There has been a lot of discussion about 1Password. This thread is NOT about the pros/cons of 1Password. I find 1PW to be an extremely versatile and easy to use app., which I may just continue using.
But, everything “being equal” (they never are) I’d prefer a native, non-subscription app whenever possible. This is one reason I’m experimenting with using iThoughts and OmniOutliner to replace my current uses of MindNode (which I like better than iThoughts and OmniOutliner) but I’m willing to have “good enough” to avoid subscriptions when possible. And, I’d prefer not to go to yet another third party password app., I’d prefer to use Keychain on the Mac and Passwords on the iOS.
Here is my struggle. Keychain on the Mac is adequate for my needs–not great, but adequate. But, there does not seem to be an equivalent to KeyChain on iOS. Consequently, the only thing I can create are web passwords on iOS:
Am I missing something? If not, where/how would you recommend I store documents, license keys, secured notes, etc so I have easy access to them on both Mac and iOS without resorting to a third party password app? One possibility is Apple Notes. Would you consider ANs to be secure given that:
- Notes can be locked (EXCEPT if one has a PDF in the note–a bummer)
- My computer and mobile devices require a password to access
- FileVault is enabled
- I have everything backed up via BackBlaze.
Keychain access is available on iOS/iPadOS (see here). For documents, secure notes, etc., you can use iCloud, or password-protect a Pages document, or Numbers, or, as you mentioned, an individual note in Notes.
Just use something like this-app.com as website to store non website secrets. Notes in passwords have been added in iOS 15.4 and the macOS update yesterday I think.
Yes, I’ve had that turned on but the secured notes I have in KeyChain do not show up in KeyChain (or Passwords) on iOS. I must be missing something.
Example: DEVONthink license key stored as a secured note in Keychain on the Mac:
KeyChain active on the iPhone
The only Devonthink entry showing up on the iPhone is the website login password and the option to add a note.
Why doesn’t the Keychain entry from the Mac show up in iOS?
I ditched 1Password for reasons I explained in the other thread and I try to just use Apple tools as well. (If this won’t work out I will start using the Keepass ecosystem, if you want I can explain in a longer post why).
Till now, Keychain works very well. The integration is much better than anything else, regarding passwords. I love it to unlock and autofill with my fingerprint on the Mac.
iOS 15.4 added the possibility to save notes in Passwords. So you don’t have to rely to the notes app, you can save them in iOS and MacOS Passwords section.
I don’t feel the need to store licenses in a locked password manager. What’s the worst case scenario? My license key gets stolen by a trojan horse and someone else wants to use it. I write this to the company where I bought it, they lock the key and with proof of purchase I get a new one. But this is very unlikely.
If my Mac gets stolen, they can’t access your files because of FileVault. Everything is encrypted. So I’m not that concerned about doc files either. If you have really sensitive information in doc files and you just want to store and not use them you can create a password protected zip file with Terminal.
You can also very easily password protect pdf files.
I guess this fits all your needs?
@johnkree thank you for the helpful information. The only thing I can’t figure out is why the secure note in KeyChain on the Mac does not show up as a note in either Keychain or Passwords on iOS. Is is suppose to or am I misunderstanding?
Also, you are probably right, I don’t need to securely store doc in 1PW given the other security measures in place on my Mac and mobile devices.
If you will indulge me, is there a simple way to import passwords from 1PW to Keychain/Passwords?
I followed this guide:
It just works with the passwords as much as I know. I didn’t export anything else. The license keys I had in 1PW I just copied them out of the original emails.
Regarding your problem: I don’t think that notes in keychain access will show up on the iPhone. Just notes that you write in the Passwords menu of settings.
Keychain access is a much deeper, underlying part of Password with all the root level certificates and all.
This is excellent, thank you! I owe you one.
And, this explains what I couldn’t figure out,
“However, notes stored in iCloud Keychain aren’t accessible on iOS and iPadOS. I didn’t want to adopt a solution that wasn’t available on all the platforms I use regularly.”
At least I know it wasn’t me.
Apple seems to work hard to make their rudimentary password manager better with every update. I don’t think that it will every have all the features of 1Password but it is getting closer to being enough for everyone who didn’t care about this stuff till now.
Two factor authentication that is associated with the password (effectively becoming password part one (fixed) and password part 2 (2fa)) means that the built in tools will need a fundamental rebuild to work.
I can’t see that happening in the short term. Until it does we will need a separate app/device.
I just tested with creating a new entry in the Passwords on iOS and adding a note to it. As expected, the note synced with the Passwords on macOS (preferences or Safari preferences). However, the Keychain app only synced the website, user/password combo and not the note. So my guess (and understanding) is that the newer Password system syncs on all iOS and macOS devices but the old Keychain app version syncs only basic login details. It doesn’t sync the Secure Notes part and it doesn’t even sync the comment part which is available tor passwords. The iOS notes section seems to be a replica of this comment function, intended to be used as a note to oneself about the site/account but they don’t sync.
So the only way I see this working now for all devices is to use the newer iOS Passwords or Passwords preference pane on the Mac to sync these notes. If there are too many secure notes in Keychain, I don’t know how they could be imported all in the newer system. Also the newer system seems to be almost a hack as in your example, if I have to save the licence of an app, I’d first have to create a fake website/user/password combo before I can add that note, where I’d presumably put in the licence key.
I just switched to Strongbox. they have a sale today 20% off. While they are offering a subscription I have chosen the on off lifetime licens (basically what used to be to buy a software license for indefinite use in the good old days). Strongbox is basically a convenient nice interface for the open source keepass database. It can do everything for me that one password can. I also like Bitwarden but I‘ve chosen strongbox as I have this database beneath I can always use with a variety of tools. Bitwarden looks like even easier to use as you have less options (in a positive way) and therefore it looks like it is a ready to use open source solution. I don‘t like that the data is stored and accessible in the web (which is a feature not a failure) but otherwise I‘d think this is a good choice as well specially if one needs to share passwords. Both companies behind are quite transparent in feature and comparison.
Strongbox is my second choice after Apple’s Passwords / Keychain. It’s a handful people in Europe developing it and they are very nice and eager to help. It is open source, it is easy to use but powerful under the hood and of all the Keepass likes it is the most beautiful.
I really like their new UI of the Mac app.
You can sync your vault with any cloud, by self hosting it or just locally. You choose. A privacy and security dream…
Your statement about the licensing is a bit confusion. On iOS they offer a subscription model and a lifetime license, on Mac they have just the one time payment model.
Yes, this is correct. I bought the ios version. You‘re right with the mac version.
Personally I try to build a scenario where I will use both Kexchain for plain vanilla logins and strongbox for all the rest. I have concoct with the tram via email, twitter, Reddit and I got a reply on all channels. So I had to buy something just to value this excellent service.
Based on all of the good feedback, thank you!, here is what I’m going to try.
- I will use Keychain (Mac) and Passwords (iOS) for web-based password management.
- I will store sensitive PDFs with passwords. Yes, I know it is not difficult to bypass a PDF password but my PDF’s are also on my MBP with FileVault so I believe I’m in pretty good shape.
- I will store other text-based sensitive information in locked notes in Apple Notes.
- Each month I will export all of my Apple Notes as plain text to an archive folder which is then imported to DEVONthink as another form of “backup”. I’m not using “backup” in the technical sense–just another location for the files should I need them.
- All of my files are backed up with BackBlaze and on two external drives located in two separate geographical locations. All of my files are also in iCloud.
- I will keep 1PW for one more year to ensure the migration is complete and then will unsubscribe in December of this year.
All of the above is subject to change without notification.