I use the note field in passwords as well. Also for some additional info on a certain account. It is quite handy and all where you need it when you are checking put that account.
Yet somehow with practically unlimited piles of cash and the ability to hire any kind of experts they need, Apple doesn’t manage to do everything well. Look at the history of iCloud. It’s still not as good as it needs to be after all these years.
As for Passwords, this just came out:
Specialized organizations can screw things up, too, of course. But secure password management is the central concern and focus of an organization like 1Password or Bitwarden, all the way up to the CEO. The same can’t be said of the Passwords app’s place in the grand scheme of the Apple corporation.
Don’t get me wrong. I don’t think Apple Passwords is a bad choice. But it’s certainly not stupid to decide it’s prudent to stick with a proven solution from an organization that specializes in password management.
1 Like
I don’t recall saying anything was stupid. And this in no way supports your original argument. Securing systems is difficult because of asymmetry. Also, the statement quoted about scrutiny still remains true in spite of the disclosed vulnerability. This will continue to happen; it’s all about how the vendor of affected system communicates and responds.
I’m not a fan of cloud based password solutions but having had a look at Passwords recently, I think it has a lot going for it now.
Apple’s model for accessing your account is very robust, to which someone who has recently helped their 70 yo mum who lost their iCloud password can attest.
To access Passwords from a new device you need to a) know the user name and password b) physically press “Yes” on another device logged in with the same account c) enter a code from one of those devices and d) know an iPhone PIN or Mac machine password to undo the E2E encryption.
This is one of the more comprehensive models among Password managers, probably second only to more niche things like locally based password vaults. Not only does it require 2 pieces of information (account password and device PIN/Password) it also requires physical access to a machine in order to press Yes and get the code.
None of these are insurmountable, for example you could steal someone’s iPhone after watching them enter their PIN. But that’s common to all password managers and it still limits attackers to people physically close to you.
Its particularly nice due to one of the more underrated features of Macs, the fact that you almost never have to type out your Apple ID password once you’ve set it up once. If you never type out your password, you never get keylogged or observed typing it. This is what put me off Bitwarden, the biometric unlocking never worked in the browser and I had to type out my full password all the time.
There’s also a couple of neat features in Passwords. One is that you can see every website you’ve logged in to using the Sign In With Apple feature, which is extremely handy.
The other is being able to see the ssid and password of every wifi spot you’ve connected to, and create a neat QR code out of them. I thought these were both nice, and will probably be unique to Passwords.
As I say I don’t like cloud based password managers so I’m not switching over, but all it needs is a couple of more fields and I’d already rate it above most of the current commercial offerings out there.
5 Likes
man… this aged like milk. Since Strongbox was bought by Applause (neither macrumors nor 9to5mac covered it), I have switched to Apple Passwords for logins and Bitwarden for 2FA codes.
Apple Passwords certainly doesn’t have all the bells and whistles as Strongbox did (particularly their password generator sucks) but it works pretty much everywhere so I can’t really complain.
1 Like
For me (us as a family) we‘re also considering how to use passwords as the child’s are getting older and now also need a password manager.
Actually we‘re using 1Password - but I think it does have too many features for kids to learn. Maybe I‘m wrong?!
The biggest downside by far is that Apple Passwords is only protected via a simple PIN Code. Don‘t know if I will go this way…
Apple passwords wasn’t quite ready when our kids first needed it, so we did the family 1Password. (Context: I’ve used 1 Password for years and my company uses it as well.)
I wish we’d used Apple Passwords for our family. 1Password was too much for the kids, especially with the bugs and quirks of the iOS versions. Though it only would have been behind a passcode (fingerprint most of the time), at least they would have used Apple Passwords consistently and not looked for (and found) ways to manage passwords outside of the app.
1 Like
Appreciate your feedback. That is what I‘m actually thinking about… And have fears that it will be this way as you described it.
How did it end at your side? You‘re still using 1PW and the kids/others a mix between 1PW, Apple Passwords and some lists?
Yes. This summer I’ll switch everyone except me to Apple passwords.
Where to put all of the non-login data was where I’m stuck at. I migrated the logins yesterday and they are working fine. I does look like I’ll need to manually create new passkeys since those cannot be migrated.
API Keys (eg Cloudflare API key) - ?
App Passwords - ?
Bank Accounts - Secure Apple Notes
Credit Cards - Safari ( does this add them to Apple Wallet as well?)
Logins - Apple Passwords
Secure Notes - Secure Apple Notes
Software Licenses - ?
There are some other items like Obsidian encryption keys that I might be able to stuff into Apple Passwords, but I’m not certain that is the best place for them.
Secure Apple Notes can probably fit most data, though losing data structure and data types is a concern.
1Passwords also has some neat features like reminding you when a credit card is near expiration, or having a place to store additional credit limit, phone numbers, etc.
I remember keychain access having secure notes…and I just checked. It’s still there! I’ll probably use apple notes, still. 
Seems like you could fit a bunch of stuff in here and just label it something you’d search for. It won’t autofill, but I don’t think you’re doing that with software keys and api keys today?
I think I’ll do a mix of stuffing and creating Apple Notes. Like for the 1Password Fastmail card, it has the authentication information in the card, and then I added a password field for each App Password I created for applications to access my mail , contacts, smtp access, and calendar access. There are a lot of them!
Sometimes it’s important to note which email address or phone number is associated it with the account. Whether it’s to answer questions for account recovery, or the application sometimes asks for a username, and sometimes asks for an email address, depending on context.
I didn’t realize how much data I had stuffed into 1Password into I needed to transfer it someplace else! This is going to take a while, not even considering re-creating passkeys.
1 Like
This is the moat that has me staying with 1Password right now, heh.
1 Like
Sorry to warm up this thread … I have read through it mainly regarding the „all eggs in one basket“ question, as that is something I’m still trying to figure out for myself.
I’m by now confident I would be able to make the switch from 1Password to Apple Password app. I find the app more easy to use while in the Apple eco system.
The one thing I’m currently thinking about is security. I recently witnessed a grab and run theft in the city where a girl was using her iPhone in the metro at the door and someone quickly grabbed it from outside the train when the doors were closing. I feel bad for her but was thinking about: just in case the thief was able to watch her enter the passcode into her phone, or/and the phone was unlocked, would this put my passwords in Apples Passwords app more at risk compared to them being stored in a separate app and dedicated password like 1Password?
What are your thoughts for a scenario like that?
This is one thing that stops me considering Passwords more seriously. For someone moving around the city a lot, having my laptop or phone pinched is a more real threat than online hackers. And working in hotels and coffee shops all the time, it’s all too easy to be watched.
On the plus side, you don’t actually need to enter your PIN very often on an iPhone, since FaceID is so easy to integrate into apps. But it’s not impossible that I’d enter my PIN, so a different factor for my Passwords app is good to have.
1 Like
I think the solution to this would be to use a complex alphanumeric password that a would-be thief would find hard to replicate.
Then it’s a pita every time you need to unlock your phone
1 Like
Yes, but think of the security!
2 Likes
I usually use another hand to cover the screen when I am asked to type my passcode to enter.
I remember Wall Street Journal had a reportage about that, and Apple so far did add Stolen Device Protection, but only on iPhone not iPad or Mac.