Some been a customer of 1Password for as long as they can remember. They love being able to have a dedicated application/service for password management, rotating one-time passwords, storing secure information like social security numbers. They know they have a dedicated place to manage all my data in a place they know is safe and easy to access. On the other hand, iCloud Keychain works well and is built-in on all of the devices. Is it time for Apple to release a dedicated app for iCloud Keychain, so it’s easier to manage and interact with that data?
iCloud Keychain remembers things, so that you don’t have to. It auto-fills your information—like your Safari usernames and passwords, credit cards, Wi-Fi passwords, and social log-ins—on any device that you approve. You can also use iCloud Keychain to see your saved passwords.
We’re all struggling with password management. The FIDO Alliance was created to help rethink how passwords should look going forward, and Apple is one of the newest members of the alliance. It joins other major technology companies like Microsoft and Google. It’s in the best interest of all vendors to make it easier to create and manage passwords.
The problem with managing passwords on iOS and macOS at the moment is the functions are scattered around. Some of the syncing happens on in the backend with no way to quickly see (especially on iOS). A prime example of this is the syncing of Wi-Fi passwords. It’s easy to remove old networks on the Mac, but on iOS, it’s all happened without being able to remove anything.
Apple should release a dedicated app for iCloud Keychain
As our devices continue to store ever more personal information, Apple should release a dedicated app to view, add, change, or delete anything being stored in iCloud Keychain. We’ve already seen rumors of iOS 14 bringing new features to iCloud Keychain, so this would be a natural next step. This app would help promote the security of iOS (it would be behind a second round of Face ID scanning) as a place where you can store your most personal data like social security numbers, PIN codes, etc. It would also allow you to view, update, or delete anything password related for website logins.
Right now, website passwords are stored inside of the Safari settings on macOS and inside of the Settings app on iOS. A dedicated app would put this front and center.
On top of a dedicated app for managing personal information, I’d like to see Apple help promote two-factor authentication. Right now, Apple has its own flavor of how it uses two-factor authentication to set up a new device or log in to iCloud.com on the web, but most websites use another format.
Security on the internet has become more important with each passing year. It seems like every other month there is a major data breach from major retailers or online properties. One of the key things that you can do to minimize the effect these breaches will have on you is to set up and use two-factor (or multi-factor) authentication. Two-factor authentication can be explained as something you know (your password) and something you have (a smartphone or another authorized device). With most implementations, you will log in to a website using your normal login, and you will then prompted to input a secondary code. The secondary code can be generated in multiple ways (more on that later) and changes every thirty seconds. By enabling two-factor authentication on websites that support it, a hacker wouldn’t be able to log in just using your username and password. They’d need access to your two-factor authentication database in order to access the current code.
Apple has two-factor authentication built right into iOS and macOS, but they implement it in a slightly different way. Instead of using a third-party solution to generate a code, you’ll receive an alert on another one of your registered devices. Once you approve the login, a six-digit code will pop up, and you’ll input that on the new device.
When saving a password to iCloud Keychain, a dedicated app could help facilitate the set up of a one time password for individual websites. Apple could even create an API that works with Sign in with Apple or just general website logins.
What do you think? Should Apple release a dedicated keychain application to bring the security of iCloud to the front and center? I think removing it from the Settings application would make it easier for people to look up their passwords if logging into a public computer, manually add new information in a secure way, and just generally have a better understanding of where all of the information lives.