All Devices Keychain and Password manager are a hazard instead of helpful now

[10smom]

Many apps no long let you use your keychain or other password manager to login or setup passwords. It has become completely unsafe. I am having to reset password over and over again and use the web browser to set or reset password. If I change devices I have to do it again. Password manager have become a nightmare. I have to use same password over and over again for every app just os I can remember it. And I cannot copy and paste. I have to type in keyboard.

Has my phone been hacked or is everyone having this issues since 13?

 

[Puonti]

I use 1Password and all of the apps I use allow me to autofill my credentials from 1Password when needed (which is rarely). I'm not sure what "many apps" means, and it's always possible that you're using some other password manager that I have no experience with.

My takeaway from this is that no, not everyone is having the issue you describe and nothing's become completely insecure.

 

[10smom]

I use 1Password and all of the apps I use allow me to autofill my credentials from 1Password when needed (which is rarely). I'm not sure what "many apps" means, and it's always possible that you're using some other password manager that I have no experience with.

My takeaway from this is that no, not everyone is having the issue you describe and nothing's become completely insecure.

You must be paying monthly for 1 password? I have the original 1 password that is self hosted. They have shut down a lot of features trying to force us to pay for them on a monthly basis.

But does not mean I should be having issues w/ keychain.

This is why I think my phone may have been hacked and there maybe someone trying to access my passwords. How do I check?

One shopping app was even trying to access my email and change my password. I saw it happening because I got email notification from my primary email for that account.

An example would be a twitter account I set up on my iPhone twitter app. I could not use 1 password or keychain for suggested passwords. I Had to go to notes and make one up and try to copy and paste. It would not let me do it in app so I had to go to saffari to get key chain to pop up. Then I could only. Use suggested password and keychain did not save the login in info. I had to manually set that info up. Now, on my iPad I tried to login to that account it it is. No where to be found. Same for many other apps.

 

[Puonti]

You must be paying monthly for 1 password?

I do subscribe yes, but as far as security of the 1Password app itself goes we're both equally well covered since we're both using the same app. If you launch 1Password on your iPhone you should see the app's version number near the bottom of the first screen, between the options "Review 1Password" and "Advanced" - it should be 7.6.2.

Is that the version number you're seeing also?

This is why I think my phone may have been hacked and there maybe someone trying to access my passwords. How do I check?

This is where things get tricky when trying to troubleshoot problems remotely. I can't see what you see, so I'm really just guessing.

Do you have anyone living with you? It's possible a family member for instance has access to your iPhone and is using it without your permission, or with your permission but doing things they shouldn't be doing. Or they might be logging into the same apps / websites as you are with their own credentials, after logging you out (which from your perspective would seem like you're always having to log in).

How do you secure your iPhone? With a numeric passcode? A password? Have you shared it with anyone? Is it unguessable? Do you use Touch ID or Face ID?

The unlikeliest scenario - as in "it doesn't happen to regular people" - is that someone has hacked your iPhone remotely. It's so unlikely that I tend to suspect user error first.

One shopping app was even trying to access my email and change my password. I saw it happening because I got email notification from my primary email for that account.

So you received an email which said something like "Someone has requested to change the password of your account tied to this email address. If it wasn't you, you can ignore this email", is that correct?

 

[Ulenspiegel]

I use Enpass without any problems on iPhone, on Mac and on Windows based PC.
You can choose from one-time purchase (€ 49.83) and subscription plan (€ 0.90/month). There is no difference between the two versions. The Desktop versions are free, you pay only for the mobile application.

 

[StaceyMJ86]

I have 1Password and don’t pay monthly for the subscription. I do not have any issues using 1Password or iCloud Keychain to input my passwords. I’m also still currently on 13.5.

 

[firedept]

I have to agree in that someone hacking into your phone is extremely remote.

I have been using 1password for years and have never had this issue. I am using the stand alone version on my MBP, iMac, iPad and iPhone. Have not gone to subscription as of yet. Have you changed some setting in your app or phone recently? It's all I can think of. I am on iOS 13.6.1 and version 6.8.8 of 1Password.

 

[ApfelKuchen]

I don't see what the hazard of Keychain or One Password might be, based on your description. Apps/sites that do not support their use may be the "hazard." And the only reason that would be a hazard is because you may be choosing to remember those logins, rather than record them in One Password. You can still create unique logins for every account you use, and store them in One Password, even if you cannot use auto-fill or copy/paste.

Even if an app or site does not allow auto-fill, you can (and should) still record your logins and passwords in a secure manner. One Password will even generate complex passwords for you on request. Copy/paste from One Password still works in nearly every case. And if it doesn't? It's not One Password's or Keychain's fault - apps/sites that don't allow copy/paste are trying to be extra-secure by prohibiting actions that might be performed by a bot.

As to "hackers..." While hackers are real, all too often people use the term to describe any unexplained, accidental, or unwanted behavior. It's like blaming Leprechauns, pixies, demons, the gods, Satan, or Aliens. It's convenient to blame some malevolent/mischievous supernatural force for such things, but the most likely answer to anything of this sort is human failings (whether yours, or a programmers). The "exotic" may be more comforting or alarming (or self-flattering), but it is almost never the true answer.

As to an app having any capability to access/change the password of an account... totally unlikely. It's back to human frailty - did the email really say what you think it said? If it did, it was probably a phishing message, trying to scare you into clicking a link and "updating your login information."

Many services will notify you if a password has been successfully changed, to alert you if you were not the person to make the change. However, I know of no service that advises you of unsuccessful login attempts. And they certainly wouldn't identify who was making that attempt. Mails that say things like, "A person in [country] using a [model of computing device] using the IP Address [numbers] tried to change your password (or make a purchase with your credit card)" are phishing attempts. They heap on fake "information" in order to make the email see more legitimate and to get you to click a link or make a phone call to a fake "support" number.

 

[10smom]

I don't see what the hazard of Keychain or One Password might be, based on your description. Apps/sites that do not support their use may be the "hazard." And the only reason that would be a hazard is because you may be choosing to remember those logins, rather than record them in One Password. You can still create unique logins for every account you use, and store them in One Password, even if you cannot use auto-fill or copy/paste.

Even if an app or site does not allow auto-fill, you can (and should) still record your logins and passwords in a secure manner. One Password will even generate complex passwords for you on request. Copy/paste from One Password still works in nearly every case. And if it doesn't? It's not One Password's or Keychain's fault - apps/sites that don't allow copy/paste are trying to be extra-secure by prohibiting actions that might be performed by a bot.

As to "hackers..." While hackers are real, all too often people use the term to describe any unexplained, accidental, or unwanted behavior. It's like blaming Leprechauns, pixies, demons, the gods, Satan, or Aliens. It's convenient to blame some malevolent/mischievous supernatural force for such things, but the most likely answer to anything of this sort is human failings (whether yours, or a programmers). The "exotic" may be more comforting or alarming (or self-flattering), but it is almost never the true answer.

As to an app having any capability to access/change the password of an account... totally unlikely. It's back to human frailty - did the email really say what you think it said? If it did, it was probably a phishing message, trying to scare you into clicking a link and "updating your login information."

Many services will notify you if a password has been successfully changed, to alert you if you were not the person to make the change. However, I know of no service that advises you of unsuccessful login attempts. And they certainly wouldn't identify who was making that attempt. Mails that say things like, "A person in [country] using a [model of computing device] using the IP Address [numbers] tried to change your password (or make a purchase with your credit card)" are phishing attempts. They heap on fake "information" in order to make the email see more legitimate and to get you to click a link or make a phone call to a fake "support" number.

Well how about all my password misssing from keychain. Now what? I would say that was a hazard. have no clue how to fix. still have keychain passwords on ipad.

all of sudden I got logged out of youtube primium and asked to me to log back in on iphone. Tried to use keychain and no passwords at all. all are missing.

 

[10smom]

can anybody explainh to me how I get My keychain back on my iphone usning my ipad? where did it go???

 

[Puonti]

Unfortunately I don't use keychain enough to troubleshoot it remotely, and the little I do has always been trouble-free. I'm sure that someone on this forum does however.

 

[gnasher729]

I don't see what the hazard of Keychain or One Password might be, based on your description. Apps/sites that do not support their use may be the "hazard."

My wife was asked to create a password for an app just this morning. 8 characters minimum, one capital, one lowercase, one digit, one "special" character. Prevented iOS suggested passwords from working. And the idiots, who are selling coffee that costa fortune, claimed that this lets you create a password that is "easy to remember".

 

[posguy99]

You must be paying monthly for 1 password? I have the original 1 password that is self hosted. They have shut down a lot of features trying to force us to pay for them on a monthly basis.

No, actually, they haven't. Now, if you haven't bought 1Password 7, you might be having issues.

 

[10smom]

I called apple and they cannot figure out what going on. She thinks maybe speed issues w/ internst. Iphone is much slower than Ipad which is on same cell service. had T mobile reset tower access. I get 60 mp on ipad and now 12 mp on iphonr . still no keychain passwords. calling apple again.

 

[10smom]

Please see this thread for update and more info. It happening to ipad now. Please help!

I think my iphone and ipad got hacked?

I posted about my iPhone a few days ago. I no longer have access to my key chain on my phone, and a lot of other things happening on my phone, I click on, and image that I thought was one I selected to download even though I did not remember. It just popped up. Now my phone is chaos. The...

forums.macrumors.com