I’ve been jumping between password managers for a bit and I feel like sooner or later I’ll end up with iCloud Keychain, but currently I’m still sticking with something else because it only supports logins (website, username, password has to always be there).

For people already using it, where do you put your non-password stuff? PIN codes, software licenses, memberships, etc.

    • fer0n@lemm.eeOP
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I was thinking about that as well. How are you structuring this? A folder and then one note per item? I’m assuming you can then search the title but not the content? Or does everything go into a single note?

    • Oliver@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Hmm. Would be a workaround, but not really what I have and like with 1P.

      I currently have collected about 650 items in my 1P vault. Actually that are two vaults, as I share one with my wife.

      And notes itself aren’t structured, they are just free text. I like to have structured items with specified fields where I can enter my info.

      Also I have several login Items where I don’t just have a user, password, OTP, domain, note. What about if it is a service where the same account is used on different websites? I can save only one domain per password?

      The iOS features are so basic, I can’t imagine switching to them. Although 1P keeps to suck more, as 1P8 is only available via subscription and the 1P7 browser plugin isn’t working properly anymore. :/

      Not a good situation currently.

  • grimer@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I’ve been sticking with others for this exact reason. I wish I had a better answer for you but I’m stuck on 3rd parties until the Keychain is more flexible.

      • grimer@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Ya that’s a great point and has kept me from forcing an all-in-one solution. I’m looking forward to passkeys being more universal.

          • DeadlineX@lemm.ee
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            I’d like to know where you came to the conclusion that something you know is better than something you have. Passkeys are way less likely to be phished, nearly impossible. The only thing stored externally is a public key. Those are useless without the private key on your device. FIDO2 is an open standard (like html and SQL) and there are open source servers.

            If a website has a data breach, they can’t log into your account because they don’t have your private key. Security professionals recommend a combination of something you know, something you have, and something you are.

            Passkeys are not stored on some third party website, they are physically in your possession. Passkeys do not need to be biometric. I have a physical usb passkey. Apple already has your face or fingerprint if you use biometric login anyway if you’re worried about using a phone as a passkey. I’m not sure where the claim that they are singularly protected by large corporations.

            Passwords are also inherently insecure by nature. In so many ways. That’s why MFA exists in the first place.

              • DeadlineX@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                In this case it would be something you have and something you are if we are talking about phones as passkeys. Which is an acceptable combination of the above. And I want to point out again that passkeys are not inherently biometric. I, in fact, possess a non-biometric passkey.

              • DeadlineX@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Phishing is a huge problem. Over 80% of companies experience phishing attacks yearly. 40% of all US data breaches are a direct result of phishing. This means the data you have provided these companies (sometimes whether you want to or not). Almost every healthcare provider has been phished in the last 3 years. That’s a lot of important data on me.

                I have no idea what you’re talking about with giving up my data. Passkeys don’t give up any day. Passwords are easily guessed and stolen. It’s even easier since the requirements on websites make it easier to predict. I do care about technologically uninformed people. They work at the companies that have my data. And also I care about people in general. Because we are all people and should not be so hateful of each other.

                Again, it’s not trusted partners. There is a private and public key. You are the only one with the private key unless you choose to give it away. Hey that’s the same as passwords! You remember every single complex password for every single website and login?

                And there’s no need for the snark and insulting implications. Do you work in the industry out of curiosity? Idk why you’re acting like I’m some ignorant and uninformed person.

                • cheese_greater@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  My bad dude. Yeah, was wayyy outta line. Sorry. But my point was that PassKeys seem to depend on biometrics to authenticate/“use” and biometrics are not technically protected to the extent you can be forced to “produce” them ina way that is distinct from the protection passwords can theoretically provide.

                  I suppose as long as you use alphanumeric for your main passcode, its not such a problem to use PassKeys but what I said above seems to be true although there may be a gap here or there overall in my understanding of them.

                  Do PassKeys replace the actual passcode for the device or is that more for online accounts and websites? I haven’t found that spelled out specifically anywhere?

      • fer0n@lemm.eeOP
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        I assume you’re talking about the entire “shouldersurf PIN, steal phone” storyline? That’s also something I’m considering. But there’s a few things that seem a lot nicer with keychain. Autofill on iOS 17 only works with keychain (maybe my PM is just not yet supporting it), no subscription price etc. Also the chrome extension (which my PM also doesn’t have, I’m using Minimalist btw).

  • Nefarious Aryq@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    When I decide to leave 1Password, I looked at numerous options. I wanted to go all-in with iCloud Keychain, but I just couldn’t because I have way too many non-password secrets that 1Password used to handle well. What I ended up doing was splitting things up. I moved passwords to Keychain, since I use Safari everywhere and browser save/fill works great. Then I decided to go with keepass for my non-password secrets. Keepass is an open standard, and there are many different apps that can read the format. I went with Strongbox because it has NATIVE apps with good reviews on both Mac and iOS, which I needed. Strongbox syncs my encrypted database via iCloud, so everything stays in sync no matter where I am. Strongbox does support browser autofill, but I can’t speak to how well that works or not. Ultimately my long-term hope is that Apple gives us a full, proper Keychain app on iOS and I can move over entirely… but for now I’m perfectly happy with this solution.

    • fer0n@lemm.eeOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Hm, that might actually be the way to go. Tbh the non-logins are definitely in the minority for me and I‘m probably not using them too often. It’s just slightly annoying to have everything in two places, but might still be worth it. Thanks :)

  • B0rax@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I just put the name of whatever I want to store as the website, and then I have the 2 field (username and password) for the stuff I want to store. Usually the username is literally the word „none“.

    • fer0n@lemm.eeOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That’s actually a really nice idea. Maybe using the same prefix for different types such as “software license” would help to differentiate. I didn’t realize that website doesn’t actually have to be a website. This is probably the way to go, thanks :)

        • fer0n@lemm.eeOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Yeah I had to edit a bunch of fields in the exported csv file before importing it. 2FA codes also didn’t make it over, so it’s going to keep me busy for some time. But I started to move now and I’ll be using it as my main one going forward.

  • AA5B@lemmy.world
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    I don’t. Keychain had pretty good coverage of authentication stuff. Put that together with 2fa and I have very few PINs left. I can remember those

      • AA5B@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        I don’t. Combination of keychain has good coverage, I’m mostly mobile/cloud, and I’m not doing real projects at the moment, I have no need personally.

        At work, IT has some enterprise solution

        In both cases, 2fa is mainly tied to my phone, and is backed up encrypted , or a hardware token. Also in both cases I use open source where I can, so I really don’t have any tokens or licenses.

        Closest I come is when my kids were little I made them tell me their passwords in case I needed to help with something. However now that they’re teens, it’s none of my business.

        Edit: I think the only piece of purchased software I use is TurboTax, and the license is on paper plus I only need it a few weeks

  • Nate Cox@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    It is not intuitive to do, but on a Mac you can access the keychain app to store “secure notes”… but I don’t think you can access them from a iPhone.

    I tend to just password protect a notes entry with that info, but I do think this is something Apple will need to add if they want keychain to be a real competitor to the third party solutions. I also assume Apple isn’t currently interested in competition, so … ¯_(ツ)_/¯