Looks like Apple are starting to sweep the 3rd party password managers away.

"Passwords" is a refresh to the existing passwords Settings program,
somewhat better than the prior editions, and includes a plugin for
Chrome and will work in Windows (Apple iCloud needed), Chrome and Edge.
(I assume this is to cater to iPhone/iPad users who use Windows computers).

Also has an "import" function to pull in passwords from managers such as
1Password (requires you 'export' the database to a .csv file - a
vulnerability period. Best do with internet disconnected and destroy
the .csv once done of course). I won't be testing this as most of my
1Password passwords have been long since migrated.

One thing that is dumb about it is it assumes all passwords are for some
website. Does not appreciate that some passwords are for other uses.
Workaround: fake website name.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-09-21 14:30, Alan Browne wrote:
>

> One thing that is dumb about it is it assumes all passwords are for some
> website.  Does not appreciate that some passwords are for other uses.
> Workaround: fake website name.

Oopsie. That is not correct - you can enter the name for a password
that is not related to a website. No user name either. Then password
and a note if needed.

Getting quite good.

So long 1Password, we hardly knew ye.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-09-21 14:30, Alan Browne wrote:
>
>> One thing that is dumb about it is it assumes all passwords are for
>> some website.  Does not appreciate that some passwords are for other
>> uses. Workaround: fake website name.
>
> Oopsie. That is not correct - you can enter the name for a password
> that is not related to a website. No user name either. Then password
> and a note if needed.
>
> Getting quite good.
>
> So long 1Password, we hardly knew ye.

I've been using Apple's password manager for decades. The only reason
I've ever considered using anything else is for cross-platform
compatibility, which just isn't a big deal for me since my iPhone is
always easily accessible in my pocket or on my desk anyway.

I do have a minor gripe with the new Passwords app: When viewing the
details page for a given password, the 2FA code doesn't display any sort
of visual count down to when they expire and change to a new number.
So you might start to enter a number only to have it change before you
are done. Other 2FA authenticator apps I've used give you an indication (such as
the codes turning yellow, then red, the closer they are to expiration).
However, if you instead view the "Codes" page where all 2FA codes are
listed, there is a countdown at the very top. And on Apple's
devices/computers, you don't often need to enter a number manually since
it's all automated with a single click. That makes this a minor gripe at
best.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2024-09-24 14:18, Jolly Roger wrote:
> On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:
>> On 2024-09-21 14:30, Alan Browne wrote:
>>
>>> One thing that is dumb about it is it assumes all passwords are for
>>> some website.  Does not appreciate that some passwords are for other
>>> uses. Workaround: fake website name.
>>
>> Oopsie. That is not correct - you can enter the name for a password
>> that is not related to a website. No user name either. Then password
>> and a note if needed.
>>
>> Getting quite good.
>>
>> So long 1Password, we hardly knew ye.
>
> I've been using Apple's password manager for decades. The only reason
> I've ever considered using anything else is for cross-platform
> compatibility, which just isn't a big deal for me since my iPhone is
> always easily accessible in my pocket or on my desk anyway.
>
> I do have a minor gripe with the new Passwords app: When viewing the
> details page for a given password, the 2FA code doesn't display any sort
> of visual count down to when they expire and change to a new number.
> So you might start to enter a number only to have it change before you
> are done. Other 2FA authenticator apps I've used give you an indication (such as
> the codes turning yellow, then red, the closer they are to expiration).
> However, if you instead view the "Codes" page where all 2FA codes are
> listed, there is a countdown at the very top. And on Apple's
> devices/computers, you don't often need to enter a number manually since
> it's all automated with a single click. That makes this a minor gripe at
> best.

Haven't used Apple Password 2FA gen'd codes so no comment - but I get
what you mean. Usually (from my side) the 2FA is the site I'm logging
onto sending a code via SMS (which is not super secure[1]).

I liked 1Password as I'd buy a license and I could run it on various
machines, OS's and browsers seamlessly. Every 4 - 5 years I'd have to
upgrade so another $25 CAD or whatever.

When they went rental I vowed to not follow (and had an exchange of
messages with the co. founder on the issue). 1Password still works on
my Macs and iPhone - but no longer in browsers (2 years now?). No idea
for Windows as I don't use it except for a dwindling graphics use case.
Never used it on Linux that I recall - maybe in old-old browser only
days... not sure.

Also 1Password provided for encrypting all sorts of stuff beyond just
login creds - so there's that too. But not a biggie.

With the new Apple version there's a bug logging into my bank however.
Hopefully gets resolved - otherwise I have to copy paste the password.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-09-24 17:01, Alan Browne wrote:
> On 2024-09-24 14:18, Jolly Roger wrote:

>> I do have a minor gripe with the new Passwords app: When viewing the
>> details page for a given password, the 2FA code doesn't display any sort

I think you meant One-time-password here, not 2FA.

>> of visual count down to when they expire and change to a new number.
>> So you might start to enter a number only to have it change before you
>> are done. Other 2FA authenticator apps I've used give you an
>> indication (such as

> Haven't used Apple Password 2FA gen'd codes so no comment - but I get
OTP
> what you mean.  Usually (from my side) the 2FA is the site I'm logging
> onto sending a code via SMS (which is not super secure[1]).

[1] Veritasium hacks Linus Tech Tips phone:
https://www.youtube.com/watch?v=wVyu7NB7W6Y

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-09-24 14:18, Jolly Roger wrote:
>> On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:
>>> On 2024-09-21 14:30, Alan Browne wrote:
>>>
>>>> One thing that is dumb about it is it assumes all passwords are for
>>>> some website.  Does not appreciate that some passwords are for other
>>>> uses. Workaround: fake website name.
>>>
>>> Oopsie. That is not correct - you can enter the name for a password
>>> that is not related to a website. No user name either. Then password
>>> and a note if needed.
>>>
>>> Getting quite good.
>>>
>>> So long 1Password, we hardly knew ye.
>>
>> I've been using Apple's password manager for decades. The only reason
>> I've ever considered using anything else is for cross-platform
>> compatibility, which just isn't a big deal for me since my iPhone is
>> always easily accessible in my pocket or on my desk anyway.
>>
>> I do have a minor gripe with the new Passwords app: When viewing the
>> details page for a given password, the 2FA code doesn't display any sort
>> of visual count down to when they expire and change to a new number.
>> So you might start to enter a number only to have it change before you
>> are done. Other 2FA authenticator apps I've used give you an indication (such as
>> the codes turning yellow, then red, the closer they are to expiration).
>> However, if you instead view the "Codes" page where all 2FA codes are
>> listed, there is a countdown at the very top. And on Apple's
>> devices/computers, you don't often need to enter a number manually since
>> it's all automated with a single click. That makes this a minor gripe at
>> best.
>
> Haven't used Apple Password 2FA gen'd codes so no comment - but I get
> what you mean. Usually (from my side) the 2FA is the site I'm logging
> onto sending a code via SMS (which is not super secure[1]).

If those sites support authenticator apps where a code is automatically
generated without need for messaging, you should consider using them
instead as it's much more secure. That's what I am referring to above.

> I liked 1Password as I'd buy a license and I could run it on various
> machines, OS's and browsers seamlessly. Every 4 - 5 years I'd have to
> upgrade so another $25 CAD or whatever.

That seems like the most beneficial reason to use it to me.

> When they went rental I vowed to not follow (and had an exchange of
> messages with the co. founder on the issue). 1Password still works on
> my Macs and iPhone - but no longer in browsers (2 years now?). No idea
> for Windows as I don't use it except for a dwindling graphics use case.
> Never used it on Linux that I recall - maybe in old-old browser only
> days... not sure.
>
> Also 1Password provided for encrypting all sorts of stuff beyond just
> login creds - so there's that too. But not a biggie.
>
> With the new Apple version there's a bug logging into my bank however.
> Hopefully gets resolved - otherwise I have to copy paste the password.

Try right-clicking the password field and choosing Autofill > Passwords.
I've found on finicky websites that works as a fallback.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-09-24 17:01, Alan Browne wrote:
>> On 2024-09-24 14:18, Jolly Roger wrote:
>
>>> I do have a minor gripe with the new Passwords app: When viewing the
>>> details page for a given password, the 2FA code doesn't display any sort
>
> I think you meant One-time-password here, not 2FA.
>
>>> of visual count down to when they expire and change to a new number.
>>> So you might start to enter a number only to have it change before you
>>> are done. Other 2FA authenticator apps I've used give you an
>>> indication (such as
>
>> Haven't used Apple Password 2FA gen'd codes so no comment - but I get
> OTP
>> what you mean.  Usually (from my side) the 2FA is the site I'm logging
>> onto sending a code via SMS (which is not super secure[1]).

I did, thanks for the correction!

> [1] Veritasium hacks Linus Tech Tips phone:
> https://www.youtube.com/watch?v=wVyu7NB7W6Y

Yep! SMS messages can also be easily spoofed. It's just not secure by
design.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2024-09-24 17:56, Jolly Roger wrote:
> On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:

>> With the new Apple version there's a bug logging into my bank however.
>> Hopefully gets resolved - otherwise I have to copy paste the password.
>
> Try right-clicking the password field and choosing Autofill > Passwords.
> I've found on finicky websites that works as a fallback.

Doesn't work for the password part - I'll report it to both Apple and
the bank - could be the latter doing something strange.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-09-25, Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-09-24 17:56, Jolly Roger wrote:
>> On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:
>
>>> With the new Apple version there's a bug logging into my bank
>>> however. Hopefully gets resolved - otherwise I have to copy paste
>>> the password.
>>
>> Try right-clicking the password field and choosing Autofill >
>> Passwords. I've found on finicky websites that works as a fallback.
>
> Doesn't work for the password part - I'll report it to both Apple and
> the bank - could be the latter doing something strange.

Strange. What doesn't work exactly? Do you not see the "Autofill" option
when right-clicking the field, or is something else going wrong?

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2024-09-25 12:25, Jolly Roger wrote:
> On 2024-09-25, Alan Browne <bitbucket@blackhole.com> wrote:
>> On 2024-09-24 17:56, Jolly Roger wrote:
>>> On 2024-09-24, Alan Browne <bitbucket@blackhole.com> wrote:
>>
>>>> With the new Apple version there's a bug logging into my bank
>>>> however. Hopefully gets resolved - otherwise I have to copy paste
>>>> the password.
>>>
>>> Try right-clicking the password field and choosing Autofill >
>>> Passwords. I've found on finicky websites that works as a fallback.
>>
>> Doesn't work for the password part - I'll report it to both Apple and
>> the bank - could be the latter doing something strange.
>
> Strange. What doesn't work exactly? Do you not see the "Autofill" option
> when right-clicking the field, or is something else going wrong?

The autofill appears but nothing gets filled in (in the PW field). This
worked flawlessly before updating to Sequoia.

Also note that on "new" accounts where I want Password to log the new
site, account name and password that it doesn't offer to do so.

Above in both Safari and Chrome.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 21/09/2024 19:30, Alan Browne wrote:
>
> Looks like Apple are starting to sweep the 3rd party password managers
> away.

For people who only need to manage passwords on Apple devices and
browsers, anyway (and iCloud Keychain was already pretty good for that).
Until they bring it to Android and/or Firefox, it's zero use to me.

On 2024-09-30 05:37, Calum wrote:
> On 21/09/2024 19:30, Alan Browne wrote:
>>
>> Looks like Apple are starting to sweep the 3rd party password managers
>> away.
>
> For people who only need to manage passwords on Apple devices and
> browsers, anyway (and iCloud Keychain was already pretty good for that).
> Until they bring it to Android and/or Firefox, it's zero use to me.

For some reason they brought it to Chrome and Edge (Windows), but not
other browsers ... yet. (Some reason=65% of desktop browser use is
Chrome; Firefox about 6%).

When I was running several OS' (Windows, Linux) using 1Password was
great. 1Password went rental and I began paring away from them.

Don't use Windows or Linux much for internet access, so the 'all Apple'
solution works for me for now.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

On 2024-09-30 02:37, Calum wrote:
> On 21/09/2024 19:30, Alan Browne wrote:
>>
>> Looks like Apple are starting to sweep the 3rd party password managers
>> away.
>
> For people who only need to manage passwords on Apple devices and
> browsers, anyway (and iCloud Keychain was already pretty good for that).
> Until they bring it to Android and/or Firefox, it's zero use to me.

Fair enough.

But they have brought it to Chrome and Edge for Windows.

On 2024-09-24 17:01, Alan Browne wrote:

> With the new Apple version there's a bug logging into my bank however.
> Hopefully gets resolved - otherwise I have to copy paste the password.

Turns out that if I leave the "remember this card" option checked, then
it will enter the password when I touch the fingreprint reader. With
the option checked on, the card number is partially obscured.

But if I clear the "remember this card" option, then it will fill the
card number and password one time; but not the password on successive
login attempts - only the card number.

Quite strange.

Anyway, leaving the "Remember this card" option on.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill