Why do some people do not like Keychain?

iJest · Aug 1, 2023

Mr. Heckles said:
At least Australia is upfront…. did you forgot how the US government was spying on the U.S. people, and you think that changed? The US isn’t any better that Australia, seeing both are past of 5 Eyes. Fastmail has offices and servers in the US also.

I also have an @me, but at least I can get into my email and passwords if I get locked out of my Apple ID. Something I see a lot on Reddit.

I also have Tutanota for email too.

Any country that is part of the 5 eyes (I believe it's 14 eyes now) is pretty much void of privacy. I'm just saying ... use the service that you want, but most of these companies are only offering the illusion of privacy. I care more about spam than I do privacy ... to an extent. Which is why I'll never use Gmail. Everyone I know that has Gmail seems to have at least 10,000 unread messages in their inbox. That would make me twitch.

Mr. Heckles · Aug 1, 2023

iJest said:
but most of these companies are only offering the illusion of privacy.

just like Apple…

iJest said:
I care more about spam than I do privacy ... to an extent. Which is why I'll never use Gmail. Everyone I know that has Gmail seems to have at least 10,000 unread messages in their inbox. That would make me twitch.

I don’t like gmail, never have. A friend and I were talking the other day about it, now they were going to fight spam.

iJest · Aug 1, 2023

Mr. Heckles said:
just like Apple…

Yes. But they're really good at preventing spam.

Mr. Heckles said:
I don’t like gmail, never have. A friend and I were talking the other day about it, now they were going to fight spam.

These "privacy" email services do stay pretty true to their word for not sharing your email with the earth like Gmail (Outlook is just as bad) and are very good at fighting spam. Apple iCloud email is about the only one of the big tech companies that has kept my inbox squeaky clean. Google, Outlook, Yahoo, and AOL are the absolute worst.

f54da · Aug 6, 2023

I think the 2 main reasons are that it doesn't integrate well into non-safari browsers, and there's no easy way to export it, or sync to non apple devices.

In principle both these issues are solvable, all you need is a thin shim that uses keychain api and exposes a REST interface like how 1password etc. work so 3rd party extensions in Chrome/Firefox can retrieve info. Similarly you can use those same APIs to export (or use dump-keychain, or even parse the raw keychain format which is iirc open-sourced). I have not seen anyone do this though, I guess because they can't make money off it

Considering that you'd also have to write a GUI (since keychain interface is honestly not the best for searching/sorting), then you start to wonder if you're only using keychain as a DB, why not ditch it entirely and just use SQLite or something so you can then go completely cross-platform. And that is probably why.

ksgant · Aug 7, 2023

Apple_Robert said:
If your Apple ID is compromised by a bad actor, whatever is in your Keychain becomes assessable to said person.

If the KeyChain should become unaccessible due to a software bug or some other Apple problem, you won't have access to important passwords

Sometimes, Keychain fails to save a password it suggested, even though the GUI claims it did. The user won't find out until he or she tries to access the website again.

With a third party manager, I have the app locked down with a different password (and Biometrics) than my Apple ID. I am also not at the mercy of Apple with my passwords.

The same goes for OTP.

"If any password manager is compromised by a bad actor, whatever is in your password manager becomes assessable to said person.

If your password manager should become unaccessible due to a software bug or some other problem, you won't have access to important passwords

Sometimes, password managers fail to save a password it suggested, even though the GUI claims it did. The user won't find out until he or she tries to access the website again.

With a third party manager, I have the app locked down with a different password (and Biometrics) than other password managers. I am at the mercy of ANY password manager."

There, fixed some things for you. Not sure why you're just singiling out Apple when everything you listed can be applied to any password manager. You're placing your trust in a 3rd party app no matter what. There used to be a well-respected 3rd party app that went tits-up with it's security not long ago: LastPass. Not saying something like 1Password or others will also experience this, but it's possible.

ksgant · Aug 7, 2023

f54da said:
I think the 2 main reasons are that it doesn't integrate well into non-safari browsers, and there's no easy way to export it, or sync to non apple devices.

In principle both these issues are solvable, all you need is a thin shim that uses keychain api and exposes a REST interface like how 1password etc. work so 3rd party extensions in Chrome/Firefox can retrieve info. Similarly you can use those same APIs to export (or use dump-keychain, or even parse the raw keychain format which is iirc open-sourced). I have not seen anyone do this though, I guess because they can't make money off it

Considering that you'd also have to write a GUI (since keychain interface is honestly not the best for searching/sorting), then you start to wonder if you're only using keychain as a DB, why not ditch it entirely and just use SQLite or something so you can then go completely cross-platform. And that is probably why.

Apple has their own browser extensions now for Chrome/Chromium based browsers to access keychain passwords. They're working on one for Firefox as well.

iCloud Passwords - Chrome Web Store

iCloud Passwords lets you fill passwords from iCloud Keychain when signing in to websites using Chrome.

chrome.google.com

Apple_Robert · Aug 9, 2023

ksgant said:
"If any password manager is compromised by a bad actor, whatever is in your password manager becomes assessable to said person.

If your password manager should become unaccessible due to a software bug or some other problem, you won't have access to important passwords

Sometimes, password managers fail to save a password it suggested, even though the GUI claims it did. The user won't find out until he or she tries to access the website again.

With a third party manager, I have the app locked down with a different password (and Biometrics) than other password managers. I am at the mercy of ANY password manager."

There, fixed some things for you. Not sure why you're just singiling out Apple when everything you listed can be applied to any password manager. You're placing your trust in a 3rd party app no matter what. There used to be a well-respected 3rd party app that went tits-up with it's security not long ago: LastPass. Not saying something like 1Password or others will also experience this, but it's possible.

My post didn't need fixing. Nothing I said was inaccurate. The reason my post dealt with Apple is because the thread is about Apple Keychain. And if you bothered to read anything else I said in this thread, you would have seen I was balanced in my backup usage with third party apps as well. Your attempted 'gotcha' retort failed.

ifxf · Aug 10, 2023

I don’t like putting all my eggs in the same basket. If I get locked out of something, I only lose access to that service. If I use everything Apple then getting locked out that account would be a disaster. The only connected services I have is email and contacts. I even have separate accounts for the Apple device and app store.

sinango · Aug 10, 2023

coolbreeze2 said:
What is it about Keychain that people don't like so much that they are willing to pay for third-party software such 1Password, Enpass, Keepass, etc? Keychain comes with the OS. So, why pay third-party?

Sure! While Keychain on macOS is useful, some prefer third-party tools like 1Password, Enpass, or Keepass. These options often offer more features, cross-device compatibility, and enhanced security, providing a more comprehensive password management experience. So, even though Keychain is built-in, third-party software offers added benefits and choices for those seeking advanced features and convenience.

AtomicDusk · Aug 10, 2023

Apple_Robert said:
Sometimes, Keychain fails to save a password it suggested, even though the GUI claims it did. The user won't find out until he or she tries to access the website again.

Ugh this is the worst.

I can't remember how many times I've gone to update a password, use the suggested password, then log in again the next time and I have to reset it again.

And it's made even worse by the fact that when doing suggested passwords I can't copy the pre-filled (or even see the whole thing) password so I can manually validate and update if necessary.

coolbreeze2 · Aug 12, 2023

Very true!

JamesMay82 · Aug 13, 2023

Apple_Robert said:
Sometimes, Keychain fails to save a password it suggested, even though the GUI claims it did. The user won't find out until he or she tries to access the website again.

I have this all the time and it drives me mad! more so when creating a new password when I register for a new site. I do find 1password can do the same but not as often. To be safe I open the 1password app and create the log in there rather than let it autofill and save on the web page.

My other gripe is I don't like how to saves the passwords as www.macrumors.com... I'd rather it just name them as Macrumors, Facebook etc as its simpler and nicer to look at. Plus some sites it would give it long name like www.macrumors.com/start/login.. which just looks messy.. ps just using macrumors as made up example

phrehdd · Aug 13, 2023

I use 1Password and Keychain. I think many have rightly stated that there are vulnerabilities presently if one only uses Keychain. Perhaps Apple should revise Keychain so it is in fact still easy to use but a bit more secure. Items like iPhone can indeed create unintentional access for others with respect to passwords. There could be easy ways to help keep passwords safe and also easily accessible.

As for 1Password, I much prefer how it was long before the subscription model. It wasn't trying to be something for everything but simple for everyone.

maflynn · Aug 13, 2023

I'm not down on the keychain, but I think third party products like 1Password offer advantages that the keychain doesn't. And those tend to be more secure - now I'm not saying the keychain is inherently insecure but 1Password kicks it up a notch.

First, Keychain only works with apple products, I'm not even sure if it functions on Chrome. I use PCs, Macs, and iPhones. I need a solution that is seamless that works across those machines/devices.

Secondly, I'm uncomfortable having my icloud password being used for so many sensitive parts of my life. If my account is hacked, they have access to so many things, including my passwords. This is why as a ProtonMail customer, I've not switched over to the new password manager offered by Proton. Simply because having a single password for my emails, and passwords is a security risk in my eyes.

Having a completely different password for my passwords is a huge a advantage, add on the fact that 1Password requires a secure key that only you knows about is another huge plus. Finally 1Password offers reports and services to an extent that apple's keychain doesn't

Search

Search

Why do some people do not like Keychain?

iJest

Suspended

Mr. Heckles

macrumors 65816

iJest

Suspended

f54da

macrumors 6502a

ksgant

macrumors 6502a

ksgant

macrumors 6502a

iCloud Passwords - Chrome Web Store

Apple_Robert

Contributor

ifxf

macrumors 6502a

sinango

macrumors newbie

AtomicDusk

macrumors regular

coolbreeze2

macrumors 68000

JamesMay82

macrumors 68000

phrehdd

Contributor

maflynn

macrumors Haswell

Our Staff