Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Why Apple's Passwords app is huge security risk

J

Jtte

macrumors newbie
Original poster
Mar 30, 2018
15
16
IT consultant here.

Apple's Passwords app is a huge security risk, pontentially a disaster.

Here's why:

Unlike a 3rd-party password manager, Apple's Passwords app doesn't use a unique master password and instead uses your Mac user account password.

Any computer technician, IT dept personnel, any other admin account on your Mac (any admin can reset any user's password), scammer with remote access (common), thief who guesses or cracks your weak password (rare), familiy member or friend with your Mac's user password (common) can open the Passwords app and see and use all the passwords and open and use but not see the passkeys in the Passwords app. When biometric fails, the Passwords app asks for your Mac's password.

For example, say you take your Mac in for repair to any computer shop. They need your Mac user password to login and work on it. If you had any 3rd-party password app with its own master password, no technician could access your password vault. And if they asked for your password manager password, you'd say no! But they can access your Apple Password app with your Mac password.

The track record of computer repair shops honoring privacy is poor.
Study: "No Privacy in the Electronics Repair Industry" https://arxiv.org/pdf/2211.05824
arstechnica.com

Thinking about taking your computer to the repair shop? Be very afraid

Not surprisingly, female customers bear the brunt of the privacy violations.
arstechnica.com arstechnica.com

Imagine leaving your company Mac with your employer's IT dept. Even without your Mac password, they could reset your user password then have access to your Password app info. Under no circumstance would you normally give your employer all your passwords!

Would you give a copy of your house or apartment key to a cleaning person, roommate, dog walker or house sitter if that same key unlocked all your email accounts, banks & brokerages accounts, government accounts, healthcare and shopping accounts, social media accounts, et al.? NO! Well your Mac password is like a house key that does all that and more.

I've helped dozens of victims of scammers who tricked victims into calling them and giving remote access for technical help. The criminals either pushed a pop-up ad that looked like a computer warning ("your device is infected") or paid for Google search result ads that impersonated a tech company (e.g., XInfiity instead of Xfinity, fake Epson and fake Facebook support).

In all those cases, victims gave the scammers remote access to get help. Often, the criminal with remote access went to System Settings and fussed with settings to put on a show and make a setting change that required the Mac's password. Victims either typed their Mac password or told the scammer. Also often, the criminal with remote access started Terminal and typed showboating commands starting with "sudo," which prompts for the Mac password (no biometric option). Many victims gave their Mac user passwords to scammers to help such fake adjustments / repairs.

Not even the most naive victims I've helped would ever give a scammer or real technician their password manager's master password because there's absolutely no pretense for a real or imposter tech to ask for it. But all techs and scammers who get your Mac password also have keys to your kingdom.

Dashlane, 1Password and Bitwarden, for example, not only require a master password but offer separate 2-step verification (either only for "new" devices or every time) that uses an token-generating app instead of less-secure SMS texting. This master password should be unique, including never being your Mac's password!

If you can handle a 3rd-party password manager, stick with that instead and save yourself from possible total disaster.

If Apple allowed a separate password for its Passwords app, it'd be a safe contender. Apple already allows a separate password to lock Notes and for Screen Time, so Apple should also offer that for its Passwords app. I suspect they fear millions of tech support calls from people locked out of their Password app, though.

EXCEPTIONS: for people who don't currently use a 3rd-party password manager but use a browser's built-in password manager (Chrome, Firefox, Brave), Apple's Passwords app would be better because browsers' built-in password managers also unlock with you Mac password; plus, every couple of years hackers figure out how to steal passwords from browsers' built-in password managers (usually through a dangerous browser extension).

A 3rd-party password manager is best. For maximum security, use a 3rd-party password manager like BitWarden (w/2FA) without its browser plugin, but you'd have to copy/paste into a browser (not using the password manager's browser add-on enhances security but at the expsense of convenience; I only know one person doing this).
 
  • Like
  • Haha
Reactions: skeptech, ignatius345, eltoslightfoot and 8 others
Really excellent points. I'm embarrassed to say I hadn't thought of that extreme security implication of Apple Password's approach.

I'll add a counter to your opinion about using copy/paste. That approach is regarded by some to be the least secure way of working with a password program. The clipboard is not a secure location to store anything confidential. It's a long discussion, though. The advantages/disadvantages when comparing copy/paste with a password programs supplied transfer functionality is a complex topic. There's probably no single answer about which is best for every user.
 
  • Like
Reactions: reinem85
I guess so, but that's how it's always been. Before the Passwords app, your passwords were stored in your login keychain, which, as its name implies, was unlocked when you logged in (by your user password).

Anyone who has your login password can just open Safari and log in to whatever accounts you have the passwords saved for. Or they can go to any account you've already logged in to. Most people use gmail, and gmail keeps you logged in for a very long time. That's a far bigger security risk for almost everyone, if your device is unlocked someone can have nearly unlimited access to any of your accounts, simply by opening up your web browser (or mail app) and resetting passwords on websites.
 
  • Like
Reactions: skeptech, eltoslightfoot, macsound1 and 1 other person
You have a good point, but this isn't necessarily anything new or specific to the Passwords app in Sequoia. It's definitely a good reminder and is something to be mindful of though. Prior to the Passwords app, passwords were stored/retrieved through Keychain Access, which anyone can get into if they know your Mac's user account password. On the Windows side of things, it's the same way...you need to use your Windows' user account password to access passwords stored in Edge, Chrome, etc., even if they are synced to your Microsoft, Google, or some other account.

Apple could probably improve this, or at least give us the option to lock it down a bit more, but I think this is also one of those things where the user needs to take personal responsibility. Don't share your password, don't store personal accounts/passwords on a company-issued machine, and wipe/erase your disk first if you're taking it somewhere to be repaired.

As for scammers, if the user fell for the scam, they'll also probably fall for giving out a secondary password, providing biometric authentication, or providing a 2FA code so that the "technician" (scammer) can "fix the problem".
 
  • Like
Reactions: MacCheetah3
Jtte said:
Any computer technician, IT dept personnel, any other admin account on your Mac (any admin can reset any user's password)
Click to expand...

If an admin changes a password on a Mac, when the user logs back in the Passwords app is cleared and will not re-sync until the user re-authenticates with iCloud by typing the Apple Account password. Not the computer account password that was just changed - the actual iCloud password.
 
  • Like
Reactions: jido, mw360, eas and 4 others
doogm said:
If an admin changes a password on a Mac, when the user logs back in the Passwords app is cleared and will not re-sync until the user re-authenticates with iCloud by typing the Apple Account password. Not the computer account password that was just changed - the actual iCloud password.
Click to expand...
Oh. Well, that’s bad too, because I’d been storing my long, complex Apple iCloud password in 1Password, which I’ve migrated to Apple Password. So if I change my Mac password, I’d be locked out of all my passwords!

You’d think they’d mention this…
 
  • Like
Reactions: reinem85
Jtte said:
Imagine leaving your company Mac with your employer's IT dept. Even without your Mac password, they could reset your user password then have access to your Password app info. Under no circumstance would you normally give your employer all your passwords!
Click to expand...
Company Mac with your employer’s IT…. I don’t see an issue. You don’t put personal passwords on a company computer.
 
  • Like
Reactions: skeptech, reinem85, chabig and 2 others
Alameda said:
Oh. Well, that’s bad too, because I’d been storing my long, complex Apple iCloud password in 1Password, which I’ve migrated to Apple Password. So if I change my Mac password, I’d be locked out of all my passwords!
Click to expand...

No, only if another (admin) user changes your password. If you change it yourself then there is no additional friction with the Passwords app.
 
  • Like
Reactions: mw360, reinem85, doogm and 1 other person
I believe the reason Apple doesn't offer a different password is because doing so would inevitably have people locking themselves out of their iCloud Keychain. And if Apple did allow such and followed the security chain, if such a scenario happened, there would be no alternate way to regain access to the passwords.

All the app did was make the iCloud Keychain more accessible. Security 101 hasn't changed.

If one takes a Mac to Apple or some other third party repair place, one should backup personal files, wipe the drive, and set up a temporary admin account.

What really should be taught here, is proper account safety protocol of one's Mac, iPhone, iPad, and Apple Account. If that isn't the focus, having a different password option for the Passwords app is moot (generally speaking).

I have the Passwords App set to use Biometrics.
 
Last edited:
Alameda said:
Oh. Well, that’s bad too, because I’d been storing my long, complex Apple iCloud password in 1Password, which I’ve migrated to Apple Password. So if I change my Mac password, I’d be locked out of all my passwords!

You’d think they’d mention this…
Click to expand...
dotnet said:
No, only if another (admin) user changes your password. If you change it yourself then there is no additional friction with the Passwords app.
Click to expand...

Also, all it requires is re-authentication to iCloud (your Apple Account) to have the passwords sync back (assuming that you have iCloud Keychain sync enabled.)

I was responding the OP's message that all it would take is for an attacker to change your Mac account password to get access to all of your passwords in the password app. It would not - they would also need your iCloud / Apple Account password.

I have used 1Password for quite a while (2007-2009, when I switched to LastPass when I bought an Android phone and 1Password for Android was read-only, then back to 1Password in 2015-ish when LastPass was sold to LogMeIn - I knew that was bad news), but I am contemplating switching to Apple's passwords app - I have no need for cross-platform anymore, but the most critical reason is that my wife (and kids) would have a hard time, I think, if I died if I stay in 1P, but they understand Apple's passwords really well - plus I am able to share some accounts with my wife (and a couple with my kids) from the Passwords app.

I understand the risk of having passwords locked simply with a device passcode, but Apple did think a lot about some of these attack vectors (such as someone changing a password on a Mac for another account) and seem to have reasonable precautions. For years before the Apple Passwords / iCloud Keychain, the system keychains on a Mac account in OSX / MacOS were also protected in a similar way - you could change the password of another account, but the keychains were still encrypted with the original account password, so you wouldn't be able to access keychains if you stole access to an account.
 
  • Like
Reactions: Wizec, dotnet and chrfr
doogm said:
Also, all it requires is re-authentication to iCloud (your Apple Account) to have the passwords sync back (assuming that you have iCloud Keychain sync enabled.)

I was responding the OP's message that all it would take is for an attacker to change your Mac account password to get access to all of your passwords in the password app. It would not - they would also need your iCloud / Apple Account password.

I have used 1Password for quite a while (2007-2009, when I switched to LastPass when I bought an Android phone and 1Password for Android was read-only, then back to 1Password in 2015-ish when LastPass was sold to LogMeIn - I knew that was bad news), but I am contemplating switching to Apple's passwords app - I have no need for cross-platform anymore, but the most critical reason is that my wife (and kids) would have a hard time, I think, if I died if I stay in 1P, but they understand Apple's passwords really well - plus I am able to share some accounts with my wife (and a couple with my kids) from the Passwords app.

I understand the risk of having passwords locked simply with a device passcode, but Apple did think a lot about some of these attack vectors (such as someone changing a password on a Mac for another account) and seem to have reasonable precautions. For years before the Apple Passwords / iCloud Keychain, the system keychains on a Mac account in OSX / MacOS were also protected in a similar way - you could change the password of another account, but the keychains were still encrypted with the original account password, so you wouldn't be able to access keychains if you stole access to an account.
Click to expand...
That’s a little confusing, but I do trust that Apple takes security very seriously. They realize that they operate an ecosystem which, if hacked, gives attackers access to people’s bank accounts and 401K’s, credit cards, mortgage files, online identication, and more.


This is why, if I provide my Mac to a repair person who needs the machine’s login password, I don’t want that action to also give them access to, say, my Citibank checking and savings accounts, right? It is still unclear to me how well my data would be protected in that scenario. Using 1Password, I have a machine login password and a separate passsword which unlocks all of my other passwords, including my email and iCloud passwords. I think it’s a good idea to keep these passwords separate, especially since the information is shared between the computer and the phone.

Apple Passwords is a 1.0 release. It’s great for a 1.0 release, but I think it still needs some improvements, and the ability to separate these two passwords is one of them.
 
Alameda said:
This is why, if I provide my Mac to a repair person who needs the machine’s login password, I don’t want that action to also give them access to, say, my Citibank checking and savings accounts, right?
Click to expand...
Whenever I set up a new machine, I always create a separate admin level account and password if there is some reason why a repair person needs to log in to the machine.

That said - it's been a while since I needed a Genius Bar appt for a Mac, but I believe that they do not need a user account/password in order to diagnose and repair a Mac.

Also you can log in to your Apple Account at https://account.apple.com and remove the Mac from the list of trusted devices, which would, again, require a reauthentication to iCloud before passwords would show.

Alameda said:
Apple Passwords is a 1.0 release. It’s great for a 1.0 release, but I think it still needs some improvements, and the ability to separate these two passwords is one of them.
Click to expand...
Well, iCloud Keychain has existed for quite a while, though passwords were stored in the Safari settings rather than a discrete app. I think that the app is well past 1.0. But I agree that it could use more features:

- Secure notes

Discrete, non-password data entries like:

- Software licenses
- IDs, like passport information and any other government ID.
- Bank account information

And, sure, the ability for advanced users to set a discrete "master" password for the password app that is different from the device password, apple account password, etc.
 
  • Like
Reactions: bhodinut and reinem85
Apple_Robert said:
I believe the reason Apple doesn't offer a different password is because doing so would inevitably have people locking themselves out of their iCloud Keychain.
Click to expand...
Yes, it's probably the right decision. FWIW Apple allows you to optionally turn on Advanced Data Protection for your Apple Account and iCloud data - I have - and if I lost the key, Apple could not help me.

So, sure, the default could be use biometrics with device passcode fallback, but allow people to optionally change the authentication, with all of the relevant warnings.

I'd love this.

We are still at the beginning of the passwords app, and way early in the transition to passkeys. Apple has plenty of time to develop hardening for users who want it. I hope they do.
 
  • Like
Reactions: reinem85 and Alameda
Jtte said:
IT consultant here.

Apple's Passwords app is a huge security risk, pontentially a disaster.

Here's why:

Unlike a 3rd-party password manager, Apple's Passwords app doesn't use a unique master password and instead uses your Mac user account password.

Any computer technician, IT dept personnel, any other admin account on your Mac (any admin can reset any user's password), scammer with remote access (common), thief who guesses or cracks your weak password (rare), familiy member or friend with your Mac's user password (common) can open the Passwords app and see and use all the passwords and open and use but not see the passkeys in the Passwords app. When biometric fails, the Passwords app asks for your Mac's password.

For example, say you take your Mac in for repair to any computer shop. They need your Mac user password to login and work on it. If you had any 3rd-party password app with its own master password, no technician could access your password vault. And if they asked for your password manager password, you'd say no! But they can access your Apple Password app with your Mac password.

The track record of computer repair shops honoring privacy is poor.
Study: "No Privacy in the Electronics Repair Industry" https://arxiv.org/pdf/2211.05824
arstechnica.com

Thinking about taking your computer to the repair shop? Be very afraid

Not surprisingly, female customers bear the brunt of the privacy violations.
arstechnica.com arstechnica.com

Imagine leaving your company Mac with your employer's IT dept. Even without your Mac password, they could reset your user password then have access to your Password app info. Under no circumstance would you normally give your employer all your passwords!

Would you give a copy of your house or apartment key to a cleaning person, roommate, dog walker or house sitter if that same key unlocked all your email accounts, banks & brokerages accounts, government accounts, healthcare and shopping accounts, social media accounts, et al.? NO! Well your Mac password is like a house key that does all that and more.

I've helped dozens of victims of scammers who tricked victims into calling them and giving remote access for technical help. The criminals either pushed a pop-up ad that looked like a computer warning ("your device is infected") or paid for Google search result ads that impersonated a tech company (e.g., XInfiity instead of Xfinity, fake Epson and fake Facebook support).

In all those cases, victims gave the scammers remote access to get help. Often, the criminal with remote access went to System Settings and fussed with settings to put on a show and make a setting change that required the Mac's password. Victims either typed their Mac password or told the scammer. Also often, the criminal with remote access started Terminal and typed showboating commands starting with "sudo," which prompts for the Mac password (no biometric option). Many victims gave their Mac user passwords to scammers to help such fake adjustments / repairs.

Not even the most naive victims I've helped would ever give a scammer or real technician their password manager's master password because there's absolutely no pretense for a real or imposter tech to ask for it. But all techs and scammers who get your Mac password also have keys to your kingdom.

Dashlane, 1Password and Bitwarden, for example, not only require a master password but offer separate 2-step verification (either only for "new" devices or every time) that uses an token-generating app instead of less-secure SMS texting. This master password should be unique, including never being your Mac's password!

If you can handle a 3rd-party password manager, stick with that instead and save yourself from possible total disaster.

If Apple allowed a separate password for its Passwords app, it'd be a safe contender. Apple already allows a separate password to lock Notes and for Screen Time, so Apple should also offer that for its Passwords app. I suspect they fear millions of tech support calls from people locked out of their Password app, though.

EXCEPTIONS: for people who don't currently use a 3rd-party password manager but use a browser's built-in password manager (Chrome, Firefox, Brave), Apple's Passwords app would be better because browsers' built-in password managers also unlock with you Mac password; plus, every couple of years hackers figure out how to steal passwords from browsers' built-in password managers (usually through a dangerous browser extension).

A 3rd-party password manager is best. For maximum security, use a 3rd-party password manager like BitWarden (w/2FA) without its browser plugin, but you'd have to copy/paste into a browser (not using the password manager's browser add-on enhances security but at the expsense of convenience; I only know one person doing this).
Click to expand...

Starting with macOS Sequoia (v15), the same risk exists in 3rd-party password managers that have fingerprint biometric enabled, e.g., Dashlane. So it's vitally important to disable macOS Dashlane's biometric login (and probably other 3rd-party password managers that can use the fingerprint reader). In Dashlane: "More," "Open the app," "Settings," "Security," "Biometric" (disable it). Note that on iOS and iPadOS, Dashlane falls back to asking for your master password when FaceID fails (this is good); it doesn't fall back to asking for your iPhone / iPad passcode (used to unlock your iPhone or iPad). So biometric (FaceID) on iOs and iPadOS still work as desired.

Detail: on a Mac running macOS Sequoia, if Dashlane in Chrome has biometric unlock enabled, a fingerprint prompt appears when starting Dashlane in Chrome. If the fingerprint works, Dashlane opens, as expected. But if the fingerprint fails, a prompt appears for the Mac's password, not Dashlane's master password, as was the case before macOS Sequoia. I confirmed this with Dashlane tech support over numerous exchanges. They confirmed it started with macOS Sequoia.

Anyone with your Mac's user password can unlock Dashlane after the fingerprint fails. This is probably the same behavior in other macOS 3rd-party password managers, which would also rely on macOS to handle the fingerprint reader.

After disabling biometric unlock within Dashlane in Chrome, go to the Mac's Passwords app and delete the passkey it has for Chrome for Dashlane. If you can't tell which one, I recommend deleting all the passkeys listed for Chrome.

Disable biometric login in Dashlane, then Dashlane always requires its master password and never falls back to asking for your Mac's password to unlock it.
 
Jtte said:
Anyone with your Mac's user password can unlock Dashlane after the fingerprint fails. This is probably the same behavior in other macOS 3rd-party password managers, which would also rely on macOS to handle the fingerprint reader.
Click to expand...

That is not the case with 1Password. If biometrics fails you must use your 1Password password, not your macOS password.
 
  • Like
Reactions: Brian33
This is entirely moot and fails to consider basic threat modelling.

If someone has access to your non-keychain based system through a password then they can install a keylogger which can steal passwords for your other keychain system which requires an entered password.

The objective of the biometric ID is to authenticate you without typing a visible credential in thus exposing you to over the shoulder attacks.

The hypothetical vector where a repair shop asks for your password and you hand it over is the problem. You broke your own trust model. The OP's point is moot because what you need to protect is your data and system integrity both of which are protected only by the password anyway. And the latter can be leveraged to obtain the keychain data.

When I take something into the Apple Store, for say battery replacement or repair, the device is ALWAYS erased beforehand and not signed into any Apple accounts and has no credentials on it at all.

Source: actual professional in this field.
 
cjsuk said:
The hypothetical vector where a repair shop asks for your password and you hand it over is the problem.
Click to expand...

This is not hypothetical since people do it. And probably the simplest attack would not involve a repair person installing key logger software. They would likely just open the password program and export all the entries to a file on a thumb drive. Adding friction to that seems quite important to those people who don't have a "trust model" in mind and just hand over their computer account's password.
 
svenmany said:
This is not hypothetical since people do it. And probably the simplest attack would not involve a repair person installing key logger software. They would likely just open the password program and export all the entries to a file on a thumb drive. Adding friction to that seems quite important to those people who don't have a "trust model" in mind and just hand over their computer account's password.
Click to expand...

I think you missed the point a little.

OP suggested using a third party password manager. If your user account is compromised, which the very nature of handing a computer and a password to someone else does, then your third party password manager is compromised as well.
 
cjsuk said:
I think you missed the point a little.

OP suggested using a third party password manager. If your user account is compromised, which the very nature of handing a computer and a password to someone else does, then your third party password manager is compromised as well.
Click to expand...

It's possible I missed your point.

But just to give a better sense of the danger I see, I'll describe two situations. It might influence your thinking on this topic. I do respect your experience in this.

If I give my account password to a sophisticated adversary, they take the time to install some malware which might be successful in its functioning, I resume the use of my computer without taking some precautions before accessing the third-party password manager, the malware is successfully communicates my activities to its server, then my passwords are compromised.

If I give my account password to a common repair person, they open up Apple Passwords, they copy the passwords to a thumb drive, then my passwords are compromised.

I suspect the second situation is an order of magnitude more likely and dangerous than the first, with respect to the safety of my passwords.

I would never give a password that can unlock my disk to anyone that I don't thoroughly trust. Many people would. For example, some people might think they don't have anything sensitive on their computer, but forget that logins have been accumulating silently in Apple's Passwords app. If in some weird scenario I had to give such access to someone, it's nice to know that I could reset my computer after regaining exclusive control to it and know that my passwords weren't compromised.
 
svenmany said:
It's possible I missed your point.

But just to give a better sense of the danger I see, I'll describe two situations. It might influence your thinking on this topic. I do respect your experience in this.

If I give my account password to a sophisticated adversary, they take the time to install some malware which might be successful in its functioning, I resume the use of my computer without taking some precautions before accessing the third-party password manager, the malware is successfully communicates my activities to its server, then my passwords are compromised.

If I give my account password to a common repair person, they open up Apple Passwords, they copy the passwords to a thumb drive, then my passwords are compromised.

I suspect the second situation is an order of magnitude more likely and dangerous than the first, with respect to the safety of my passwords.

I would never give a password that can unlock my disk to anyone that I don't thoroughly trust. Many people would. For example, some people might think they don't have anything sensitive on their computer, but forget that logins have been accumulating silently in Apple's Passwords app. If in some weird scenario I had to give such access to someone, it's nice to know that I could reset my computer after regaining exclusive control to it and know that my passwords weren't compromised.
Click to expand...

Well they can copy all your files to a thumb drive and walk off with it (this does happen).

metro.co.uk

Phone shop workers 'stole naked photos from devices brought in for repairs'

Six workers at the shop in Middleton, RI, allegedly shared naked photos stolen from female customers' phones among themselves
metro.co.uk metro.co.uk

Password are just a small part of the problem which is what I'm saying
 
cjsuk said:
Well they can copy all your files to a thumb drive and walk off with it (this does happen).

metro.co.uk

Phone shop workers 'stole naked photos from devices brought in for repairs'

Six workers at the shop in Middleton, RI, allegedly shared naked photos stolen from female customers' phones among themselves
metro.co.uk metro.co.uk

Password are just a small part of the problem which is what I'm saying
Click to expand...

Then it's probably subjective. If everything of mine on my computer were to be stolen, the content in 1Password would be almost all of my worry. The damage that can be done with my passwords is far beyond anything else that can be done with other things on my computer.

But other people keep more sensitive and potentially damaging things on their computers. Maybe this applies to your computer use and that feeds your perspective on it.
 
chabig said:
Never give your password to anyone, even a repair shop. It's not necessary.

support.apple.com

Get your Mac ready for service - Apple Support

To save time and protect your information, complete as many of these steps as you can before your Mac is serviced.
support.apple.com support.apple.com
Click to expand...

The ability to not do that is a big thing in Apple's favor with regard to the vulnerability of the Passwords app. Unfortunately it does not address the issue much, unless...

- Every Mac user is forced to read the support article, understand the importance of it and the implications of not following the guidance.

- Every Mac user has sufficient confidence to disagree with a repair person who says they need the password to solve a particular problem and every Mac user has access to a repair person willing to solve a problem without the password.

- Every Mac user is only requesting hardware service or has sufficient expertise to reproduce their problem on a test account (if even possible).

- Every Mac user only uses the Passwords app on computers they control (e.g. no work computers).

- Every Mac user only uses the Passwords app on Apple hardware.

A less serious issue exists on Windows if you use a PIN for Windows Hello. That PIN (which I used to log in to Windows) allowed me to unlock the Passwords app. I have no idea what is required in the Windows world with regard to giving credentials in order to solve hardware problems. The workaround on Windows is to never give anyone the PIN, but instead give the normal userid and password. A unthinking user could easily make a mistake and given the PIN rather than password.

If a Passwords app user gives their login credentials to someone else, then they've given their passwords to that person. I did a little research regarding the hazards of that with regard to investments kept at the major brokerage houses. None of them will protect you if you have not safeguarded your credentials. You could lose all your money with no way to recover it. In general, I don't believe SIPC insurance or FDIC insurance covers you for this kind of theft. And, forget about your crypto.

The more I think about it the more my breath is taken away when I think about my passwords being compromised. My passwords are orders of magnitude more important than the stuff safeguarded by my login credentials.

Before the dedicated app, the use of Keychain was less serious. People just casually used Keychain to capture browser logins. Introducing the Passwords app encourages people to put more stuff in Keychain than they had before and exposes them to far greater risks.

The Passwords app is dangerous when used by unsophisticated users. The Passwords app is simplified to cater for unsophisticated users. This is a very bad mix and I have no doubt that there will be people who will suffer from it. The OP's post is an important one.
 
  • Like
Reactions: Brian33
svenmany said:
Then it's probably subjective. If everything of mine on my computer were to be stolen, the content in 1Password would be almost all of my worry. The damage that can be done with my passwords is far beyond anything else that can be done with other things on my computer.

But other people keep more sensitive and potentially damaging things on their computers. Maybe this applies to your computer use and that feeds your perspective on it.
Click to expand...

This is not subjective.

It is entirely standard off the shelf security posture.
 
cjsuk said:
This is not subjective.

It is entirely standard off the shelf security posture.
Click to expand...

Perhaps I'll get Agile Bits take on this using their forums. I suspect they don't adopt a standard off-the-shelf security posture since it would likely be obsolete. Something like "hey, if someone has the credentials to access my naked photos and other documents, might as well let them have my passwords" is probably not the way they think about it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back