were; the alternatives have always been far too craptastic and/or stripped of features to fit my needs and preferences.

It will probably take a few iterations, as with most things Apple these days. But it's hard for real software to *not* catch up and surpass Electron junk. So maybe in a few years 1Password will join the likes of Evernote and Fantastical in the rubbish bin of once-great-but-now-trash software history. And if Apple includes a "migrate from 1Password" functionality, it will be golden.

Re:Sounds promising.

[Cyberax]

I've been looking for a replacement for 1Password

BitWarden.

KeyChain Access.app = Passwords.app

[Savage-Rabbit]

So Apple is replacing 'KeyChain Access.app' which is a front end to a system that already does all of this with a new one called 'Passwords.app' that will be the new front end to a system that already does all of this?? Big f****ng deal.

Re:KeyChain Access.app = Passwords.app

[UnknowingFool]

I would surmise that Keychain being part of Settings has limitations on the UI whereas Passwords will have a different UI. Also KeyChain access is in Settings -> Passwords.

Re:KeyChain Access.app = Passwords.app

[Anonymous Coward]

No, this is likely just replacing the System Settings passwords, which should have been a separate app in the first place.
Keychain Access on the other hand does a LOT more than just passwords and I'm guessing is unlikely to go anyplace for a very long time. It's also a low level tool that most users don't need to concern themselves with since they likely only care about the passwords portion.

Re:KeyChain Access.app = Passwords.app

[FictionPimp]

It's funny as hell that people are losing their shit that apple is releasing a new UI for an existing feature to improve the user experience.

Needs a bit of AI

[gnasher719]

Why would a password manager need AI? Because of all the bloody idiots who don't accept auto-generated passwords by default. They have stupid restrictions. "6 to 12 characters" or "8 to 15 characters" - Safari passwords have 20. "One uppercase, one lowercase, one digit, one special character" - Safari likes 18 letters, separated by two hyphens. That's about 128 bits entropy. But no, it must be 12 characters and one must be special.

So a bit of AI would analyse the screen, read the rules of the website, and produce the most secure password with these rules.

Re:Needs a bit of AI

[iAmWaySmarterThanYou]

Try P@assword123!

It fits most password requirements.

Yes but...

[jaygull]

will it work on windows? If not, I don't want to switch from 1password.

Could Work if Priorities are Right

[eepok]

Security professionals and hobbyists will always put security above all. They'll run their own home servers, put them behind hardware firewalls and use a VPN to access that server to pull out a password they need. It's fun for them.

Everyone else in the world prioritizes security like as written below and every business attempting to improve the digital security of the general public would do well to share their priorities or they'll simply be niche utilities for professionals and hobbyists:

1. CONVENIENT - The service must be available on iOS, Android, Windows, and MacOS. It must be able to automatically learn, update, and enter logins/passwords automatically.
2. SHAREABLE - Be it in business or families, many digital accounts are shared. It must be able to share logins/passwords within trusted set of accounts easily and securely.
3. INTUITIVE - You shouldn't need training to use the basic login/password storage and entry feature.
4. RELIABLE - When it comes to security, people don't care about the "newest". They want the most known product. They want stability. They need to know that the product isn't going to disappear in 2 years if the company don't reach unicorn status with investors.
5. SECURE In Preparation and Reaction - Yes, this is the 5th most important thing because if it's too hard to live with, people will just not use it.

And "secure" doesn't mean "impervious to all attacks forever" because whoever holds the largest market share will attract the most (and most sophisticated) hack attempts. Bitwarden's lack of known hacks is not impressive because it has 1% of marketshare as compared to LastPass's 25%, so it only make sense that LastPass is under constant attack and that eventually someone succeeds.

Apple has MASSIVE potential here. They're trusted by people and businesses for financial transactions (Apple Wallet), they're definitely a stable company, and they make very intuitive UI. Where they have severe systemic issues is interoperability outside of their Apple software environment. They often refuse to facilitate it. If they are willing to make an Android app and plugins for all the major browsers, they might be able to unseat LastPass in short order.

Is it called SureLock?

[Lycestra]

I mean, obviously itâ(TM)s in that realm of software takeover. Bundling means people might use it for convenience over quality. If they kill off plugins, Iâ(TM)m another step closer to Linux and keeping my current solution.