Password managers are essential. They keep track of your passwords, encourage better security practices, and generally help to manage your life across your devices. They’re the kind of feature that really should be built into every device — and Apple is massively expanding their reach with the launch of its new Passwords app, announced this week at WWDC.
We have companies like 1Password and LastPass to thank for the popularity of today’s password managers. But an announcement like Apple’s puts them in a tough position: now that Apple has a free, built-in Passwords app, is there a future for the third-party apps that defined the space?
I assume they’ve been expecting a Sherlocking for a long time, which is why they pivoted to the enterprise, multiple platforms, and multi-user stuff.
I see nothing to tempt me from PasswordWallet—which has a separate long password, uses standard files, and supports HTML export, a compact UI, and auto-typing. But the new Passwords app will be nice for managing my 2FA codes and passkeys, and for family passwords. I haven’t used it extensively yet, but my initial impression is that it’s the best-feeling SwiftUI app from Apple. (Hopefully they’ll add drag and drop to groups.)
Passwords app. At last an app that is released for all of Apple’s platforms at once.
There’s an awesome new tool in the journey to replace passwords: Automatic passkey upgrades.
For a short window after a user signs in using Password AutoFill, apps and websites can “conditionally” request passkey creation for that same account. The Passwords app then creates a new passkey and notifies the user. No upsells or speed bumps.
All credential managers can support this! (There’s lots of new API for credential managers this year!)
[…]
Here’s how I think about this: we’ve transferred the consent-to-upgrade from being something every website secures to something that the password manager secures. Up to the password manager to decide how to talk to the user about it. In Apple’s Passwords app, users can turn this off.
See also: WWDC and Hacker News.
Yes, the Passwords app has importing, but only on macOS. (File-based importing and exporting of password manager data isn’t all that common on iOS and iPadOS.)
1Password has the ability to export its data into a CSV file, which Apple Passwords will happily import.
You can manually add additional domains to passwords, but more importantly, when you choose to fill a password on a domain it isn’t saved for, you’ll be prompted to attach the new domain to the password.
I love the new Passwords app in macOS Sequoia has a menu bar item you can use to access your passwords quickly
My favorite part of the new Passwords app. Also right clicking on an item allows you to quickly copy a username or password. 😄
The new Passwords app does not store specific types like Notes you’d like to secure or Credit Card entries.
However, it does now let you store entries that have only a password. You no longer have to enter a fake username and URL.
Some people missed this and I think it’s a big deal: the Passwords app on iOS 18 and macOS Sequoia lets you to save passwords without a website! It even allows you to import them from other password managers! When adding passwords, you can specify a website or a custom label, like “Router”, "Passport Number”, or “Garage Door”.
The New Secure Note item… menu item in Keychain Access app is missing on macOS 15
Another thing holding back the new Passwords app is the lack of Chrome and Firefox support.
Neither browser has support for the macOS password autofill api (introduced in macOS Big Sur).
I saw that Apple added/negotiated support for Apple Pay in third party browsers. Hopefully they can do the same for password autofill this summer.
I’d like to see an API for other browsers to access SMS verification codes, too.
The new Passwords app does encourage Chrome and Edge users to install the extension on first launch, however. Button opens the browser to the relevant Chrome/Edge Web Store page.
I guess the dedicated Apple Passwords app would be a great option for me if Apple also offered an Android version. My little experiment with using Android for a while has taught me that one-platform services can be a real dead end, and this is especially true for something like a password manager.
It does apparently work on Windows via the iCloud app.
Federico and I finally got one of our long-term wishes this year with the introduction of a standalone Passwords app on the iPhone, iPad, and Mac that syncs between devices securely using iCloud. I have been slowly but surely transitioning my saved logins from 1Password to Apple’s system for a couple of years in anticipation of this day, and it has paid off. When I opened the new Passwords app on my Mac, it was already pre-populated with over 1,500 passwords, passkeys, verification codes, and Wi-Fi credentials. The app also collects the apps and websites where you’ve used ‘Sign in with Apple’ or ‘Hide My Email’ and includes both a Security category alerting you to any issues with your passwords and a Deleted section where you can recover any recently deleted passwords. There is a section that collects shared passwords, and the app supports importing and exporting passwords, too.
What you won’t find in Passwords is the ability to save attachments or take notes about accounts. That’s too bad because I’ve used 1Password to securely store important legal documents and add notes to shared passwords about how to use certain web accounts in the past. However, with password-protected shared notes in the Notes app, you can partially accomplish the same result, albeit in a different app.
And since Apple lets you share passwords with other people—you can create a seemingly unlimited number of arbitrary groups and then move passwords into those groups—it’s really a full-featured option that will suffice for many users.
[…]
I can’t drag an item out of the list and drop it on a Shared Group to assign it to that group, which is a perfectly reasonable thing for a Mac app to allow. And when I imported my 1Password file—a couple thousand passwords that, I admit, could stand to be pruned back—the app slowed to a crawl. Deleting items would sometimes just not stick, search results appeared and disappeared, and even small tasks like deleting a few selected items generated a beach ball pointer. I sure hope these are beta growing pains, because if this performance persists to the fall, the Passwords app runs the risk being branded a dog.
Currently macOS still supports keychains in their original Classic Mac OS format, and file-based keychains remain in wide use. As they can never provide the same level of security as Data Protection keychains, and can’t benefit from biometrics or the Secure Enclave, Apple is moving on to Data Protection keychains as much as possible. The Passwords app looks to be a good step in that direction, particularly for those who share their Data Protection keychain in iCloud.
Apple still has one significant problem to solve: code such as LaunchDaemons and LaunchAgents that don’t run in a user context, but through
launchd, can’t currently access a Data Protection keychain, and must rely on file-based keychains. Traditional keychains aren’t going away yet.
See also: Accidental Tech Podcast.
Previously: