Keychain password manager vs 3rd party

[beachBOYken]

Hi

Does anyone use iCloud keychain as their password manager instead of say 1password or last pass, or made the switch from a 3rd party p/w manager to keychain.
I own all apple devices and was thinking about switching to keychain.

1password which I use costs a yearly/monthly sub, I like the p/w manager but when I use all apple devices it makes me think I should just use keychain and save some money.

 

[beachBOYken]

Keychain is fine but very basic. The additional features provided by 1Password make it worth every penny, specifically the ease of using 2FA/MFA. I hit the key combo to log me onto a site and not only are my username and password filled in automatically but so is the 2FA code.

It just works.

Ah so the 2fa code is not filled automatically, I like that with 1p. Im sure keychain will improve some areas such as this eventually. I will stick with 1p for now.

 

[beachBOYken]

Thread bump.

Im beginning to test out apple keychain while I still have an active 3rd party sub to a password manager.

In the apple passwords when you click edit on one of your website account passwords it shows your password with a little key symbol and under that it has "easy to type" and "special characters" passwords, are these just alternative passwords generated by Apple for me to switch to if I wish?

Thanks

 

[beachBOYken]

I would highly suggest you use Bitwarden over keychain. Bitwarden is free for the most part, but the premium version is only £10 a year, and it works on pretty much everything.

I’m only testing it out see how it goes, I only use these for passwords and nothing else which is why I’m thinking of dropping 1p.
I also have all apple devices.

 

[beachBOYken]

What about 2FA, does it handle it as seamlessly as 1Password? Interested to know.

Think so after some reading, was going to test it with this site, but it’s not requesting my 2fa code at the moment.

 

[beachBOYken]

Anyone moving to Bitwarden will not regret it. Either self hosted is free or £10 a year for the server version. Absolutely perfect pricing.

I will check it out.

Apple keychain looks just perfect for my use though, and having just apple devices.

 

[beachBOYken]

Until you ever get mixed devices and want to move away.

Indeed. But I have had apple devices for years and can't see myself ever moving away from them for the foreseeable.

That's like anything really though, some things don't last forever, even a password manager.

 

[beachBOYken]

That’s what I said until my MacBook Air stopped supported stuff I couldn’t justify spending the amount on another laptop. Work purchased me a zenbook to keep so I ended up with a mixed environment again.

If you don’t think you will move away that’s fair. I personally would even say Bitwarden is better. It’s a browser extension that’s all rather than built in. I’ve had 0 problems been using it for 2 years self hosted. Not even had a problem with upgrades.

I personally don't want to pay a penny for a password manager and looking at Bitwarden I would need to for the 2fa support.

My use is extremely basic, the reason I think keychain will be fine for me.

I think there is a way on Mac to export passwords if I ever need to as well.

 

[beachBOYken]

Why? You only need the premium version for 2FA if you use a Yubikey or similar USB 2FA device. If you just use auth apps like Authy the free version works fine.

Oh good point, used to using 2fa within 1p, forgot about separate 2fa apps.

 

[beachBOYken]

Those that do use keychain, how do I save passwords that use 2fa, do I need to setup 2fa again.

Im doing it manually by using 1p in conjunction with keychain as I visit sites and save them as I get the keychain save password prompt.

But im thinking that wouldn't work with 2fa secured accounts, is it a case of setting 2fa up again?

 

[beachBOYken]

Ok so update, I find apple keychain ok, but the annoying thing is that some websites don't request to save login, which I was currently trying to do manually while I have 1password.

So Im thinking about trying Bitwarden (premium)

Can someone explain open source? is that more secure than 1password?

edit/

Ok so I signed up.

I have set up 2fa as well, is there any other security I need to be aware of for the bitwarden account?

Also do I need to enter the 2fa code every time I open the main app or browser extension?

Ive not installed them yet, Im just using the web page currently to input my logins manually as don't have that many.

And finally as I’m on free account currently if I add 2fa enabled logins they don’t work, in 1password do I copy the 2fa address field and paste it to the same field in Bitwarden?

When I then upgrade should that activate the one time codes.

 

[beachBOYken]

Security wise is it better storing my 2fa codes in a standalone authenticator like Microsoft authenticator, Authy... or is it better to store them within the password manager as well?

I was going to upgrade BW to the premium sub so to use 2fa within the app, but I was thinking perhaps its better to stay with the free version and store my 2fa codes elsewhere, Im guessing its more secure like this but a little less user friendly as need 2nd device at hand at times I need 2fa code.

 

[beachBOYken]

I choose to keep them separate, I use Authy because if I loose my device I can log in via a pc/laptop in the app just in case.

From a security point of view I would say it’s more secure in a separate app.

luckily most of my accounts don't require 2fa all that often and only request it every month of being logged in and then there is the " trust device" option

Im just trying to work out the easiest way to transfer the 2fa code from 1p or the website itself to my authenticator app.

I can't see an option so im having to disable and re set up again, luckily not got that many to do though.

 

[beachBOYken]

Yeh you will have to disable and re-enable to change app.

Thats what I thought. Thanks

 

[beachBOYken]

Worth it though doesn’t take that long once you get on a roll, don’t forget to remove it from the old 2FA app though. What I did was make a list and just literally tick them off one by one moving over. I did the same when moving over my phone number to a new one with 2FA.

Liking it so far!

The browser extension has a few lock options, such as on browser restart, never, 1hr and so on, do you know if the 1hr for example is when the browser is sitting idle or does it lock no matter what i'm doing on the browser?

Its set to default "on restart" I rarely close my browser so it will stay unlocked.

 

[beachBOYken]

I currently have a PIN set but on restart master password with 2FA.

How do you include the 2fa, can’t see an option for that, unless that’s a premium feature.

Have it set up on my bw account.

I’m keeping my desktop app set to require master password, and extension set with pin.

 

[beachBOYken]

Settings > Two Step Login (it might be a premium feature) not 100% sure.

Confirmed it's a premium feature. You get premium with self hosted though free.

Ah ok, yeah I have the account 2fa available and enabled just not the extra step available for the apps then, Im not sure if the premium is worth it to me, I have a separate app for 2fa codes, and not sure I would bother with the additional 2 step security on the apps, I don’t really store anything important, all my accounts that are critical to me are in my head or jotted down somewhere safe.

But for £10 its cheap just for the other stuff I guess and future premium features. May think about it later down the line once I’ve got used to using Bitwarden.

 

[beachBOYken]

£10 for the year is literally a pint and a half in London. But if you don't need the premium features why bother.

Well some may come in handy future premium features, emergency access?, priority support, password hygiene/reports.

 

[beachBOYken]

iOS app exstension, trying to fathom the difference between that and autofill.

The extension on iOS always requests password and doesn’t seem to be a fully fledged extension like 1Password is on iOS.

 

[beachBOYken]

I've got Face login activated so I don't need to type a password in, sometimes I may have too on the odd occasion.

Oh ok so on your iOS devices you use biometrics, where do you use pin on you desktop?