The Problem with Passwords

I have decided to take on the arduous task of finally changing all my passwords to use “strong” passwords in Keychain, and then place in 1Password as a backup. I like the printout 1Password gives you when you print a physical copy, and I have a family account for free through Eero+ so I figured what the heck!

Some of the problems I have ran when changing passwords via Keychain is that it doesn’t always realize I am changing my password and won’t auto save it. I’ve ran in to a couple times where I will change my old password to one that Keychain suggests, close out of the screen, and realized Keychain didn’t save it. :man_facepalming: My solution to this has been to copy the password prior to closing out the page and ensuring that it’s saved correctly in Keychain.

I feel like my solution is an extra step that doesn’t need to be there. Has anyone else had this issue and found a better solution?

I always list the old and new password in the notes field of 1PW when making a change. :+1:

I haven’t used Keychain for several years and deleted the handful of passwords that were left after seeing the WSJ iPhone passcode story.

1 Like

Which story is that?

1 Like

I’m not at my Mac to confirm but I heard over at Podfeet that 1P automatically saves your history, so if you mess up and lose your “new” password, it’ll be in history.

1 Like

I did this recently, but using 1Password rather than Keychain. Although it was still tedious, it’s much easier doing it in 1PW. It also maintains a password history in case anything goes wrong.


I’m in the market for a new password manager myself after many years on LastPass. I have had the exact same issue with LastPass many times - using the suggested password, but then not having it reflect as updated for the site.

I am now testing 1Password, and both the setup and import was surprisingly simple so my initial feeling is positive.

Still on the free trial period, but if I don’t run into any specific issues, I guess I’ll stay with it. Seems the general consensus in this forum that 1Password is a good option. As I need a Family Plan, I’m hoping that 1Password will be sufficiently automagic for my not-so technically inclined family members.

Other options I have looked at, but not yet tried, include Bitwarden, Dashlane and Nord Pass. Probably all good options too.

This is very timely, I have just gone through and enabled 2FA on all my accounts that allow it (as suggested in 1Password), I have also addressed all passwords that were not Strong or better.

I then went through Apple Keychain and was surprised at the number of accounts that I had which still used the same simple (and compromised) password that I was using before I started using 1Password.

I am contemplating moving away from Keycain and just using 1Password. I have now also bought some YubiKey 5 security keys so will be updating my 2FA to use that rather than the code in 1PW.

This is a bit of a rabbit hole though, as I am now looking at setting up a separate email address for which I can create aliases and then use this to signup for non-important sites (e.g. That way I can slowly remove junk from my main email account.

You can take this even further and create a separate persona with his/her own phone number, email address and then use this info when rather than your own when signing up to non-important sites.

I have been watching videos by AllThingsSecured and I think I might be getting a bit paranoid.

If you already use Fastmail (or are willing to start paying for their -excellent- service), there’s even a better option:

Thanks for the suggestion, I currently have a legacy Google Workspace account through which I manage my email accounts for both me and my family, its free, so to migrate everyone across to Fastmail would be quite costly.

I cannot stronly recommend this combo (1p and fastmail) enough, I may have only 300 masked email accounts created and I disabled about 10 already since the combo was introduced

one side benefit of using masked email is that I can go to multiple trials of services and apps if my first trial needs extension for more thoughour testing

Normally you do not need services like Fastmail to mask your address, if you do not want to also send Mails with this address (which I think would be rather seldom).
You only need an Mailprovider, where you could setup a CatchAll-Adress like *, and let all mail that has no own Mailbox just be catched by this address. This also has the benefit, that if your name was written wrong the Mail still show up inside this CatchAll, and if it is important, it is not lost due to a wrong name in front of the “@”.

You’re right. When I switched to 1Password, in '08, I continued my habit of keeping a manual password history and missed the fact that it does it for me.

Thanks, I guess you can teach an old dog a new trick. :grinning:

Indeed. However, Masked Email by Fastmail has at least 2 nice extra features:

  1. Mail to a specific masked email address is marked as such (icon & label), making it easy to do discover whether an address has been “leaked” (if the purpose/sender differs from your chosen label).
  2. Mail to a leaked masked email address can easily be blocked (individually).

Both could be easily solved with Rules within Apple Mail.

Feeling the same, but not only with Keychain. Even when I was using 1Password I never got 100% of my password updates correctly. I believe that can also be due to the way some websites use HTML&JS tricks in password forms.

After migrating from 1Password, I use Strongbox as my main password repository and use Keychain as a “cached”, more convenient version. If I can’t login with Keychain, I should have updated the password and have the correct on in Strongbox.

Both could be easily solved with Rules

For the second that should not be hard indeed, but how would you do the first?

(Curious; opportunity for me to learn)

Each Mail from a specific sender is by a Rule directed to a Folder with the senders name. So, if there is anything inside of this folder, that is not from this sender, it is SPAM, and illegal as I always take care to give my address only to those, who promise not to sell them or spread them otherwise.
I have a TextExpander snipet, that directs the illegal Mail more or less automatically to the responsible Authority for Privacy Protection (Data protection officer).

Ah, yes, did not occur to me because I have one single folder (“Archive”).

(Fastmail Masked Email works pretty good for that and I already used their service before they introduced this feature)

I think all of these concerns could be alleviated if we were able to pick the password for each individual app, even when using biometrics. I’m sure this wouldn’t be a hard thing to implement.