Apple Passwords App in Sequoia and iOS 18
Password managers are essential. They keep track of your passwords, encourage better security practices, and generally help to manage your life across your devices. They’re the kind of feature that really should be built into every device — and Apple is massively expanding their reach with the launch of its new Passwords app, announced this week at WWDC.
We have companies like 1Password and LastPass to thank for the popularity of today’s password managers. But an announcement like Apple’s puts them in a tough position: now that Apple has a free, built-in Passwords app, is there a future for the third-party apps that defined the space?
I assume they’ve been expecting a Sherlocking for a long time, which is why they pivoted to the enterprise, multiple platforms, and multi-user stuff.
I see nothing to tempt me from PasswordWallet—which has a separate long password, uses standard files, and supports HTML export, a compact UI, and auto-typing. But the new Passwords app will be nice for managing my 2FA codes and passkeys, and for family passwords. I haven’t used it extensively yet, but my initial impression is that it’s the best-feeling SwiftUI app from Apple. (Hopefully they’ll add drag and drop to groups.)
Passwords app. At last an app that is released for all of Apple’s platforms at once.
There’s an awesome new tool in the journey to replace passwords: Automatic passkey upgrades.
For a short window after a user signs in using Password AutoFill, apps and websites can “conditionally” request passkey creation for that same account. The Passwords app then creates a new passkey and notifies the user. No upsells or speed bumps.
All credential managers can support this! (There’s lots of new API for credential managers this year!)
[…]
Here’s how I think about this: we’ve transferred the consent-to-upgrade from being something every website secures to something that the password manager secures. Up to the password manager to decide how to talk to the user about it. In Apple’s Passwords app, users can turn this off.
See also: WWDC and Hacker News.
Yes, the Passwords app has importing, but only on macOS. (File-based importing and exporting of password manager data isn’t all that common on iOS and iPadOS.)
1Password has the ability to export its data into a CSV file, which Apple Passwords will happily import.
You can manually add additional domains to passwords, but more importantly, when you choose to fill a password on a domain it isn’t saved for, you’ll be prompted to attach the new domain to the password.
I love the new Passwords app in macOS Sequoia has a menu bar item you can use to access your passwords quickly
My favorite part of the new Passwords app. Also right clicking on an item allows you to quickly copy a username or password. 😄
The new Passwords app does not store specific types like Notes you’d like to secure or Credit Card entries.
However, it does now let you store entries that have only a password. You no longer have to enter a fake username and URL.
Some people missed this and I think it’s a big deal: the Passwords app on iOS 18 and macOS Sequoia lets you to save passwords without a website! It even allows you to import them from other password managers! When adding passwords, you can specify a website or a custom label, like “Router”, "Passport Number”, or “Garage Door”.
The New Secure Note item… menu item in Keychain Access app is missing on macOS 15
Another thing holding back the new Passwords app is the lack of Chrome and Firefox support.
Neither browser has support for the macOS password autofill api (introduced in macOS Big Sur).
I saw that Apple added/negotiated support for Apple Pay in third party browsers. Hopefully they can do the same for password autofill this summer.
I’d like to see an API for other browsers to access SMS verification codes, too.
The new Passwords app does encourage Chrome and Edge users to install the extension on first launch, however. Button opens the browser to the relevant Chrome/Edge Web Store page.
I guess the dedicated Apple Passwords app would be a great option for me if Apple also offered an Android version. My little experiment with using Android for a while has taught me that one-platform services can be a real dead end, and this is especially true for something like a password manager.
It does apparently work on Windows via the iCloud app.
Federico and I finally got one of our long-term wishes this year with the introduction of a standalone Passwords app on the iPhone, iPad, and Mac that syncs between devices securely using iCloud. I have been slowly but surely transitioning my saved logins from 1Password to Apple’s system for a couple of years in anticipation of this day, and it has paid off. When I opened the new Passwords app on my Mac, it was already pre-populated with over 1,500 passwords, passkeys, verification codes, and Wi-Fi credentials. The app also collects the apps and websites where you’ve used ‘Sign in with Apple’ or ‘Hide My Email’ and includes both a Security category alerting you to any issues with your passwords and a Deleted section where you can recover any recently deleted passwords. There is a section that collects shared passwords, and the app supports importing and exporting passwords, too.
What you won’t find in Passwords is the ability to save attachments or take notes about accounts. That’s too bad because I’ve used 1Password to securely store important legal documents and add notes to shared passwords about how to use certain web accounts in the past. However, with password-protected shared notes in the Notes app, you can partially accomplish the same result, albeit in a different app.
And since Apple lets you share passwords with other people—you can create a seemingly unlimited number of arbitrary groups and then move passwords into those groups—it’s really a full-featured option that will suffice for many users.
[…]
I can’t drag an item out of the list and drop it on a Shared Group to assign it to that group, which is a perfectly reasonable thing for a Mac app to allow. And when I imported my 1Password file—a couple thousand passwords that, I admit, could stand to be pruned back—the app slowed to a crawl. Deleting items would sometimes just not stick, search results appeared and disappeared, and even small tasks like deleting a few selected items generated a beach ball pointer. I sure hope these are beta growing pains, because if this performance persists to the fall, the Passwords app runs the risk being branded a dog.
Currently macOS still supports keychains in their original Classic Mac OS format, and file-based keychains remain in wide use. As they can never provide the same level of security as Data Protection keychains, and can’t benefit from biometrics or the Secure Enclave, Apple is moving on to Data Protection keychains as much as possible. The Passwords app looks to be a good step in that direction, particularly for those who share their Data Protection keychain in iCloud.
Apple still has one significant problem to solve: code such as LaunchDaemons and LaunchAgents that don’t run in a user context, but through
launchd, can’t currently access a Data Protection keychain, and must rely on file-based keychains. Traditional keychains aren’t going away yet.
See also: Accidental Tech Podcast.
Previously:
10 Comments RSS · Twitter · Mastodon
The whole app has really poor support for keyboard navigation, but the menu bar item doesn't support keyboard navigation _at all_ (where it is needed the most). How many years ago did Swift UI come out? How does it still not support the keyboard???
The Safari 18 beta package for Sonoma contains the Passwords app in addition to Safari.
(Haven't installed it, currently no machine available of beta purposes).
So, Sonoma might get the Passwords app as well?
@Gummibando When running on Sonoma 14.5, the Passwords app crashes:
Termination Reason: Namespace DYLD, Code 4 Symbol missing
Symbol not found: _$s17PasswordManagerUI23PMWindowGroupIdentifierO8rawValueSSvg
So they added it to the bundle, but didn’t even bother launching it to see if it runs. Along with the comment above about keyboard navigation, I’d say a typical Apple quality release.
The app has the same problem most Apple apps: it's tied to the OS. Or can I download the app for older versions of macOS? So I'll keep using Enpass.
Yep, I'm sorry to report that SwiftUI has generally been an accessibility downgrade, for keyboard access, for VoiceOver, etc. Very sad.
For myself, I'm now firmly ensconced in the KeePass ecosystem with Strongbox on iOS and macOS and I'm absolutely loving it. I get portable passkeys, a native cocoa app, etc. I do miss the universal autofill of 1Password (where I was previously and fled from with the v8 subscription push or is that putsch), and the UX of adding a new entry was and is still not very good (autofill *prior* to submitting your form) but overwhelmingly it has been a boon for me. A VPN back home (Cloudflare Tunnel) makes it possible for me to use Strongbox iOS to reach my Mac Mini NAS directly using sftp. (The Mac at home just uses file sharing, in the usual way.) It works terrifically. Can highly recommend to anyone considering broadly the same UX as Apple Passwords via the autofill API, with none of the lock-in drawbacks. I hope they continue to innovate on the API integration with these new releases.
@Beatrix Willius the app is a different UI for the good old Keychains, so t will still sync with the previous iOS and macOS versions.
My problem with switching from 1Password to Apple’s Password app is that there is no additional protection for unlocking it. My 1Password passwords are stored behind a long password that only I know (well, that and some legacy/emergency protections). Which means even if you get my phone and my appleid and my PIN (which you could do with a surveillance camera and a pick pocket, you still wouldn't have most of my passwords. I'd still be in big trouble as likely you could proceed to reset my passwords with that much information and access, but it'd definitely be a speed bump.
I'm hesitant to move everything to Passwords, which I presume is equivalent to Keychain and is essentially unlocked while I'm using my Mac (albeit with restrictions to access of entries).
I'm also hesitant to move to passkey until I'm more confident in how they can be backed up/transferred/recovered.
>Yep, I'm sorry to report that SwiftUI has generally been an accessibility downgrade, for keyboard access, for VoiceOver, etc. Very sad.
I really don't understand why they are so obsessed with this framework. The final product ends up being worse every time they use it, but this cold hard fact just doesn't seem to matter at all.
Being able to type fragile UI code fast with tons of missing features just doesn't get me excited.
> There’s an awesome new tool in the journey to replace passwords: Automatic passkey upgrades.
That sounds like a terrible new tool! Passkeys are not good, and are confusing for tech people. But certainly they should never be automatically upgraded. Hope this is disabled in the release version, or it'll be a support nightmare!
