Will you be using the new Passwords app from Apple when it comes out? Why or why not? And be sure to check out my video comparing the best third-party password manager options: ruclips.net/video/BsVkVa0n0T0/видео.html
Nope. It suffers the same issue as iOS has - using login passcode to access. I am also a multi-OS person. Apple only is automatically a “No” for me. Using Proton Pass which offers me additional options.
I already use bitwarden so i'll stick with that. My wife however is a creature of convenience and cannot stand how locked down my bitwarden is. When the update comes through i'll likely migrate her to passwords.
I think Apple Passwords is the best choice for anyone in the Apple ecosystem. I’ve never felt the need to store my passports or IDs in a password app since they can be securely kept in the Notes app with a custom password. Concerns about hypothetical security issues seem like self-justifications for sticking with a third-party app. I understand that using cross-platform devices or not wanting to depend on one company are good reasons for opting for a third-party password manager tho.
True, you can create a folder in the Notes App and just have your passwords written down there and then you can lock the notes app with Face ID or a custom password/PIN. But now that Apple has their own password app might as well use it. lol
Turning on Stolen Device Protection means that, if Face ID verification fails, it will NOT allow the Passcode as a fallback option, it will only accept Face ID. This works with the Passwords app but also everywhere that asks for Face ID
You can say what you want about Apples Password manager, but the fact that it unlike many other popular third party ones has never suffered a data breach is incredible.
Doesn't mean it can't happen. Best practices is to write them down on paper and secure it in a fireproof safe... People need to stop depending on password manager apps as it's a target for hackers. iPhones have been jailbroken remotely (pegasus as an example) so it's not impossible.
Exactly, I don’t know why he didn’t mention that when he made such a big deal about not storing credit cards or passport info on the Passwords app. The only thing that I totally agree with is the cross platform issue. I Deal with that daily but the solution I have is when I’m sitting at my PC my phone is typically on the desk and I just open up the phone to the Passwords app and type it into the needed information on my PC. I promise, it’s not difficult.
I’ve been using Keychain for years now, and been really going crazy with security and privacy stuff this last year and even managed to enable 2FA via authenticator on any accounts that allow it, and made super strong passwords as well. Been running the beta of iOS 18 for a while now and the new Passwords app is awesome! Think Apple really just killed 1Password and a lot of others with this one haha.
I’ve been using the existing Keychain app and the extensions for Edge and Chrome work quite well, even allowing for newer features of the Keychain app, like shared passwords. The iCloud for windows app is actually quite handy if you’re stuck using a Windows PC and need access to your otherwise Apple ecosystem.
Why are you talking like this would be new? The Apple Password Manager existed for a long time it was just inside the settings app and not a separate app. The only new function that this app has is the ability to generate wifi QR-Codes. So there wont be any Apple Users switching over to the new app since they are already using it just with a slightly different interface.
@@Dellaster No actually it’s the other way around. For a tech savvy power user like me this update doesn’t change anything because I already could do everything with the old system. But for an average user making it more accessible can be a big change.
Apple's new password app does NOT make the need for cross-platform compatibility go away, and it does not help anyone not in the Apple ecosystem. Companies like Bitwarden and 1Password and Proton Pass are not going to be sherlocked by this.
@@AllThingsSecured I have a random question - what do you think about Ente Auth? Do you think it has potential? I want to have a cross-platform dedicated secure authenticator w/ native non-big-tech-cloud and non-self-hosted syncing in case Twilo goes off the walls and destroys Authy.
@@DamariobrosI just started using Ente after trying 2FAS add MS Authenticator and I prefer Ente, it’s got a few more features and unlike 2FAS it’s been audited.
It's just an upgraded version of iCloud Keychain to make it more user friendly. Why haven't you used iCloud Keychain tho cuz it's free and working exactly the same way lol...
If you in apples ecosystem fully and have no android devices that you would need to sign in on then apple’s password manager is a a good bet. Plus no major breaches so yea
I would not trust Apple with managing passwords. If I get started listing my reasons, youtube might run out of storage space. Our host did a very good job covering this subject.
I moved to it and I love it. I’ve used Apple for well over 20 years and pretty much everything I do revolves around Mac and iPhone and iPad, both personally, and professionally, and as someone with a disability? 3/4 of mobile screen reader users use iPhone last I checked. :-)
Josh, you inspired me to create my own business based on cybersecurity as I am very interested in your content. I want to say thank you for this channel because I now found what my interest is in 🙂
I saw the reasons you put and they are 100% understandable, and although I consider that I am like you, in that I do not like to depend on a single company sometimes, or that I like to have extra security in certain internal apps beyond the code, in this case because I have several Apple devices I feel it is the only exception I am willing to make, as I want to have the benefits of having a code authenticator and my password manager in the same place, since I find it very complex, time consuming and even unsafe to have to re-install the apps I have every time I change devices or format, and it is extremely satisfying that once I log into a new Apple device, I have all my passwords at hand in a secure, private, easily accessible way but only if I put my face to unlock it. I also like this kind of easier and quicker way to access my credentials because on a few past occasions I have been on the verge of losing my passwords both authenticator and regular passwords due to backups, expired subscriptions, etc and it sucks that feeling, but I totally understand that it doesn't work so well for someone who is not into the Apple ecosystem completely.
Just to clarify, with Stolen Device Protection enabled, you NEED Face ID to get in, you can “trick” it a bit and have the passcode option pop up, but after inputting you passcode, it’ll still ask you for Face ID again. 😄
I thought I’d mention that (1) the keychain has had an interface for quite a long time, and (2) Apple’s Notes can encrypted and store things like your passport and other information.
I have switched from 1password to using the built-in tools inside macOS. I use the passwords feature, that’s accessible by the settings app, and this new password app, and then I store everything else that you are mentioning in secure notes in the notes app.
It would seem a given that we could hide the Apple password app in the new ‘hidden folder’ feature. But no, it’s not possible? Out of all my apps this is the first one I’d like to hide - the reason being obvious.
Yes, I've just purchased my first iphone ever on Friday and I started using the password app today and I'm really enjoying both my iphone 16 pro and the password app. Good job Apple 🍎
I'm a 1password user and I was convinced I would move it all to Apple's new Password app... until I saw your video. Thank you and I agree, I will stay with 1password
I love when people whine about "locking yourself into the Apple ecosystem." It's always some young buck who has an authority issue or an anti-"The Man" attitude. After using it for 20 years now, there is nothing better.
I am quite pleased that Apple have done this. I moved to Apple because of their security benefits. Who on earth would anyone open their phone with anyone looking over their shoulder.
Is this more or less just an enhanced, more user-accessible version of Keychain? I’m already using Keychain for many (not all) passwords, so this seems like a natural evolution - which I guess is Apple’s strategy. Thanks for the video!
I’m excited for this. Not only is apple making their own native password manager but ITS FREE lol. Most people aren’t even going to use their password manager for any other reason other than to hold like their Facebook, chick fil a, or Starbucks login. So, apple is once again giving you what you need and leaving out the rest. It does suck that you basically have to be all in on iOS BUT, most people who are excited about this feature most likely have everything by Apple anyways lol.
Thanks for the video. What I would like to know is, if you rely on a specific app to generate a username and/or password for you and most people might have upwards of about 75+ of them, do people right them all down as a back up? What happens if your password manager app/ company goes down for a few hours or a day, has a breach, goes out of business etc.... how do recover all that info? Do they have a way were you can print all of that info just in case or as a back up?
Some password managers let you export all your passwords to a file (I don’t think the Apple Passwords app does this). But obviously having all your passwords in a file is more risky than writing them down - if in a file, that means anyone who can get into your computer can get the file. Password managers usually keep a local encrypted copy of all your passwords, so it doesn’t matter if they go offline. What I did for a while was keep all my passwords both in Apple Keychain (now the Passwords app) as well as a third party password manager. But I’ve since realized that redundancy is not really needed, since every site lets you recover your password if you have access to your email or phone. Some sites do require two factor authentication (2FA), for those you need to have saved the backup codes they give you when you enable 2FA.
Apple passwords is simple, free and secure thats why i love that. saving credits card info? its already possible another way and another things passport etc.. but what i miss is firefox extension on windows.
After years as a Windows IT manager, I am now all-in on Apple, but won't be adopting this anytime soon. I know the keychain has been compromised in the past by malware. May reconsider in the future if Apple implements better security for the keychain.
That’s only valid for MacOS though, which in general has great protection from malware in the first place. I’m not saying this is totally fool proof or will never happen, but malware on iPhone and iPad is pretty much non existent anyways
Apple’s security is pretty high in my opinion, especially if you just use Apple devices. As the way they have the ecosystem set up, it’s pretty much locked down from being breached. Just need to be cautious of receiving and accepting malicious and suspicious files, as most rats anyways nowadays are added by human reverse engineering into getting it downloaded and activated.
I am surprised you are not mentioning the obvious advantage that the Apple pw manager is free while most other options not only come as a one off cost but as a subscription - which is the most annoying lock-in. I agree that the ability to store and protect PII data and other assets would be good.
I pretty much agree with everything in this video. the apple only part of this is a downside, but having it using your apple creds and not some password manger only creds/keys is a huge nono. also, haing all your eggs in one basket is sometimes bad.
So, twilo has had breaches and has had quite a few problems in the past from what I understand. As someone who has all their 2fa with authy, wouldn’t apple’s solution benefit me is a very real way?
On my iOS 18 public beta, I can only open Apple Passwords with Face ID. No option to use a code. A different code would be appreciated though, in case of face injury I guess.
If I don’t use the iPhone password app I can no longer autofill any of my passwords. Normally they’re saved in safari settings or something. So now if I delete the new password app you no longer have saved passwords to autofill. That’s ridiculous. I don’t want a password app that says look at me as an app.
@@Wesley-Houlas I'm not understanding your issue here. If you don't want to use the app, then don't. Just remove it from your home screen. You don't have to delete it. Autofill will still be enabled. That way if you by chance need it later, you can access it from your App Library. It's better to have it and not need it than need it and not have it.
I think another point to consider is that passkeys will slowly gain traction and it will become more and more common she’ll be able to login by scanning a QR code with your iPhone, which then lock you in from the past key stored on the iPhone. This will make it less and important where are you stole your pass keys. Also, I hear a lot of talk about being locked into the Apple ecosystem if you choose the iCloud keychain / Passwords app now. If you have a Mac, it is absolutely possible to export all your passwords and 2FA codes an import to another password manager, and there is no “lock-in”. For passkeys it’s a different story, but the FIDO Alliance seems to be slowly working towards exploring and importing of pasties sometime in the future so lock-in of passkeys is most likely temporary. But of course, worth considering nonetheless.
My first experience with the new Passwords app involved signing up to a new app account. I allowed the Apple security system to suggest a secure password. When I went to sign onto the app, the password was not available, and was not present in the password app. A real fail.
Why is nobody talking about how well iOS integrates password management vs Android? The fact it just works in pretty much all major browsers, 3rd party apps and Apple apps is amazing. Is there a way to get Android to be as integrated for password autofill like iOS?
If you ever come into contact with police, just hold the necessary button to power off, it forces the phone to require your password on the next unlock. People are quick enough to get their phone out and start recording at the mere sight of a cop, it’s even quicker and easier to lock your phone up.
Currently in iOS 17, Passwords located in Settings can not be opened by the device Pin (any longer). I don’t recall which update that was and changed that (needed) security setting. Is that not the case going forward with the new Passwords app?
Well for starters, you shouldn't be entering your passcode in plain view of anyone else. You should rely only on Face ID when in public. But to answer your question: yes they would need your phone itself to actually do anything if they know your passcode.
Yeah having a password manager that only works on ios doesn't do anything for me. I use a third party manager because I multiple different devices and a third party manager is device agnostic.
I currently use 1Password, but I'm trying out the passwords app now to see if it fits my needs. Am I missing something, or is there no way to generate a password for an existing login? It only seems to generate one if I'm adding an entirely new login, but I can't seem to generate a password if, for example, I want to change my password on a site.
To generate a new one for an existing login in you would need to hit edit then delete the old one. It’ll then show a prompt above the keyboard with a strong password suggestion. This is on the iPhone though, I haven’t tried it on Mac
Is there no option to write any notes for any of the login accounts eg: signed up on X date, bought Y, app key details, subscription ends on this date, cancelled because of reasons?
It’s a good free alternative for those that have apple and eventually windows, which I imagine will remain as it is; an extension. Obviously better options out there, but for free - what’s not to like
"Apple is taking away any excuse to not use a password manager." I highly disagree with this. The majority of senior citizens do not know how to use most software on computers, tablets or phones. My parents (and most of my other family members parents and friend parents and other people I know's parents) don't even know how to use an Excel spreadsheet, or a money management application, let alone a password manager. It's not really their own fault. It's the fault os UI designers that only design software based on other software that is already out there. And, the majority of software is confusing and complicated and has small text and small buttons and on touch devices, requires to you do things with your fingers that many seniors can't do because of arthritis, etc. Anyway, there are A LOT of reasons that senior citizens can't use a password manager and all of those reasons have to do with complexity or even understanding how to create a user name and password for specific websites in the first place.
Great video. It makes perfect sense not to have everything in one place. It's strange that Apple didn't thing of documents, passport info and other things when they made this app. Maybe they're not as professional as they thought they were.
I think you did some copy-pasta on the description because there are chapter markers that make no sense for this video... That aside, I completely agree with having your password manager separate from the OS and the 2FA utility separate from the password manager.
Using the same pin as my phone is a deal breaker for me. It’s funny I can create a Note with all my passwords in iOS and protect it with a custom password, and that would be more secure than this Passwords app. 😅
Surely even your 3rd party PW App isn’t (as you imply) wholly independent as it sits on the iOS OS anyways so if there is any breach its as likely to be that than any other features of a 3rd party App that sits on top. This is the case for any App it’s only as strong or secure as whats underneath.
Problem I’ve seen is when apple cancels your iCloud account and locks you out of everything. I am now syncing my photos / notes / docs to other services just in case. Will do the same with passwords (using google chrome currently)
Being dependent on Apple for everything sounds expensive. I’ve learned my lesson from so many other apps that lured me in with some feature then I’m struggling to get out of that ecosystem. I’d rather go open source where I have full control of my data and I’m not on a platform that can get as expensive as Apple. Plus I like having full control of my data and not getting dependent on Apple to make things “easy “ for me.
Hey, thanks for a great video, certainly some very thought-provoking security info. I accidentally stumbled on a new setting, if you long press on the Passwords app, there’s an option to select require Face ID (seems like you can do this with many apps)… This prevents you from being able to type in a manual password and forces you to verify with Face ID… Could you look into this and repost a new video With additional considerations given the pin loophole seems to have a fix?
that's not a fix at all. If it doesn't recognize your face, it will always default to your device password. No matter which app or function, it's just how FaceID is designed. The only exception is stolen device protection.
@@PvtAnonymous realized that as well, if you cause it to cancel out it defaults back to the key which is annoying. They will need to fix this loophole if they want a secure product. Either way I’m a 1Pw convert now since Apple doesn’t have a truly secure product
@@bobekdj same here. I use a self-hosted Bitwarden instance and don't have to deal with the normie-shenanigans anymore. Just the feature set of Bitwarden already trumps Apple's Passwords app.
This is a good idea for my boomer parents who don’t want to download a bunch of apps, but I’m trying to get them to use something better than a web browser or physical notebook for their logins. For myself, I’ll stick to proton pass.
I strongly agree that putting all your eggs in one basket is not the greatest of ideas. With the recent global issue of computers getting the blue screen of death should at least hint that having options or your things spread out is beneficial.
for me i prefer the comfort of not having a thousand different security apps and as far as I know, Apple does a great job at being secure. I would recommend not using a six digit numbers only unlock password, since this is pretty easy to spy over the shoulder as you told.
if they do get to all my passwords they still need to figure out what the 5stars is about: a code not stored anywhere else (buying me some time) All the most important passwords start with ‘*****password’ And recently decided to not let them know the passwords need an extra code to work. Also had to change some passwords in safari too but did not allowed ios to update the passwords
@@AllThingsSecured I guess at the end of the day credit card info doesn't have anything to do with "Passwords", so you have to really stop for a second and think about that one.
Why doesn’t Apple do our passcodes like some ATMs. Everything you enter the passcode, the numbers on the keypad change. If someone notices a pattern, it won’t work for them.
Sounds insecure. For the master key that encrypts the password database, you've got two options. 1) Store it, 2) derive it from a password. Keys stored only on a phone can have quite a bit of hardware security making compromise nigh impossible, and Apple has a good track record with this. However since this service is cross platform, the key is likely stored in the cloud. Though i can think of plausible key sharing schemes depending on setup process for adding a new device.
That said, with only a 6-digit passcode known to somebody else, you are screwed out of everything your photos, passwords, notes ,etc. No I’m not using it
Not if you have the new stolen device feature enabled, which locks everything behind Face ID. Besides, with iOS 18, you can lock whatever apps you want behind Face ID as well!
If you’re using 6-digit “passcodes“ you clearly do not value the information on your phone and what it can access. I mean there just no reason when you have biometrics for day to day use. Alphanumeric actual phrase is where it’s at.
Will you be using the new Passwords app from Apple when it comes out? Why or why not? And be sure to check out my video comparing the best third-party password manager options: ruclips.net/video/BsVkVa0n0T0/видео.html
Nah, I've been using 1Password for years. I've been happy with them. One app is enough.
I’m not gonna be utilizing it when it comes out with IOS18 because I use devices that run on different operating systems
Nope. It suffers the same issue as iOS has - using login passcode to access. I am also a multi-OS person. Apple only is automatically a “No” for me. Using Proton Pass which offers me additional options.
I'm using 1Password and am very happy with it.
I already use bitwarden so i'll stick with that. My wife however is a creature of convenience and cannot stand how locked down my bitwarden is. When the update comes through i'll likely migrate her to passwords.
I think Apple Passwords is the best choice for anyone in the Apple ecosystem. I’ve never felt the need to store my passports or IDs in a password app since they can be securely kept in the Notes app with a custom password. Concerns about hypothetical security issues seem like self-justifications for sticking with a third-party app. I understand that using cross-platform devices or not wanting to depend on one company are good reasons for opting for a third-party password manager tho.
True, you can create a folder in the Notes App and just have your passwords written down there and then you can lock the notes app with Face ID or a custom password/PIN. But now that Apple has their own password app might as well use it. lol
Turning on Stolen Device Protection means that, if Face ID verification fails, it will NOT allow the Passcode as a fallback option, it will only accept Face ID. This works with the Passwords app but also everywhere that asks for Face ID
You can say what you want about Apples Password manager, but the fact that it unlike many other popular third party ones has never suffered a data breach is incredible.
Most password managers haven’t either. I assume you’re thinking of the one LastPass case?
Doesn't mean it can't happen. Best practices is to write them down on paper and secure it in a fireproof safe... People need to stop depending on password manager apps as it's a target for hackers. iPhones have been jailbroken remotely (pegasus as an example) so it's not impossible.
@@NEVIXIA I totally agree, but if you’ve gotten infected with Pegasus, you’d have bigger problems at that point…
@@AllThingsSecured yup, last pass and, even though it isn’t a password manager, authy, which leaked millions of users phone numbers
It’s utterly useless for those of us who refuse to get locked into Apples walled garden.
Notes on iOS can store Passport info etc and be locked behind Face ID. The app doesn't need to do that like other managers do.
Yea, I’m wondering if that’s maybe why Apple didn’t include it for Passwords.
Exactly, I don’t know why he didn’t mention that when he made such a big deal about not storing credit cards or passport info on the Passwords app. The only thing that I totally agree with is the cross platform issue. I Deal with that daily but the solution I have is when I’m sitting at my PC my phone is typically on the desk and I just open up the phone to the Passwords app and type it into the needed information on my PC. I promise, it’s not difficult.
I'll be moving to it. I won't have to pay 1password anymore and with all things Apple, it will work great and be well integrated into the phone.
Sounds good!
Except on Android devices!!!
Why do you pay 1password now? Why don't you use keychain?
😂😂😂 me too
@@daraghmacgabhann1005 Why use an Android ? Just kidding .
If you enable stolen device protection, Face ID would be the only way to access the Passwords app. You would not be able to use the passcode
Correct, and iOS 18 also allows you to force FaceID. But I would prefer to have control over the passcode/master password.
You could double lock the app with Face ID
Tip - store whatever info you need in Apple Notes and lock it in addition enable Face ID for Notes.
Agree. You can also do that in Files App.
Yep, that’s what I use as a backup.
Question, does Apple Password only work with Safari browser or does it also work with other web browsers such as Google Chrome etc?
It has an extension that works with Chrome :)
really same thing i was thinking..one login password foe the password app is far too dangerous❤
I’ve been using Keychain for years now, and been really going crazy with security and privacy stuff this last year and even managed to enable 2FA via authenticator on any accounts that allow it, and made super strong passwords as well. Been running the beta of iOS 18 for a while now and the new Passwords app is awesome! Think Apple really just killed 1Password and a lot of others with this one haha.
I’ve been using the existing Keychain app and the extensions for Edge and Chrome work quite well, even allowing for newer features of the Keychain app, like shared passwords.
The iCloud for windows app is actually quite handy if you’re stuck using a Windows PC and need access to your otherwise Apple ecosystem.
Nice 👍
Why are you talking like this would be new? The Apple Password Manager existed for a long time it was just inside the settings app and not a separate app. The only new function that this app has is the ability to generate wifi QR-Codes. So there wont be any Apple Users switching over to the new app since they are already using it just with a slightly different interface.
They broke it off into a separate app, improved it and made it easier to use, but yeah, for your average Apple user there is no real change.
@@Dellaster No actually it’s the other way around. For a tech savvy power user like me this update doesn’t change anything because I already could do everything with the old system. But for an average user making it more accessible can be a big change.
Apple's new password app does NOT make the need for cross-platform compatibility go away, and it does not help anyone not in the Apple ecosystem. Companies like Bitwarden and 1Password and Proton Pass are not going to be sherlocked by this.
I agree.
@@AllThingsSecured I have a random question - what do you think about Ente Auth? Do you think it has potential? I want to have a cross-platform dedicated secure authenticator w/ native non-big-tech-cloud and non-self-hosted syncing in case Twilo goes off the walls and destroys Authy.
@@DamariobrosI just started using Ente after trying 2FAS add MS Authenticator and I prefer Ente, it’s got a few more features and unlike 2FAS it’s been audited.
I am a dedicated apple user but I agree with this video. I like bitwarden.
You can set up a separate password for any app on IOS 18
No. But you can set up Face ID for any app, and also hide any app.
it’s free…works really well…good enough for me👍 nice to save 65 bucks a year for 1password…thanks Apple🤗
Exactly my thought.
It's just an upgraded version of iCloud Keychain to make it more user friendly. Why haven't you used iCloud Keychain tho cuz it's free and working exactly the same way lol...
65 a year is crazy 40 for 2 years + 3 months is what i went by. Nordpass
If you in apples ecosystem fully and have no android devices that you would need to sign in on then apple’s password manager is a a good bet. Plus no major breaches so yea
I would not trust Apple with managing passwords.
If I get started listing my reasons, youtube might run out of storage space.
Our host did a very good job covering this subject.
I moved to it and I love it. I’ve used Apple for well over 20 years and pretty much everything I do revolves around Mac and iPhone and iPad, both personally, and professionally, and as someone with a disability? 3/4 of mobile screen reader users use iPhone last I checked. :-)
Josh, you inspired me to create my own business based on cybersecurity as I am very interested in your content. I want to say thank you for this channel because I now found what my interest is in 🙂
I saw the reasons you put and they are 100% understandable, and although I consider that I am like you, in that I do not like to depend on a single company sometimes, or that I like to have extra security in certain internal apps beyond the code, in this case because I have several Apple devices I feel it is the only exception I am willing to make, as I want to have the benefits of having a code authenticator and my password manager in the same place, since I find it very complex, time consuming and even unsafe to have to re-install the apps I have every time I change devices or format, and it is extremely satisfying that once I log into a new Apple device, I have all my passwords at hand in a secure, private, easily accessible way but only if I put my face to unlock it.
I also like this kind of easier and quicker way to access my credentials because on a few past occasions I have been on the verge of losing my passwords both authenticator and regular passwords due to backups, expired subscriptions, etc and it sucks that feeling, but I totally understand that it doesn't work so well for someone who is not into the Apple ecosystem completely.
Exactly. As long as you understand that it works beat if you only use Apple devices, it's great.
Just to clarify, with Stolen Device Protection enabled, you NEED Face ID to get in, you can “trick” it a bit and have the passcode option pop up, but after inputting you passcode, it’ll still ask you for Face ID again. 😄
I thought I’d mention that (1) the keychain has had an interface for quite a long time, and (2) Apple’s Notes can encrypted and store things like your passport and other information.
I have switched from 1password to using the built-in tools inside macOS. I use the passwords feature, that’s accessible by the settings app, and this new password app, and then I store everything else that you are mentioning in secure notes in the notes app.
I do the all the same exact things, EXCEPT i use a separate app (Ente) for 2FA codes.
It would seem a given that we could hide the Apple password app in the new ‘hidden folder’ feature. But no, it’s not possible? Out of all my apps this is the first one I’d like to hide - the reason being obvious.
Yes, I've just purchased my first iphone ever on Friday and I started using the password app today and I'm really enjoying both my iphone 16 pro and the password app.
Good job Apple 🍎
I'm a 1password user and I was convinced I would move it all to Apple's new Password app... until I saw your video. Thank you and I agree, I will stay with 1password
You are welcome!
Glad you have the money.
I love when people whine about "locking yourself into the Apple ecosystem." It's always some young buck who has an authority issue or an anti-"The Man" attitude. After using it for 20 years now, there is nothing better.
Uwielbiam ten kanał! 😊
I am quite pleased that Apple have done this. I moved to Apple because of their security benefits. Who on earth would anyone open their phone with anyone looking over their shoulder.
Is this more or less just an enhanced, more user-accessible version of Keychain? I’m already using Keychain for many (not all) passwords, so this seems like a natural evolution - which I guess is Apple’s strategy. Thanks for the video!
Yes, it is! And it will automatically be transitioned over when you upgrade.
what is up with the titles of the timestamps? 😅
Looks like the added the wrong ones
My bad.
Yeah they not really making any sense
@@AllThingsSecured…
I’m excited for this. Not only is apple making their own native password manager but ITS FREE lol. Most people aren’t even going to use their password manager for any other reason other than to hold like their Facebook, chick fil a, or Starbucks login. So, apple is once again giving you what you need and leaving out the rest. It does suck that you basically have to be all in on iOS BUT, most people who are excited about this feature most likely have everything by Apple anyways lol.
It works well for those who love Apple, I agree.
It's free on paper, but not really. It is gate kept; you must have an apple device.
Nothing is ever free, you will be paying with your metadata
Thanks for the video. What I would like to know is, if you rely on a specific app to generate a username and/or password for you and most people might have upwards of about 75+ of them, do people right them all down as a back up? What happens if your password manager app/ company goes down for a few hours or a day, has a breach, goes out of business etc.... how do recover all that info? Do they have a way were you can print all of that info just in case or as a back up?
Some password managers let you export all your passwords to a file (I don’t think the Apple Passwords app does this). But obviously having all your passwords in a file is more risky than writing them down - if in a file, that means anyone who can get into your computer can get the file. Password managers usually keep a local encrypted copy of all your passwords, so it doesn’t matter if they go offline. What I did for a while was keep all my passwords both in Apple Keychain (now the Passwords app) as well as a third party password manager. But I’ve since realized that redundancy is not really needed, since every site lets you recover your password if you have access to your email or phone. Some sites do require two factor authentication (2FA), for those you need to have saved the backup codes they give you when you enable 2FA.
Apple passwords is simple, free and secure thats why i love that. saving credits card info? its already possible another way and another things passport etc.. but what i miss is firefox extension on windows.
Credit card info. It’s available to everyone anyway once the waiter takes it in the back to process your dinner check.
Awesome video. New subscriber.
Nice to see someone that flies the same airline as me AirAsia. Good app by the way.
After years as a Windows IT manager, I am now all-in on Apple, but won't be adopting this anytime soon. I know the keychain has been compromised in the past by malware. May reconsider in the future if Apple implements better security for the keychain.
Which malware are you referring to?
That’s only valid for MacOS though, which in general has great protection from malware in the first place. I’m not saying this is totally fool proof or will never happen, but malware on iPhone and iPad is pretty much non existent anyways
Apple’s security is pretty high in my opinion, especially if you just use Apple devices. As the way they have the ecosystem set up, it’s pretty much locked down from being breached. Just need to be cautious of receiving and accepting malicious and suspicious files, as most rats anyways nowadays are added by human reverse engineering into getting it downloaded and activated.
I am surprised you are not mentioning the obvious advantage that the Apple pw manager is free while most other options not only come as a one off cost but as a subscription - which is the most annoying lock-in. I agree that the ability to store and protect PII data and other assets would be good.
@TheOneMonk - Dead on the money. Subscription lock-in is the very worst.
Access to your passwords by face ID is going to make law enforcement delighted!
Great Video!
I pretty much agree with everything in this video. the apple only part of this is a downside, but having it using your apple creds and not some password manger only creds/keys is a huge nono.
also, haing all your eggs in one basket is sometimes bad.
Yea, separating my security is a priority for me.
Can I turn it off in Sequoia?
What will be new in the iOS updates for those who do not have iPhone 15 or 16??
So, twilo has had breaches and has had quite a few problems in the past from what I understand. As someone who has all their 2fa with authy, wouldn’t apple’s solution benefit me is a very real way?
On my iOS 18 public beta, I can only open Apple Passwords with Face ID. No option to use a code. A different code would be appreciated though, in case of face injury I guess.
Agreed.
If I don’t use the iPhone password app I can no longer autofill any of my passwords. Normally they’re saved in safari settings or something. So now if I delete the new password app you no longer have saved passwords to autofill. That’s ridiculous. I don’t want a password app that says look at me as an app.
@@ThePorshaEdmun yea but u can’t delete the password app. If u do you can no longer use autofill on websites
@@Wesley-Houlas I'm not understanding your issue here. If you don't want to use the app, then don't. Just remove it from your home screen. You don't have to delete it. Autofill will still be enabled. That way if you by chance need it later, you can access it from your App Library. It's better to have it and not need it than need it and not have it.
Why is it not updating the passwords on the app when I change it? So frustrating!
How is the Sticky Password? Is it reliable? I have a lifetime plan of it.
I think another point to consider is that passkeys will slowly gain traction and it will become more and more common she’ll be able to login by scanning a QR code with your iPhone, which then lock you in from the past key stored on the iPhone. This will make it less and important where are you stole your pass keys.
Also, I hear a lot of talk about being locked into the Apple ecosystem if you choose the iCloud keychain / Passwords app now. If you have a Mac, it is absolutely possible to export all your passwords and 2FA codes an import to another password manager, and there is no “lock-in”. For passkeys it’s a different story, but the FIDO Alliance seems to be slowly working towards exploring and importing of pasties sometime in the future so lock-in of passkeys is most likely temporary. But of course, worth considering nonetheless.
Correct. For now, passkeys can’t be transferred.
Lucid. Thanks!
My first experience with the new Passwords app involved signing up to a new app account. I allowed the Apple security system to suggest a secure password. When I went to sign onto the app, the password was not available, and was not present in the password app. A real fail.
What are you going to use? Are you using a third party?
Problem exists between phone and chair
Why is nobody talking about how well iOS integrates password management vs Android? The fact it just works in pretty much all major browsers, 3rd party apps and Apple apps is amazing. Is there a way to get Android to be as integrated for password autofill like iOS?
Face ID can be unlocked without your consent? Like police or someone forcing you physically
Just Close your Eyes then
@@bcharl😂😂😂
Thats why it would be better to have independent unlock codes.
If you ever come into contact with police, just hold the necessary button to power off, it forces the phone to require your password on the next unlock. People are quick enough to get their phone out and start recording at the mere sight of a cop, it’s even quicker and easier to lock your phone up.
Long time Apple user. I find it fantastic and free!
You can lock files in Files app, with password. Why would you need 2 apps to do the same thing?
People who have expertise in data security will look at Apple Password in a different way than the rest of us will.
Are you in Thailand? I am.
You can put in all sorts of text data under a name of some sorts - so all the passport data , CC data, etc.
I will not use apples PW manager. I use too many OS’s and already trust the one I use.
Makes sense.
Currently in iOS 17, Passwords located in Settings can not be opened by the device Pin (any longer). I don’t recall which update that was and changed that (needed) security setting. Is that not the case going forward with the new Passwords app?
No it should be the same
Could someone looking over your shoulder and seeing your phone passcode get into everything? Won't they need your phone as well?
Well for starters, you shouldn't be entering your passcode in plain view of anyone else. You should rely only on Face ID when in public. But to answer your question: yes they would need your phone itself to actually do anything if they know your passcode.
Yeah having a password manager that only works on ios doesn't do anything for me. I use a third party manager because I multiple different devices and a third party manager is device agnostic.
The icloud keychain on windows is working at acceptable rate. Although not seamless.
The only downside is that it’s really vendor locking.
I currently use 1Password, but I'm trying out the passwords app now to see if it fits my needs. Am I missing something, or is there no way to generate a password for an existing login? It only seems to generate one if I'm adding an entirely new login, but I can't seem to generate a password if, for example, I want to change my password on a site.
I am finding this with 1password. Did you figure out a work around?
Hmm…I’ve never tried that, but that would be a pretty bad missing feature!
To generate a new one for an existing login in you would need to hit edit then delete the old one. It’ll then show a prompt above the keyboard with a strong password suggestion. This is on the iPhone though, I haven’t tried it on Mac
Is there no option to write any notes for any of the login accounts eg: signed up on X date, bought Y, app key details, subscription ends on this date, cancelled because of reasons?
There is a section to save notes on a new login. I think that addresses your need?
All Things Secured, My guy, your channel is amazing. Let's collab!
I feel that there just cleaning up the settings app the passwords app was pretty much around for years
It’s a good free alternative for those that have apple and eventually windows, which I imagine will remain as it is; an extension.
Obviously better options out there, but for free - what’s not to like
Agreed. A slick app for sure.
The lack of a master password, that can be much stronger than the user account login is terrible.
I look forward to never having to pay a subscription for a password manager with Apple Password app that is free and allows group sharing free.
"Apple is taking away any excuse to not use a password manager." I highly disagree with this. The majority of senior citizens do not know how to use most software on computers, tablets or phones. My parents (and most of my other family members parents and friend parents and other people I know's parents) don't even know how to use an Excel spreadsheet, or a money management application, let alone a password manager. It's not really their own fault. It's the fault os UI designers that only design software based on other software that is already out there. And, the majority of software is confusing and complicated and has small text and small buttons and on touch devices, requires to you do things with your fingers that many seniors can't do because of arthritis, etc. Anyway, there are A LOT of reasons that senior citizens can't use a password manager and all of those reasons have to do with complexity or even understanding how to create a user name and password for specific websites in the first place.
Not just senior citizens! Great comments.
If you use one password one company has all your information
Good grief, as if oversized microphones on RUclips weren’t bad enough, now we have one moving around to be even more distracting.
Great video. It makes perfect sense not to have everything in one place. It's strange that Apple didn't thing of documents, passport info and other things when they made this app. Maybe they're not as professional as they thought they were.
I’m sure they’ll add it later.
I think you did some copy-pasta on the description because there are chapter markers that make no sense for this video...
That aside, I completely agree with having your password manager separate from the OS and the 2FA utility separate from the password manager.
Thanks! It’s been fixed.
Using the same pin as my phone is a deal breaker for me.
It’s funny I can create a Note with all my passwords in iOS and protect it with a custom password, and that would be more secure than this Passwords app. 😅
Surely even your 3rd party PW App isn’t (as you imply) wholly independent as it sits on the iOS OS anyways so if there is any breach its as likely to be that than any other features of a 3rd party App that sits on top. This is the case for any App it’s only as strong or secure as whats underneath.
If this app is not cross platform it's not putting anybody out of business.
There is a Chrome extension and it works on the Windows iCloud app
Only if there is android app for keychain
Problem I’ve seen is when apple cancels your iCloud account and locks you out of everything. I am now syncing my photos / notes / docs to other services just in case. Will do the same with passwords (using google chrome currently)
Does the passwords app have import and export features?
It has import for sure. I haven’t looked for export but I assume it would be there.
I didn’t like that i cannot disable passcode and use only face id or touch id. That is why i do not what to use it yet.
Being dependent on Apple for everything sounds expensive. I’ve learned my lesson from so many other apps that lured me in with some feature then I’m struggling to get out of that ecosystem.
I’d rather go open source where I have full control of my data and I’m not on a platform that can get as expensive as Apple.
Plus I like having full control of my data and not getting dependent on Apple to make things “easy “ for me.
Good for you, although going away from Apple doesn’t have to be open source.
Password manager is well... a pasword manager. For me it is a huge advantage that the app is small and focused. I have DevonThink for my documnts.
You mentioned there is a chrome extension for the password app?
I believe so, although I haven’t tested it personally.
Hey, thanks for a great video, certainly some very thought-provoking security info.
I accidentally stumbled on a new setting, if you long press on the Passwords app, there’s an option to select require Face ID (seems like you can do this with many apps)… This prevents you from being able to type in a manual password and forces you to verify with Face ID… Could you look into this and repost a new video With additional considerations given the pin loophole seems to have a fix?
Thanks for the tip!
that's not a fix at all. If it doesn't recognize your face, it will always default to your device password. No matter which app or function, it's just how FaceID is designed. The only exception is stolen device protection.
@@PvtAnonymous realized that as well, if you cause it to cancel out it defaults back to the key which is annoying. They will need to fix this loophole if they want a secure product. Either way I’m a 1Pw convert now since Apple doesn’t have a truly secure product
@@bobekdj same here. I use a self-hosted Bitwarden instance and don't have to deal with the normie-shenanigans anymore. Just the feature set of Bitwarden already trumps Apple's Passwords app.
This is a good idea for my boomer parents who don’t want to download a bunch of apps, but I’m trying to get them to use something better than a web browser or physical notebook for their logins. For myself, I’ll stick to proton pass.
Exactly 👍🏻
I can’t find my passwords at all in my phone in settings it’s freaking me out
I strongly agree that putting all your eggs in one basket is not the greatest of ideas. With the recent global issue of computers getting the blue screen of death should at least hint that having options or your things spread out is beneficial.
Definitely. What a mess.
For OPSEC reasons, I will not put all my Apples in one basket 😉
for me i prefer the comfort of not having a thousand different security apps and as far as I know, Apple does a great job at being secure. I would recommend not using a six digit numbers only unlock password, since this is pretty easy to spy over the shoulder as you told.
having 2FAs and password/passkeys on the same app/company I think is a bad idea
Great video, sound advice.
Thanks! 🙏
keepass will stay on top for me
if they do get to all my passwords they still need to figure out what the 5stars is about: a code not stored anywhere else (buying me some time) All the most important passwords start with ‘*****password’
And recently decided to not let them know the passwords need an extra code to work.
Also had to change some passwords in safari too but did not allowed ios to update the passwords
What about StrongBox?
Credit card information is already available for storage under Safari auto fill. Not necessary for it to be in passwords app.
That’s not helpful, though. Just like WiFi passwords, it should be combined so that it can be used across different apps (like Brave, for example).
@@AllThingsSecured I guess at the end of the day credit card info doesn't have anything to do with "Passwords", so you have to really stop for a second and think about that one.
Why doesn’t Apple do our passcodes like some ATMs. Everything you enter the passcode, the numbers on the keypad change. If someone notices a pattern, it won’t work for them.
Using numeric passcodes is a mistake, regardless oof entry method.
Sounds insecure. For the master key that encrypts the password database, you've got two options. 1) Store it, 2) derive it from a password. Keys stored only on a phone can have quite a bit of hardware security making compromise nigh impossible, and Apple has a good track record with this. However since this service is cross platform, the key is likely stored in the cloud. Though i can think of plausible key sharing schemes depending on setup process for adding a new device.
It’s probably more secure than you think.
I’ve used keeper security without issue for years. I don’t want everything in one basket.
Same
That said, with only a 6-digit passcode known to somebody else, you are screwed out of everything your photos, passwords, notes ,etc.
No I’m not using it
I’m hoping they change that security feature soon.
Not if you have the new stolen device feature enabled, which locks everything behind Face ID. Besides, with iOS 18, you can lock whatever apps you want behind Face ID as well!
If you’re using 6-digit “passcodes“ you clearly do not value the information on your phone and what it can access. I mean there just no reason when you have biometrics for day to day use. Alphanumeric actual phrase is where it’s at.
@@phillipp1399 yes exactly!!