Password Managers - what are you using?

[allan.nyholm]

I use Secrets 4 - I had been using Secrets 3 for a good while and just recently took advantage of a huge discount for a year long subscription.

It's one person developing it. To my knowledge. I probably chose Secrets (version 3) initially because it was a cheap one-time purchase when it was released some years ago.

Then I went all in and keep all my things there. It's less than ideal because I sometimes use Windows and Linux and have thoughts about the macOS eco-system and if it's the best for me going forward. For that I have to get my act together and move over to either 1Password, Bitwarden or Strongbox.



I've been trying to move to Strongbox before buying into Secrets 4, but where Secrets 3 failed was on exporting its content as something Strongbox could read. For whatever reason no amount of exporting from Secrets would be imported to Strongbox. The formatting of files is wrong.

If I decide to stay where I am, on macOS, then Secrets 4 and perhaps Secrets 5 is my go-to. Some flaws exists with Secrets 4; no 2FA sections or autofill of same. Which means that I rely on Step Two for 2FA when I use Firefox and chromium-based browsers. Not ideal either. The developer of Secrets appears to be a kind individual who, at least to me, responded to some password snafu that was going on.

Although, if he decides to act upon my asks... that's still unknown. There's not a lot of updates to Secrets 4 and there wasn't a huge amount of updates to Secrets 3 either during its lifetime. It's a quite stable app with no glaring bugs that's apparent to me. I'm also not actively looking for hardcore security issues or flaws in the application. The password thing I mentioned was an UI / UX thing.

1Password is doing the best they can. While I don't appreciate subscriptions for software that are important to the user, I still buy software with that method of payment. Like I do with Kagi search. What do in life other than complain about everything between Heaven and Earth. If not the weather, then computers, software and squeaky shoes.

 

[Squirrrrel]

I use Secrets 4 - I had been using Secrets 3 for a good while and just recently took advantage of a huge discount for a year long subscription.

It's one person developing it. To my knowledge. I probably chose Secrets (version 3) initially because it was a cheap one-time purchase when it was released some years ago.

Then I went all in and keep all my things there. It's less than ideal because I sometimes use Windows and Linux and have thoughts about the macOS eco-system and if it's the best for me going forward. For that I have to get my act together and move over to either 1Password, Bitwarden or Strongbox.



I've been trying to move to Strongbox before buying into Secrets 4, but where Secrets 3 failed was on exporting its content as something Strongbox could read. For whatever reason no amount of exporting from Secrets would be imported to Strongbox. The formatting of files is wrong.

If I decide to stay where I am, on macOS, then Secrets 4 and perhaps Secrets 5 is my go-to. Some flaws exists with Secrets 4; no 2FA sections or autofill of same. Which means that I rely on Step Two for 2FA when I use Firefox and chromium-based browsers. Not ideal either. The developer of Secrets appears to be a kind individual who, at least to me, responded to some password snafu that was going on.

Although, if he decides to act upon my asks... that's still unknown. There's not a lot of updates to Secrets 4 and there wasn't a huge amount of updates to Secrets 3 either during its lifetime. It's a quite stable app with no glaring bugs that's apparent to me. I'm also not actively looking for hardcore security issues or flaws in the application. The password thing I mentioned was an UI / UX thing.

1Password is doing the best they can. While I don't appreciate subscriptions for software that are important to the user, I still buy software with that method of payment. Like I do with Kagi search. What do in life other than complain about everything between Heaven and Earth. If not the weather, then computers, software and squeaky shoes.

You should try Bitwarden. It’s free. 10 dollars a year if you want to use 2FA. If you don’t want to pay the 10 dollars a year, you can use the 2FAS app, which is free. I wouldn’t trust all my data to an app that rarely gets updates and doesn’t have basic auto fill functionality.

 

[allan.nyholm]

You should try Bitwarden. It’s free. 10 dollars a year if you want to use 2FA. If you don’t want to pay the 10 dollars a year, you can use the 2FAS app, which is free. I won’t resist all my data to an app that rarely gets updates and doesn’t have basic auto fill functionality.

Thanks for that - I did read you comment about Bitwarden earlier. Might have to look into that again.

The Secrets password manager application does have auto fill of logins, just not 2FA auto fill. Which is a bummer. It's so common these days to have 2FA set up.
Either I'm not seeing the feature in Secrets, or it's not there at all. It's not obvious to me if it's included as a feature.

 

[Squirrrrel]

Thanks for that - I did read you comment about Bitwarden earlier. Might have to look into that again.

The Secrets password manager application does have auto fill of logins, just not 2FA auto fill. Which is a bummer. It's so common these days to have 2FA set up.
Either I'm not seeing the feature in Secrets, or it's not there at all. It's not obvious to me if it's included as a feature.

Just give them a try, honestly. I moved from 1Password and I couldn’t be happier. Bitwarden has also never had a data breach.

 

[berb]

I can't say whether I like the new icon all that much, however.

I too prefer the old logo, however it looks like 1Password lawyers weren't happy with it. From Minimalist version history:

A major competitor, whom may remain nameless, has asked us to change our logo on account of its vague similarity to their own. Apparently they are worried their customers will mistake Minimalist for a simpler version of their own product and make the switch. Imagine that!

While we disagree entirely with the assertion that anyone would confuse Minimalist with another product, we also have no desire to engage in an expensive court battle with one of the largest password manager makers in the space.
Instead we are taking this opportunity to remember exactly why we created Minimalist is the first place; to be a better password manager company!

So today we are announcing three major changes to help us get back to our roots:

1. A bold new logo! We have designed a bold new logo which uniquely identifies Minimalist amongst the countless competitors out there. And given that you'll be looking at this logo on your home screens everyday, we want your input. Please send all feedback, ideas, and/or alternative designs to hello@minimalistpassword.com .

.....

 

[Apple_Robert]

Thanks for that - I did read you comment about Bitwarden earlier. Might have to look into that again.

The Secrets password manager application does have auto fill of logins, just not 2FA auto fill. Which is a bummer. It's so common these days to have 2FA set up.
Either I'm not seeing the feature in Secrets, or it's not there at all. It's not obvious to me if it's included as a feature.

Secrets has 2FA support. Open the entry, tap edit and just under the password field, tap on the add button. You will then be given the option to add OTP.

 

[Mr. Heckles]

Just give them a try, honestly. I moved from 1Password and I couldn’t be happier.

Can we go through 1 tread without “you should go to (whatever)?” We have a 2-3 year old thread for that already. This thread is to see who is using what.

Bitwarden has also never had a data breach.

1Password hasn’t either, Secrets hasn’t either, a lot haven’t. LastPass and I think 1 other had an actual breach (I can’t remember the other one, it was years ago).

 

[allan.nyholm]

Secrets has 2FA support. Open the entry, tap edit and just under the password field, tap on the add button. You will then be given the option to add OTP.

That was easy.. I clearly haven't been paying attention/lacking the will to investigate. Thank you much.

 

[Squirrrrel]

Can we go through 1 tread without “you should go to (whatever)?” We have a 2-3 year old thread for that already. This thread is to see who is using what.

No, I’m good. Thanks.

1Password hasn’t either, Secrets hasn’t either, a lot haven’t. LastPass and I think 1 other had an actual breach (I can’t remember the other one, it was years ago).

LastPass has a breach every 5 minutes.

 

[svenmany]

I know that Apple Keychain is being listed as a choice, but it's a bit unclear what that means. The full Keychain is a pretty capable storage of secrets, though its user interface is pretty unusable. Then there's the piece of the Keychain that's maintained in System Settings. Calling that a password manager is a very generous. It's only designed to provided website passwords for the use of Apple software. I don't think you can even make a password entry without including something that is syntactically a domain name.

 

[cubbie5150]

Enpass (with lifetime license purchased a little over 2 years ago) for me.

I am not a "power" user, however most people might define that. I do *not* want another subscription (I understand why companies do this, but I care about my needs, not their theirs). I also will not use a password manager that does not allow me to store my vault locally (off anyone else's servers); additionally, Enpass lets me wifi sync between my Mac and iOS devices.

 

[maflynn]

I know that Apple Keychain is being listed as a choice

Mostly because people are using that to manage their passwords.

What the keychain offers:

• Cloud based encrypted container to hold your passwords
• Multi-device syncing (Mac/iPhone/iPad/etc)
• Autofill passwords
• Generate complex passwords
• Warning of weak and compromised passwords

How is that so different then say BitWarden?

If you don't think its a password manager or I'm being generous with that definition, then tell me what's the definition of a password manager you go by? What makes StrongBox, BitWarden or 1Password password managers but not Apple's Keychain?

 

[svenmany]

Mostly because people are using that to manage their passwords.

What the keychain offers:

• Cloud based encrypted container to hold your passwords
• Multi-device syncing (Mac/iPhone/iPad/etc)
• Autofill passwords
• Generate complex passwords
• Warning of weak and compromised passwords

How is that so different then say BitWarden?

If you don't think its a password manager or I'm being generous with that definition, then tell me what's the definition of a password manager you go by? What makes StrongBox, BitWarden or 1Password password managers but not Apple's Keychain?

It should be included as a choice.

...but it's a bit unclear what that means.

is the more relevant part of the full sentence that you partially quoted.

Probably every Apple user is storing passwords and other credentials in Keychain. Some examples for me: all my WiFi passwords and the passwords to some of my encrypted drives. This is a very minor point, though it is good to know what people actually voted for when they chose Apple Keychain. I think almost everyone assumed you meant the stuff that's visible in System Settings rather than the stuff visible in the Keychain Access application.

If people wanted the kind of functionality that's available in 1Password, then they'd have to use a combination of the two. I wonder if there are even third-party programs that provide a custom, full-featured interface to Keychain which support all the semantics and data types of 1Password.

 

[gregmac19]

Probably every Apple user is storing passwords and other credentials in Keychain. Some examples for me: all my WiFi passwords and the passwords to some of my encrypted drives...

Why do you store any of your passwords in Keychain rather than in 1Password?

Edit: I suppose it is for convenience, but I avoid trusting Apple with passwords when I can.

 

[svenmany]

Why do you store any of your passwords in Keychain rather than in 1Password?

I don't know how to use 1Password for some functionality I count on every day. For the two examples I gave, I count on certain conveniences when I boot up.

• I want my computer to connect automatically to my home WiFi. The password for the access point is kept in Keychain (I didn't choose to put it there) and my WiFi connects without any intervention.
• I want some of my encrypted drives to mount automatically. My TimeMachine backups and nightly clones are all encrypted. I could have chosen not to store the passwords in Keychain, but I do mount 9 drives and I'd find it very tedious to enter the complex passwords so many times.

Part of the problem is that I reboot every morning. Also, I think if my computer even just goes to sleep, when it wakes it has to re-authenticate with the access point to reconnect.

I also keep these passwords in 1Password to have them more generally available. For example, when I'm setting up a new user account on my Mac or sharing my guest network credentials with a visitor while I'm not on my Mac, I need this kind of information.

 

[Mr. Heckles]

I don't know how to use 1Password for some functionality I count on every day. For the two examples I gave, I count on certain conveniences when I boot up.

• I want my computer to connect automatically to my home WiFi. The password for the access point is kept in Keychain (I didn't choose to put it there) and my WiFi connects without any intervention.

Strange, I have iCloud Keychain turned off and my MacBook connects to the networks I’ve been on already without an issue.

 

[svenmany]

Strange, I have iCloud Keychain turned off and my MacBook connects to the networks I’ve been on already without an issue.

You are using a keychain; you're just not synchronizing it to iCloud. If you run the Keychain Access application and search your login keychain for your WiFi SSID, you'll find an entry with the password recorded.

Keychain Access makes it possible to work with multiple vaults (keychains) and multiple kinds of items. I've found it to be slightly buggy in that its lists will refuse to refresh with new entries. It probably doesn't get much love since people don't often use it (though they always use their keychain(s) it interfaces to).

But this might be completely off topic. I can't be sure, but I think people who say they use keychain just mean the very limited website password part.

 

[gilby101]

Why do you store any of your passwords in Keychain rather than in 1Password?

The passwords you must store in Keychain relate to passwords used for internal resources. It would be very cumbersome to store Wi-Fi and File Vault passwords in 1Password or any other password manager. Only Keychain can integrate with macOS at the level required.

Password manager apps are primarily for storing passwords relating to external resources. Managing all passwords requires at least Keychain plus another store (an app, a book or your head).

Password managers can also provide convenient storage for encrypted notes, licence keys, etc. (1P has 22 record types). Keychain does not do this.

Everyone has to use Keychain. But the voting only allows one vote - I can't vote for both 1P and Keychain. So anyone voting has, consciously or not, had to interpret the question as relating to external resources (e.g. web site passwords).

 

[gregmac19]

• I want some of my encrypted drives to mount automatically. My TimeMachine backups and nightly clones are all encrypted. I could have chosen not to store the passwords in Keychain, but I do mount 9 drives and I'd find it very tedious to enter the complex passwords so many times.

Well I don’t know how easy or hard this would be with 1Password, since I have never used the program. However, I enter the passwords for my external encrypted drives into the dialogue boxes pretty quickly with Codebook, and without the passwords ever being on the clipboard. (i.e., I don't copy and paste.) So it would be somewhat tedious with nine drives, but not horribly painful.

 

[gilby101]

Well I don’t know how easy or hard this would be with 1Password, since I have never used the program. However, I enter the passwords for my external encrypted drives into the dialogue boxes pretty quickly with Codebook, and without the passwords ever being on the clipboard. (i.e., I don't copy and paste.) So it would be somewhat tedious with nine drives, but not horribly painful.

It would be unacceptably tedious if you had to do this at every reboot. I certainly expect my drives to mount automatically. Without the automatic linkage to Keychain, I would stop encrypting my drives.

 

[svenmany]

I have some external resources that are accessed by dedicated applications. Those applications, when offering to save my credentials for their servers, typically store those credentials in the keychain. Again, I don't know if there's any way to incorporate 1Password into that. I think these various programs just use a dedicated API to keychain and that API doesn't support any pluggability for alternative password managers.

Of course, everyone is using the keychain for the TLS certificates. That allows for secure communication with external resources, like secured websites accessed with a web browser.

I do see that Keychain Access supports adding secure notes to a keychain.

But, yeah, I do think people voting for Apple Keychain don't mean they're fully using the keychain, just the limited functionality that's represented in System Settings and some auto-fill situations.

 

[gregmac19]

It would be unacceptably tedious if you had to do this at every reboot. I certainly expect my drives to mount automatically. Without the automatic linkage to Keychain, I would stop encrypting my drives.

I realize I have to trust Apple with some passwords, and I am reluctantly okay with items like WiFi passwords. However, I wouldn’t likely trust them with more critical passwords like those for encrypted drives. While I am tempted to have confidence in Apple when I read about Advanced Data Protection for iCloud, my own experience with Keychain has been less than comforting. (Ref: Post#2041 in the “1Password migrants” thread.)

Using Codebook, it takes me less than five seconds to enter the password for a single external drive when I connect it. Thus, it is an easy decision to avoid Keychain for these situations. Were I to regularly connect several drives, I’d look into creating a macro with something like Keyboard Maestro to automate the process. What I am envisioning is that I would unlock Codebook and then run the macro, as I wouldn’t want to store my master password with the macro.

 

[Macbookey]

iCloud Keychain and Minimalist in place of 1Password for almost 2 years now. Minimalist is Apple platform only and has no web component, but that works for me. It is only a matter of time before Apple creates a dedicated Password and sensitive data vault of their own. Seems like low hanging fruit at this point. That said, Minimalist has been great at replacing 1Password for stuff that iCloud Keychain cannot do on its own.

 

[svenmany]

I realize I have to trust Apple with some passwords, and I am reluctantly okay with items like WiFi passwords. However, I wouldn’t likely trust them with more critical passwords like those for encrypted drives. While I am tempted to have confidence in Apple when I read about Advanced Data Protection for iCloud, my own experience with Keychain has been less than comforting. (Ref: Post#2041 in the “1Password migrants” thread.)

Using Codebook, it takes me less than five seconds to enter the password for a single external drive when I connect it. Thus, it is an easy decision to avoid Keychain for these situations. Were I to regularly connect several drives, I’d look into creating a macro with something like Keyboard Maestro to automate the process. What I am envisioning is that I would unlock Codebook and then run the macro, as I wouldn’t want to store my master password with the macro.

What if you don't upload your keychain to the cloud? You would likely have a system drive with FileVault, with an encrypted keychain, completely local to your device. Would you only reluctantly trust that?

1Password does provide a simple hotkey so that I can enter a password in any field of any application easily. So, I guess it wouldn't be too hard to use it for unlocking drives. But, the passwords for my encrypted drives are only relevant if someone physically has my drives. It seems really over the top to resist using my keychain and and manually enter 9 passwords to my 9 drives. You say it takes under 5 seconds for one drive. I'd be cursing as I hit the 45 second mark without any good reason for suffering through it.

 

[berb]

Minimalist has been great at replacing 1Password for stuff that iCloud Keychain cannot do on its own.

I prefer Minimalist over iCloud Keychain for one reason. If someone, like a tech, has access to my Mac password or iPhone PIN they also have access to my passwords. Minimalist, or any password manager, offers that extra layer of security.

Otherwise I was happy with Apple Passwords with Safari.