Is it time to move to Apple’s Keychain?
Why pay for a password manager when Apple provides a great one for free
Password managers should be a key (no pun intended) part of everyone’s information security toolkit. Without the use of a password manager, you are very likely to choose an easily guessable password and then will compound your error by reusing the same or slight variations of it across multiple websites. The consequence of that decision is that when your credentials are stolen, the hacker will use your credentials across other shopping, social and financial websites to see if you made the mistake of reusing the password.
A password manager can significantly reduce this risk by making it easy to generate, store and use long random passwords for each site you have an account with. For years, I have been recommending the use of a password manager as part of my annual Christmas security recommendations update. While any good password manager is better than nothing, my preference for the past few years has been 1Password.
The future of passwords is here, and with Apple’s pending release of a new version of macOS and IOS, it’s time for an update to my recommendations. Apple, along with Google, Microsoft and others, have joined forces to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The technology underlying that standard replaces passwords stored on the website you are accessing with encrypted passkeys that are kept on your local device. The exchange of these credentials now makes use of public key cryptography and the biometric features of your device to greatly reduce the chance of your credentials being compromised. And, since each token used to authenticate to a website is unique, there is no danger that the compromise of one account will lead to the compromise of all of your other accounts.
So, what does this has to do with password managers? In the years since I last looked at Apple’s built-in password manager that is integrated into Safari, it has evolved greatly in usefulness and features. While it may not have the polish of commercial password managers, it has all the essentials, including the ability to add notes to passwords as well as automatically generate one-time passwords as needed. More important, it will now be the foundation for Apple’s implementation of the passkey technology, setting the path for the eventual death of passwords and their replacement by passkeys. This means that you have one repository for all your credentials, both old passwords and new passkeys.
Other critical features that are included in Apple’s Keychain password manager include the monitoring of your passwords to highlight those that are easily guessable/crackable, as well as dark web monitoring to alert you if your account has been compromised at any website so that you can change it. It will automatically recommend complex passwords for you when setting up and changing your passwords as well. Best of all, since Keychain is a part of the Apple OS ecosystem, it is blazing fast on both the Mac and IOS and does an impressive job of recognizing authentic fields on forms, even better than commercial password managers in my experience.
To make full use of these new features assumes that you are making full use of the Apple ecosystem, including using Safari as your main browser. While it is possible to manually cut-and-paste credentials into other browsers and use them on Windows, it is cumbersome at best compared to how seamless the Apple experience is.
In keeping with Apple's design philosophy, with Keychain as your password manager, "It just works". I now find myself not even thinking about passwords as I surf the web, as opposed to the constant interaction that was previously required when using 3rd party password managers.
If you are drinking the Apple Kool-Aid, I suggest that you give Keychain a try and see how it works for you. You may be very pleasantly surprised, and you will save yourself a good chunk of change annually by not having to pay the subscription costs for a commercial password manager.