iCloud Keychain vs 1Password or Lastpass

Currently, I save my password info on both iCloud Keychain, and on 1Password. However, one is free, and the other is not. I am wondering that, for someone who needs a password manager for just credential and credit card details management, should I really continue paying for 1Password, or should I just completely switch to iCloud Keychain? Especially with the latest iteration of password implementation on iOS 12, I am even more confused in justifying why I should continue to pay for 1Password, other than the scenario when I might intermittently use an Android phone.

Help me take a decision?

3 Likes

If you aren’t sharing logins with other people or with non-Apple devices, and you aren’t using 1Password to store secure documents/notes/etc., then you are probably fine with Keychain.

But 1Password provides all those other things, and will get a lot of the easier integrations with iOS 12.

4 Likes

I generally think ciaran summed it up well. But I’ll add one other. 1Password has the ability to generate the codes required for 2 factor authentication. You should consider using 2FA and hence may want to consider keeping 1Password.

2 Likes

Nope. I don’t have any kind of login information that I might need to share with someone else, AND that person also has 1password subscription.

I archive all information about my whole life on Evernote, and it is already secured behind 2-FA.

I agree. But then, even iCloud Keychain has become so much better with iOS 12!

All the services that I use, have been set up using Google Authenticator, which is again free. Could you see any reason why I might want to favour 1Password over Google Authenticator?

I started off using Authy and switched to 1Password. 1P has one small advantage because if you use it to login to a site on a Mac it places the 2FA code on the clipboard so you can just paste it in without opening another app. Currently on iOS that doesn’t work so there isn’t any real advantage other than needing one less app. Not sure if this will change in iOS12.

4 Likes

I use 1Password, Apple Keychain as well As Authy. Sounds like you guys are saying I could be using 1Password to replace Authy - is that correct? Any links to docs on that process?

On the iPhone 1 password edit a password, then create a one time password. You can scan the QR code from there.

I agree it is not obvious but is very useful

Watchtower, which informs you about breaches of your account and helps you to improve your security, is another nice 1Password feature.

1Password also has a feature called Travel mode, wherein it temporarily removes sensitive information on your 1Password account on your physical device in case someone wants to take away your phone. Haven’t used it, but it’s nice to hear 1Password has it.

I still cannot find a use-case when I need a password manager other than Keychain. All my passwords were generated with it, I only use Apple devices and it works perfectly in all the apps and websites which I use.

I kind of feel sorry for 1P, but reading this I really don’t see a reason to keep spending money on it.

I’m a long time user of Evernote too, but I don’t use it to store anything sensitive like SSN, Tax Returns, etc. 2Factor helps secure the login, not the data at rest. BTW, EN now stores its data on Google which I consider a plus .

I like that 1P is cross platform. I use it on Mac, IOS, and ChromeOS and I can access it from any computer with a browser if needed.
Bottom line, if you are happy using Keychain it should serve you well. I prefer to spend a dime a day for 1P

Why not look at Bitwarden? It’s free, open sourced, and works on all platforms. It’s not as polished as 1Password but sure is close.

The fact that it is all in the same app has some benefits. 1Password, for instance, will copy the one-time-use code to your clipboard automatically when you use it to fill a password on the web. Pretty slick!

I don’t deny the benefit at all. I’m just wondering that the differentiation is enough to pay for the yearly subscription :stuck_out_tongue_closed_eyes:

For my response I was specifically answering a question you had on Authenticator vs 1P. If you don’t gain enough advantage, then don’t use 1P. Easy!

After 1Password went to a subscription model, I tried an experiment using only Apple’s Keychain as my password manager. After about 2 months, I found I was not using 1Password at all, so I basically deleted it from all my devices. Now I use Keychain exclusively.

One think I did like about 1Password were the secure notes for credit card info, travel documents, software licenses, etc. However, in my new setup, I’ve simply generated secure Apple Notes for each of the secure categories I previously used with 1Password. Works great, everything syncs, and no subscription.

1 Like

How do you like Bitwarden? Anything lacking you wish it had?

I still use 1Password for my main password manager and Bitwarden as a secondary one or my go-to for someone looking to get into password managers but don’t want to spend money.

Here are the reasons why I stick with 1Password

  • Word Passwords.
  • Gets password changes and creating new accounts a bit better with the popups to save.
  • Watchtower is better, but Bitwarden does have where it checks to see if your password has been compromised like 1Password.
  • More options than just remembering passwords.
  • Emergency PDF.
  • Simpler shortcut, 1Password is cmd+\ where Bitwarden was 3 keys instead.
  • 1Password is better looking and more polished.
  • I like the idea of secret key better. It’ll hold up better to brute force attacks if their servers ever get compromised.
  • Sharing passwords seems simpler.

I do like how Bitwarden has the password generator right in front of the plugin where 1Password feels like it hides the password generator. Also, the free version is all that most people need and the upgrade to premium is the cheapest around too. It’s open source too. I also like the thought process that Bitwarden uses when creating a new account that you can watch here https://youtu.be/dBPfr7Jiddw?t=2m50s This just seem like this is how it should be done in every password manager.

1 Like

If you’re 100% within the Apple ecosystem and don’t need to share password with others, then iCloud Keychain is good enough.

If needed, you can couple it with Google Authenticator or Authy for your 2FA codes.

And as @tgara mentioned, you can use password-protected notes for other items, like security questions for instance.

There are two caveats regarding the security of iCloud Keychain.

1. Password strength

Passwords generated with iCloud Keychain follow a predictable pattern: 4 strings of 3 characters (mixed digits, lower and uppercase letters) separated by dashes.

If an attacker knew you’re using iCloud Keychain, he/she would have an edge and the real strength of the password would then be similar to a 12-long mixed digits, lower and uppercase letters without symbols. It’s still good but not as good as a totally random 15 characters long password mixing digits, lower and uppercase letters with symbols.

2. Auto-fill

There is inherent vulnerability for password management systems when Auto-fill is enabled.

It’s possible to disable it for Safari on both iOS and macOS, but then iCloud Keychain becomes less attractive because one loses the suggested password option and needs to manually copy/paste passwords when logging into websites.

Not sure if iOS 12 and macOS Mojave will be better in this regard.

Hope this helps!