Apple unveils 'Passwords' manager app at WWDC 2024

What’s the problem with it exactly?

I’m using it on iPad, macOS, iOS and windows 10 and 11. Seems per much the same as it’s always been.

I’ve got the family using it too.

Just curious what issues other people are experiencing.

> I'm hoping someone shares a deep dive on the product soon

I have the app open in front of me but haven’t used it much. It’s basically the Passwords pane from System Settings ripped out and with some new fixed smart categories. If that’s enough for you, so will the app be. If not, not.

I agree with you. V7 was good enough that I’d have paid for it over using Apple. But v8 has had me looking for an alternative anyway.

…but v8 is perfectly fine! I remember a lot of buzz about v8 being slow “because it’s electron” but it’s not slow. I use it on multiple laptops without any issues at all.

The very best thing about keepass is that defines a standard and publishes a reference implementation that anyone can build a compatible client for. I like KeepassXC on MacOS and Keepassium on iOS and I keep the DB in sync between them with NextCloud. If I was working on Linux/Android next week I would pick the best clients there and arrange syncing myself, again, without a third party.

keepassxc is incredible, truly slept on. I use safari keychain as well, as a copy. But my master store is keepass. It boggles my mind that people pay for 1password.

Btw, is keepassxc on Android now or are you referring to one of the many Android keepass apps? I use keepassium on iOS.

I pay for protonmail and also store a copy in protonpass. Proton pass has a nice web interface and doesn’t require me to copy a keepass file or logon to iCloud on my work computer so I use that sometimes too.

KeepassXC has been outstanding for me, especially now that it supports passkeys. I use KeepassDX for android as well.

I should have been clearer, I meant that it didn’t work with arbitrary cloud storage providers like iCloud, Dropbox, Google Drive and so on.

I’m a tech person and even I don’t want to be responsible for running a Vaultwarden server, the average user definitely doesn’t want to.

There’s stories of SIM swap just leaving the door wide open though

The iOS app does cache passwords locally, and has since before I started using it c. 2021 or 2022.

There's also vaultwarden

https://github.com/dani-garcia/vaultwarden

Development costs money and that's fine, but I don't like it when companies act like their pricing is based on the cost of providing a service, and the service is "syncs a single sub-megabyte file between a few devices". You can get that service a thousandfold for free. (And even if they give you more space, that's a worthless addon to almost all customers.)

In particular, the reason it's annoying to sync keepass is because of how the program is designed. There are other managers in that ecosystem that let you log in to google/microsoft/dropbox/anything and then you're done. It all syncs perfectly from then on. It's a development problem, not a need for a dedicated service tied to a specific password manager.

And when I'm considering development cost I'm going to look at things on a 5 or 10 year timeline. I think that's a reasonable length to expect a software purchase to last. On that timescale, Bitwarden is okay but 1Password is not at all a good price.

I use BitWarden and I prefer having the open source and self hosted options for using BitWarden. 1Password does not have those. Despite that, I've been strongly advocating for it at work because it easily has the most polished and refined UI/UX of all the managers I've tried.

Exactly, secrets management is a really critical need that 1Password meets for me, and I'd much rather they charge me an honest price than sell out to advertisers. These things require upkeep (not just defending against everyone trying to break in, but also keeping current on the latest technologies like passkeys), so I find the yearly price of admission is totally reasonable for 1Password's quality and importance.

> I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money.

I have no problem paying for software. But in this case I’d far prefer a one-off purchase. The only reason there are ongoing infrastructure costs are because I’m being forced into using the company’s cloud service. I already pay for infrastructure in the form of my own cloud storage. I want to pay, once, for software that will use that infrastructure.

More generally, while I might see the value in paying $45 a year for a password service a lot of non-tech folks don’t. They’re happy using the same password everywhere they go (until they aren’t, of course), making them pay a few months-worth of Netflix to use software they’re already not inclined to use means they just won’t do it.

> I don't get the hand-wringing when it comes to reasonably priced services.

For me, it has nothing to do with the price and everything to do with the fact that I don't want a service dependency for my most critical passwords. I want them to be available no matter what. The product should be standalone. And this isn't a hypothetical concern, either: my employer is contractually mandated to disallow cloud-based password managers, so I must use standalone ones (yes, this is a stupid policy, but one that I'm bound by).

And on top of that, 1Password 5 was an excellent product and it is just steadily getting worse, in my opinion.

I'm with you: I'm happy to pay a recurring fee for a good service, usability, and dependability.

I've been a 1password customer for as long as I can recall, and it feels weird dumping my subscription to save a few bucks when it's been such a great service at a fair price the whole time. Why I'd keep it around if the OS solves the same problems, I don't know … just saying it feels weird.

I really recommend you stop and read the white papers regarding iOS and Apple's Security and Infrastructure design, instead of just regurgitating a talking point from reddit.

Apple doesn't have access to user keychains

Nothing has changed. This app is just a skin over the existing backend.

Keychain Access has been there since the beginning of OSX/macOS. It's quietly been storing email and wifi passwords this entire time. Many, before there was an alternative like 1Password, used the app to store other info within as well through secure notes. Passwords in iOS and Safari, along with Keychain sync in iCloud have expanded the keychain functionality over the years and it's been fine for ~25 years or so. I have faith they won't suddenly screw this up and comparisons to less critical stuff like Screen Time aren't really valid here. And sherlocking? I don't think so. When 1Password came out, it was clearly inspired by Keychain Access that had been there for years prior with similar functionality and even user interfaces.

This is definitely a factor and applies to regular support help as well. I sent 1Password an email several years ago about an issue and got a prompt and helpful response back. It was a much better experience than I would ever expect from Apple (or Google/Microsoft/etc).

I'm not really a fan of 1Password overall though. The product is still fine but has gotten gradually worse over the years and their corporate posture does not inspire any confidence. Consumer apps that focus on Enterprise and are only interested in SaaS revenue almost always follow the same path of endlessly degrading the user experience once they reach a certain point. I haven't seen anything that makes me think they will be an exception, but I give them credit for actually having a real support channel, at least as of a few years ago.

Can you expand more on the Screen Time issue?

Might be outweighed by the bigger effects when they do screw something up. Like if their passwords mess up for amazon.com, some big airline, Facebook, etc... the noise will get pretty loud pretty quick.

This is exactly why I use 1Password and not the manager in Chrome, and I won't use Apple Passwords either.

The password sharing feature is pretty slick:

https://support.apple.com/guide/iphone/share-passwords-iphe6...

I’m with you on 1P. I bought every version starting in 2009, until the constant push to subscribe made me stop. The part their VCs should be afraid of is that switching took about 5 minutes (export + import) and the only change I noticed is that everything is faster. That moat is a trickle of water (I hope it’s water) and they’ve annoyed a lot of the people who used to be telling their friends and family to buy it.

You nailed my 8 step 1P unlock workflow. They've really done a great job standardizing the user experience.

Hah glad I’m not crazy. Used it and loved every version since 3x, but 8 is just so fucking buggy it drives me bananas. It just doesn’t work half the time!

Evernote.

its an apple tool. It will work on Apple products first, and then windows, but with a poorer experience. it may work on chrome, just for 'enterprise' but pretty sure firefox, linux, and android users are going to be ignored.

> I have been fighting switching to the SaaS version

I felt that way on principle for a long time, but honestly, on reflection, 1P is probably subscription that is most justifiable. I want to outsource online security to people that know what they are doing. I want that to be a viable business for a long time into the future. And I want their funding model to be such that their interests are aligned with those of their paying users (me).

People can get so irrational when it comes to the cost of software. The same person who'd pay hundreds of dollars for a cleaner, or a gym membership, will swear up and down that 70 bucks a year for an online bodyguard is highway robbery.

> Paying a monthly fee for access to my passwords is highway robber

It would be. Fortunately, 1Password doesn’t do that [1].

You’re paying for an important piece of software to be maintained.

> I'm sure 1Password doesn't care one iota about loosing individual users with attitudes like this

Probably not. Emphasis on attitude.

[1] https://support.1password.com/frozen-account/

1Password has the most reasonable pricing out of just about any SaaS company. $1/user/month if you're on a family plan. $3/month for individuals. And they provide a great service.

Strongly disagree that they're part of the group of SaaS companies trying to price gouge their users.

Interesting. Earlier this year I migrated passwords out of 1Password and a few from LastPass and Apple Keychain supported both easily. Just not more complex types of credentials. Every password and website was imported correctly as expected. If not I have yet to notice.

I'm in the exact same situation. I'm still on 7 (the last fully local version) but the cracks are starting to show. I can forgive them for iOS forcing you onto their update treadmill but they've intentionally crippled the Firefox extension for this version too, and it flat doesn't work on windows anymore and it's not like Windows or Firefox are deprecating their APIs all of the time.

Apple uses 1Password enterprise internally, so I doubt we’ll see it get completely Sherlocked since enterprise will continue using it.

Passwords.app will be used by folks who can’t be bothered to pay for a password manager, which won’t do much to 1Password’s bottom line.

There’s a lot of prior art like Apple uses Cisco WebEx instead of FaceTime for video collaboration. The products Apple produces are just very different than their enterprise counterparts.

> clear that 1Password was going to get Sherlocked,

I'm actually of the same opinion as the GP comment, modulo that I'm not ever going to jump ship to an Apple password manager, but I'll point out that 1Password will most certainly not get Sherlocked since they are not Apple-centric and thus Apple would have to (gasp) release a Passwords.app client for Windows and Linux plus a cli and kubernetes operator in order to hold a candle to the reach that 1P has

> I’m finding most of the friction with 1Password I run into is actually Apple competing for autofill in Safari creating two completely different UIs above every form element.

You know that you can disable Safari's autofill, right? I recommend it if you're using another password manager.

I've been using Apple's password manager for more than a decade; and though the last OS update had a new UI, it still offered the old UI at the same time.

Every other password manager I have tried has had continuous churn, nothing consistent after a couple years.

I have passwords for accounts in my Apple keychain that have survived more than decade and about half a dozen different devices, to internal servers that have been dead for a decade.

The only new thing here is opening it up to more platforms.

My last password manager got sold to some guy in Morocco and my passwords put behind a pay wall, and then lost. Bring on the vendor lock in, I’m so done with all that other shit.

Bitwarden gets my vote too.

Besides just working as expected, it importantly supports self-hosting. I don't currently make use of that, but have given it a try and it's great as well.

Having alternatives to the SaaS (currently very reasonably priced) is invaluable.

For a time 1Password had the best integration and UX across Apple devices of any of the password managers. That has become less and less true over time. Integration issues over the last year have me excited to try Apple's Passwords implementation as a replacement. Bitwarden is on my list as well, but haven't pulled the trigger due to switching costs for a family of five who all use 1password currently.

Same here. I tried them all several years ago, and BW was the only one that gave me anything like a native experience across all of my wildly varying devices.

I miss lastpass auto login. And i wish bitwarden had a merge for duplicate entries. Otherwise, bw is good. I also wish i was able to utilize totp keys like i can with iCloud

How far out is the phone peripheral?

No Linux or Android, which makes it useless for anybody having any devices running those. And since nobody wants to use two password managers, it remains a better solution to use a truly multi-platform one.

The existence of a port does not guarantee future support of a port. Safari used to run on Windows. They're also somewhat notorious for trash quality Windows ports.

Desktop Linux market share continues to grow and as a part of that group, I rely on 1Password because I can use it across all of my systems.

The other major password managers are on Linux, and Apple will need to support Linux for this new offering to be interesting to me.

If it’s anything like their other Windows apps, Bitwarden is still going to be a superior option.

Unless Apple treats every major OS as a first class citizen for this password management app, this becomes another form of ecosystem/vendor lock-in. Have all your passwords securely stored in our app? Thinking about buying an Android phone? Think again.

Of the major tech companies, Apple probably has the worst track record of not playing nice with other platforms, walled gardens and all. Passwords are needed on all platforms. Apple would be the last company I would trust to ensure that I would be able to access my passwords anywhere I may need them.

I actually read the article and didn't see this at first. It's mentioned at the very bottom, right above the "featured stuff" and unrelated article below it, and after a lot of text about what Passwords does that Keychain already did.

The official site recommends KeePassDX and KeePass2Android: https://keepassxc.org/docs/#faq-platform-mobile

Keepass2Android has been working great for me for almost a decade now

https://github.com/PhilippC/keepass2android

Oh, you can? I should look into that then, thanks. I’ve vaguely settled on Notes as “I guess this is the least shitty replacement for the specific way Evernote fit I to my life” but have never actually sat down with its manual to see what it can actually do.

Hopefully Adobe won’t decide to start shitting a bunch of authorization credentials into private Notes the way they took over the Private Notes section of Keychain.

for this requirement i choose to use encrypted sparse files (can be created with the disk manager app) which i store on the icloud. is only of use if you happen to have a laptop with you as mounting them is not supported in iOS

For iOS & Mac https://thevault-app.com does exactly that for me. Storing PDFs, or just plain images of passport, drivers license etc (in addition to passwords). It’s a bit on the technical site (eg, also has cmd: prefix for terminal commands etc)

Can’t you just paste the DL image into a Note and then password protect it?

I frankly just have photos of DL and insurance cards in my photos with tags to make finding them easy. Although note with the text searchable images that’s largely not even needed.

I don’t get what the security concern in. My photo reel is way more secure than my actual wallet.

I am on FF with Bitwarden and haven't noticed any issues at all.

It’s important, otherwise that means any locally-running binary (maven, npm) can steal all of your passwords, since they are in clear on your computer.

Not sure that it's every day but I haven't been too bothered by it. It's not unlike the security policies where I work. So needing to type in a OTP isn't out of my normal routine.

You’re both talking about iOS, right? Because on the Mac it’s always been a dedicated app.

I think the GP commenter is aware of that but saying "now that Apple is directly invested in managing and entering your password, it's harder to make excuses for dogshit product specs that, for example, block pasting passwords."

They're saying that Apple bringing this tech in will force developers to follow this convention, ss from their experience they're not. Not that there isn't a convention but people aren't following the conventions that exist.

Is there a way to turn this off entirely? Something like <html autocomplete=“off”>? It’s rather annoying to have 1Password trying to fill my contact info into any form with a Name input. For example, Forum Name, Todo Name, etc.

I think they finally changed this recently to allow you to paste in- I've resorted to the same workaround in the past though.

What a shitshow that was! I’m pretty sure they’ve deprecated that part of the login process now, though. It’s much smoother, in a relative sense.

An alphanumeric password doesn't have to be bad or hard to remember. Mixed case and symbols don't add much security. But still, should be paste-able.

Typo there: I was able to export all my passwords out of 1P and import them into Passwords. I think people got the gist from the context, but just in case.

That's excellent! I'll keep that in mind.

There's a proper export on the Mac if you have access to one, at least.

The way Google's password manager covers websites anywhere I'm logged into Chrome plus native Android apps anywhere I'm logged into Google Play is super convenient though (albeit total lock-in, I won't argue that). Some apps are even developed well enough that a password originally stored via Chrome will be suggested for the app, I guess by cross-referencing the origins in some mutual way. And payment card details will auto-fill pretty smoothly in a very similar way, as well.

It's fantastic, and for some reason I trust OS/browser developers to do this more safely than a company focused on password management that has to figure out OS APIs, write browser extensions, or rely on a clipboard that has nearly unbounded read access.

Yes Mozilla's does - to Firefox. There are cases I need to use Safari or a Chrome based browser. This is the main reason I got 1password in the first place.

and where do you store your passwords for apps?

Very cool!

Would it make sense to use this for storing keys used other shell scripts?

Does it support hardware keys?

Dropped 1Password for Strongbox a few weeks ago, really impressed with it.

“Since” could mean yesterday.

But i would like to hear more details of the corruption if parent is willing to share. This is pretty much my worst nightmare scenario.

Letting go has occurred. "Since" means after.

What happens if you have the RecoveryKey set, like the actual generated Recovery code? If that's set, can you always reestablish access?

why except web3？

Crazy thing is that there's a plugin for windows to use them as well. https://support.apple.com/guide/icloud-windows/set-up-icloud...

It’s what I do but auto fill doesn’t work in chrome on osx :(

This is my main gripe as well.

My current workaround is to use Orion as my browser. Its profiles are clunkier than safari and don't exist on iOS (but I don't care about that)

I don't know where this falls on the "storing in the cloud" policy, but if you haven't seen it I really enjoyed KeePassXC's ssh agent to keep SSH keys off disk: https://keepassxc.org/docs/KeePassXC_UserGuide#_ssh_agent_in...

What I dislike about the 7 → 8 transition is that it went from feeling like a handcrafted Mac app to an indistinguishable generic SaaS thing, which is exacerbated by 8 being built with Electron (which brings dozens of little papercuts that are difficult to smooth out, even if the dev cares to try to).

I'm getting ready to release ours as open source (hardware and software) soon:

https://www.anomie.tech/products/anigma/ce/

I think it depends on the password, Bluetooth encryption would probably be fine for, like, my forums passwords. If anyone within, like, 50 feet of me right now wants to break into my Hackernews account… IDK, my dog does seem like a real jerk actually, so if I make any dumb posts let’s assume that she’s stolen my passwords.

A dedicated device would be nice and, actually, keeping your passwords on something that never even has to touch the internet would be ideal. But my phone already has a nice big touchscreen to make it easier to pick a password. Reusing an old device could work but that’s limited.

could you post a link or 2 of the DIY devices? very interesting since this kind of device obviously needs a lot of integration into the PWM software ecosystem.

Just so you're aware, LastPass has had some pretty bad security issues, eg. on the latest https://arstechnica.com/information-technology/2022/12/lastp...

Just so you're aware, LastPass has had some pretty bad security issues, eg. on the latest https://arstechnica.com/information-technology/2022/12/lastp...

Does it blank all the fake videos in your YouTube home page? There used to be ads separate. Then they started putting one in the upper left corner that pretended to be a real video, with some clickbait title. Now (today?) they have them sprinkled all over, like maybe 15% of all the thumbnails are now ads.

I'm leaving that platform. They've taken shittification to new heights.

when every app loads an entire duplicate browser stack then your RAM is wasted out of cheapness and negligence.

Moreover, I shouldn’t need a cutting edge microprocessor just to look at my saved passwords. Multiplied across 15 million 1Password users, even 1 second amounts to about six months of collective time wasted for each app launch.

I would never hire any developer who disregarded their users’ time, UI experience, and computing resources so blatantly.

> Bitwarden has been lagging in implementing any consumer features for some years now...

This is actually the reason why I like Bitwarden. They don't seem to be constantly trying to push unwanted features on me. I've always been a fan of the first "rule" of the Unix Philosophy: do one thing well.

I’m in the same boat. I really enjoy Bitwarden but I’m willing to give this a try to see if it’s as good as it could be

Bitwarden integrates pretty well on Apple devices/apps already, although I guess you could save a tap by using a native app.

Considering I only ever use it as a Chrome plugin anyway, that's not much of a sell

What's wrong with Electron?

really? what's the name?

Maybe once they were, but they suck compared to 1password. I've moved and never looking back.

What if I wanna have a shared card?

Not everybody appreciates platform lock-in (whether the platform is a browser or an OS).

I think I checked this. The self hosted wallet was tricky if I remember right.

The formula can be very simple and is applied to less important services.

Unless you are directly, personally, targeted no hacker will waste the time trying to reverse engineer your algorithm... they'll just go on to brute forcing the next hash in the list.

And most people only have a few services that need to be truly secure anyway, which would use non-derived passwords (if they hack your netflix or spotify, who cares? Call support and get it back)

Password managers have had many exploits/failures over the years. You introduce so many points of failures bringing in a third party.

Your gibberish password with random symbols/characters isn't any more secure than a more memorable one of a similar length.

> you no longer are forced to use Safari to view passwords

Your passwords haven't been bound to Safari for quite a while. You already had to use the Passwords app found in Settings. Both Safari and Keychain Access have controls to allow you to open the Passwords app (the Settings one) from within them, but it stands independently.

The new Passwords app seems to be the old Passwords app with some refinements, new features, and moving it out into a more familiar location rather than it being hidden away in Settings. You might say this is Passwords v2.

Those are all good counterpoints I hadn't considered, I think you've changed my mind.

I think for a lot of the password managers out there, the majority of their revenue comes from Apple users. The ones that don't rely on Apple users will be fine.

I mean, my parents will immediately move to this from BitWarden.

There is still a place for password managers, but if I'm the LastPass CEO, writing is on the wall with this announcement... They will see a large exodus of customers that use Apple OS.

Were Microsoft forcing you to use Internet Explorer?

> On top of that, they don't lock you in with passwords.

Now that many sites are moving to passkeys or TOTPs, it would be great if Apple could not lock users in there as well.

> Apple has had a Chrome extension available for a while now which has allowed me to use it on other browsers/platforms

That's only on Windows and requires you to install iCloud tools locally, right?

>I think this is exactly what _most_ people want.

This is what they think they want, until something happens and they are forced to move out of the walled garden, and have to replace everything.

But, admittedly, that's Apple's bread and butter, and they've managed to avoid big controversy so far...

Besides the web client,

https://cider.sh exists and is in various distro package managers already too.

> People don't want everything tied to one identity, one service, one login.

> I think this is exactly what _most_ people want.

Until they don't, which always happens sooner than you would think.

> I think this is exactly what _most_ people want.

Yes, and they should have it. As open source software that a free market of hosting companies can compete on price and quality for. Not as closed source software hosting by a Big Tech oligopoly.

You should be able to host your info on a server of your choice, encrypted end-to-end from your devices. That server is the one which should collect payments, manage subscriptions, do access control checks, and deliver data to others. That server is the one which should send notifications and push news updates to your devices as well as subscribers’ devices. You should always be able to migrate easily to another server, or use several at once, as fallbacks.

People have learned helplessness (“oh I wish Twitter would add feature X”, “oh, I guess we all have to get a Google Plus account”, “oh, sucks that Google Plus and all my data and social connections there are going away”) because open source developers didn’t stick around long enough to make something that is good enough to compete with it, and is decentralized and federated.

I can count on one hand: Mastodon. Bluesky.

I am working on fixing it: https://github.com/Qbix/Platform

Larger vision for 2025 and later: https://qbix.com/ecosystem

> I think this is exactly what _most_ people want.

I see many comments replying to the above statement, and I am no exception.. what about the saying that goes: "Don't put all your eggs in one basket"?

> I think this is exactly what _most_ people want.

I couldn't agree more. I use Google's password manager because (1) it syncs everything (2) I already use Chrome everywhere (3) I can't be arsed to set up another password manager that is generally inferior in terms of integration.

I don't care for the FOSS argument. I just want stuff to work and work easily.

Plus, I sincerely believe Google is 'too big to fail'. If somehow Google gets hacked and my plain text passwords all get leaked, it means something huge has happened and we're all massively screwed anyway. So, whatever.

Luckily, _most_ people don't buy overpriced and closed Apple devices.

Easily export passwords, I’m not so sure. I remember trying to script this once and for each item it would prompt a password to extract the entry. Maybe the Passwords app changes this.

> I think this is exactly what _most_ people want.

Like seven people replied to say this, but they're all missing the trick.

Most people want this because they're guided to want it. If you show people the convenience but not the risk, of course they want something with an advantage and no apparent disadvantage. But the disadvantage exists, it's just not immediately obvious.

Then some corporate machine learning algorithm decides that it's your day to have a bad year, or the screws only get tightened after you're already locked in, and the regret comes some time after the decision is made.

Whereas the nerds who can see the inside of the machine are aware that this sort of thing happens and their response is no thank you. A starkly different preference from the people paying the most attention is a troubling sign. It's the early stages of this:

https://xkcd.com/743/

The thing that gets me is that people then defend the practice because it's likely to be successful. Lots of unsophisticated people are going to put all their eggs in one basket and then have a bad time, which is a result we should be trying to prevent, not defend the people causing it because they're likely to turn a profit. Companies making money on information asymmetries and the misfortune of others is a flaw we should be looking for ways to optimize out.

Is there a way to export all your passwords on a Windows PC, or from iPhone? I do not have a mac

> I think this is exactly what _most_ people want.

No. Please stop being speaker for most of the whole world.

There are people, including me or my wife who is not technical at all, who will never use anything similar from Apple. Or any similar SSO/access/security platform. Google and FB tried that decade+ ago, only fools fell for that regretful trap if the service has actually any long term added value.

> Please remember that HN is not a cross section of the general public.

Yup. I need to constantly keep that in mind, when I’m designing my software.

Very often, the fact that I like it, is a negative.

> This is EXACTLY what people want.

You made the same mistake as the person you're refuting, only worse because you added "exactly" as if case closed.

Here's another take: "People" want different things. They listen to different music, have different opinions, buy different cars, have different tolerances of when a car needs washing.

My non-technical Mum refuses to use online banking; my non-technical Dad loves online banking. My non-techie sister loves issuing verbal commands to her smart speaker; my non-techie Mum refuses to speak to devices & switches her TV off at the wall every night.

The only "EXACTLY" is in marketing efforts trying to convince you of that state.

I think they want one login, but don't want it all controlled by one company. I think they either like or just don't notice that everything they do is controlled by one company at first, until they see something shiny and cool that another company is doing, and realize how difficult it is to switch.

Seems to be the case that commenters do not know that Keychain Access exists.

Apple has tried various approaches of surfacing this functionality (eg the passwords panel in Safari and again in iOS’s settings app). This just seems to be the app-agnostic way of providing this functionality to everyday users, and probably a good thing as platforms move away from passwords.

Quite a few. Windows desktop/laptop + an iPhone/iPad is a super common combo.

For me the issue is gaming. It remains a central hobby of mine and while Mac has gotten much deeper into gaming in recent years it's a far cry off from Windows. I use Apple ecosystem otherwise (work, mobile). Also, I have left Linux behind after my academic years and don't miss it.

I would immediately leave Windows in the dust if gaming was equally supported on macOS. Maybe in the future, let's see. For enterprise work, MS365 is also really central and it's basically not possible to work without Excel, PowerPoint, Outlook and Teams even if you personally prefer other software (I don't). They're fine on macOS or the web interface but clearly neutered in comparison to Windows native.

Do you mean stuff like Pixel but with a degoogled version of Android?

Terrifies me. I can't really piss 1Password off, so that'll never be a worry. My iCloud Email can at least be re-directed to Fastmail as I own the domain (other than Hide My Email, which is a shame).

> has had an iCloud Password Chrome extension for years

Which is also only available for Windows, as far as I know.

> This is what OAuth attempts to do, and most users and devs I know like it.

Counterpoint from an interesting source:

https://gist.github.com/nckroy/dd2d4dfc86f7d13045ad715377b6a...

Word. I do the same. The web versions aren't perfect but they do the job. There are way too many Android-only users in these comments that don't have a clue what they are talking about.

Notes web version is pretty limited though, ex: can't attached images.

Windows app will certainly help adoption.

An Android app would be nice as well, but I doubt that many people use both iOS and Android devices[1] (or concern themselves whether they will be able to switch platforms easily).

[1] Android devices as in devices where password manager is desired, not as in 3 Billion Devices Run Java

Apple already has a Windows iCloud password app and a Chrome extension https://support.apple.com/guide/icloud-windows/manage-passwo...

That's contradictory; what you're looking for is a charity.

A company does things for the sake of profit.

In the same way I don't trust Google not to cancel whatever it is they just announced, I don't trust apple to keep supporting software on platforms that aren't theirs. They just don't have a good track record and no real incentives. The last widespread Apple sosftware on non-Apple platforms was probably iTunes, which was terrible.

But Apple knows that there are many reasons why a user who may choose Apple where they make decisions for their dollars, is also a user who is stuck in other ecosystems in other context.

Of course, I'm talking about, for example, work environments where you may be stuck with a Windows PC, or have to use a corporate-owned Android device for your phone...

>> Oh sweet summer child

I only ever see this expression on nerd sites.

People always ignore the simpler explanation: it’s more time and work to make something a second time on a platform you don’t know and control.

Except for the fact that you can import from and export to other password managers using built-in functions. That kind of kills the whole lock-in vibe.

Literally not a monopoly.

I would be happy if more people adopted password managers. We'd all be a lot better off if they did. And personally I don't care which tool they use to get there. But there's still too much friction in using a password manager, not all of which is the fault of the password manager (eg different password requirements, how 2FA verification is handled, the antiquated notion of password expiry, some sites split username and password onto two pages so you have to verify twice, some sites using a third field you have to fill in like surname).

So I'm not sure how many people will actually use this just because of this friction.

Branding a solution as Apple isn't a guarantee of success. If it were, we'd still have Safari for Windows.

I don’t really understand this kind of comments that complain without any specifics. Worse how? I use two family subscriptions and a corporate one for many years and haven’t noticed any regression in functionality or UX. They release time to time minor quality of life improvements and continue supporting modern platforms. 1P7 to 1P8 upgrade went without any problems on all platforms I use. IMO this is the best password manager on the market by many measures.

What is your experience exactly?