That is what I was referring to. My assumption is that because one is able to log into one’s account through the web, the account might be vulnerable to that type of attack. I readily admit, however, that I know very little about such security issues and am completely out of my depth. 
1 Like
For that issue, the only solution is to not use any kind of cloud storage solutions at all. You can limit your data to just reside on your local devices. Just encrypt it and secure it with a strong password. Have backup strategy in place.
1 Like
I remain attached to 1Password and pay the price. I use it rather broadly for storing lots of “information” that I want to be secure. My neighbors garage door opener code. Old relatives whose devices I end up supporting — I store some of their passwords in 1P. All my Passport information and a picture of the Passport. The codes and serial number and date of purchase and WiFi code of the cellular modem that I bought recently. I know that you can store this kind of thing in Apple Notes or wherever but I just religiously enter this kind of info into 1P and then it is available on all my devices and the parts of the information that should be protected are protected and other relevant information is stored in the same location.
3 Likes
Indeed!
Quote from an older 1Password Security Design White Paper:
Data is only encrypted or decrypted locally on the users’ devices with keys that only the end users possess. This protects the data confidentiality and integrity from compromises during transport or remote storage.
1 Like
This might be fueled by Anthropic’s Mythos, which is dangerous according to some and just a marketing trick (before their IPO) according to others.
Two examples from both sides of the spectrum:
- Mozilla claims they solved 271 vulnerabilities using Mythos
- The curl maintainer was not impressed by the single vulnerability that Mythos found in curl
1 Like
It might be the other way around?
For Apple this is just a (small) part of their business/focus, but for a smaller company as 1Password security is the core of their business. Those companies are out of business when they get hacked.
(Although people are still using LastPass, which got hacked multiple times…)
4 Likes
Same. Easily the best Ive tried. Local storage, tonnes of neat tricks but with the super durable keepass vaults underpinning it, which makes backing up and recovery a doddle.
1 Like
IMO the greatest threat to a password manager is a user that gets tricked by a phishing scheme. Or who downloads a program containing malware.
And since most people log into their Macs using an admin account any malware or misconfigured AI program etc. will have full access to everything.
2 Likes
You may be right, but by all indications, Apple takes privacy and security very seriously, not as an afterthought. As to LastPass, I assume based on the fact that they were hacked several times that their approach to security is fundamentally different than 1Password’s?
Either way, I’m comfortable with Apple Passwords. I’m assuming that my passwords are equally protected in either 1Password or Apple Passwords.
1 Like
I agree; that is the likelier risk. While I do not wish to be so arrogant or foolish as to assume I could never fall for a phishing scam, I believe it unlikely. I never click links in unsolicited emails or text messages, I always navigate directly to vendor sites, and I do not answer calls from numbers outside my contacts. I block every unknown phone number and text, and I route all unsolicited emails to the Junk folder. I never provide sensitive information by text, email link, or phone call. For vendors who require an email address, I use a designated “junk” account; when a phone number is required, I provide a Google Voice number reserved for that purpose. I have 2FA enabled on every account that offers it, and I use a different complex password for each account. Our family also has a private code to use should we ever receive one of those calls or texts claiming a family member is in some sort of trouble.
In short, I operate in a state of constant paranoia. 
Notwithstanding that vigilance, I recognize that no one is entirely immune to the most sophisticated phishing attempts. 
3 Likes
“Even a paranoid can have enemies”
- Henry Kissinger 1973
2 Likes
I have found Apple Passwords to have gotten better in the past several years. I can create passwords and they update since Apple Passwords uses iCloud. I have noticed that sometimes passwords don’t update properly if Passwords couldn’t figure out the account being used (rare, but happens enough for me to note it).
A positive is that if you’re in the Apple ecosystem, it functions similar to 1Password (I can share passwords with people, for example I have a shared work one). Passkeys are frictionless, as are 2FA keys (a feature I WISH was more automatic, but results in me needing to either scan the code with my iPhone, or manually enter into Passwords.).
I’m trying to get used to Apple’s password system to save on the monthly fee. So far, it’s been an adequate switch, but I do miss the special note feature.
2 Likes
I’m experimenting with a self-hosted Bitwarden/Vaultwarden solution for a few months and while I still think their macOS app is a bit uglier, but it looks less bloated than 1Password.
Their iOS app is fully integrated with iOS and iPadOS. And I
I’ve chose Bitwarden because of the non-website-password entries (credit card numbers and bank accounts with multiple passwords) that Apple Passwords don’t handle as well.
So it’s a bit less polished on the looks, but works great.
I’m yet to move my family next month. By then, I’ll be able to share how did it handled shared vaults and other stuff like that.
2 Likes
This is a note in Password, I use the username as a tag so it is searchable. I also keep credit cards and drivers license in password.
1 Like
That’s a good idea, there is also a “companion” app all types of secrets that Apple Passwords don’t handle natively, called Unlock.
1 Like
Switched to Bitwarden Family plan for about half the price of 1Password.
Might not be as polished, but works quite well.
1 Like
What’s the deal with “signing in through Apple” or “signing in through Google.” ? Is that a good thing or a bad thing? It feels creepy to me but the fact that Apple is offering it as an alternative to Apple Passwords makes me wonder what the heck is going on? Is it really a safe alternative? How can that be? Still keeping 1P but using Apple Passwords and some passkeys. Am I safe? Who knows? Anyone? Opinions please!
1 Like
This is apps avoiding having to create a secure login process and allowing Apple or Google to verify who you are.
1 Like
Not just your opinion, I’m afraid. We are the biggest risk to our own security.
1 Like