I tried going all-in on using iCloud Keychain (correct term?) for my passwords from having previously used LastPass.
In short.
1. The experience on Windows is terrible. They can claim it's cross-platform but it's truly a sub-par product.
2. On Mac it's tied specifically to Safari. I use Safari a lot but if I'm in a different browser then my passwords are unavailable.
3. The GUI is buried in System Settings. Heaven forbid you need search it's only a simple 37 clicks away!
I think those were my big complaints. If you are 100% Mac then it's a good product. Going outside of the walled Apple garden leaves a lot to be desired.
> 1. The experience on Windows is terrible. They can claim it's cross-platform but it's truly a sub-par product.
Like a lot of other Apple stuff, I'm only able to use it because I don't use anything non-Apple for anything "serious" that involves a GUI. Windows is for gaming, Linux is my file storage and docker-service-running server that I only interact with over SSH and Web. Ditto Notes, all their Office-type programs, et c. I'd probably be on a lot more Google shit if I needed more cross-platform access to that stuff.
> 2. On Mac it's tied specifically to Safari. I use Safari a lot but if I'm in a different browser then my passwords are unavailable.
Yeah, this is super fucking weird. You'd think this would be connected in some fashion to "keychain", but nope.
> 3. The GUI is buried in System Settings. Heaven forbid you need search it's only a simple 37 clicks away!
IDGAF about clicks because I search my way to everything in Apple's settings—what does bother me is that they've made search worse in the last couple versions of iOS, and that if I type "pass" in search, "Passwords" isn't even visible on the list yet. I can get all the way to "password" and it's still the fourth entry. The fucking name of the screen is "passwords"! I shouldn't have to get farther than "pas" for it to be the first entry on the list, "pass" in the worst-case! Even fully typing "passwords" still leaves it as the second entry (of three) on my device. WTF.
> Yeah, this is super fucking weird. You'd think this would be connected in some fashion to "keychain", but nope.
Other browsers used to be able to use it. I do think it’s a really thorny issue—“allow this application to access all saved passwords?” is a pretty damn scary permission to include. Up there with the “allow this application to control your computer” permission that is used for accessibility apps (which apps can abuse to read passwords, if I understand correctly).
Apple’s tradition. Make the platform more secure, add an exception for first-party apps, and let the other browsers fuck off.
Safari Passwords and 3rd party apps can and do use the Apple Keychain on macOS/iOS to store sensitive data. Though 3rd parties can't integrate with Safari's password manager.
If you use Chrome Sync with passwords on macOS, Chrome actually stores the decryption key in the macOS keychain. Just open Keychain.app (/Applications/Utilities/Keychain Access.app) and search for "Chrome Safe Storage" to find it. That's the decryption key for the actual encrypted password/sync data stored elsewhere. (So not possible to access Chrome passwords from the Keychain directly)
Safari Passwords (Apple's password manager) also stores passwords in the Keychain as individual entries and you can access them via Keychain.app. Unfortunately, since they’re part of the iCloud Keychain not the local login Keychain, they appear to be inaccessible with the `security` CLI tool which fails in an obtuse way.
Obviously the browser doesn't need to have unfettered access.
It just needs to tell the password "hey there's a password on wellsfargo.com" and then the password manager asks the user if they want to use the password. And maybe give access to all passwords.
Safari pops up a little box attached to the login text field asking you if you want to use the password for wellsfargo, so it seems like it’s asking keychain “do you have a password associated with this url?”. At least on modern MacBooks they also figured out a good UX flow, when that box is on screen you put your finger on the Touch ID button and it authenticates you, puts in the password, and goes to the next field or hits submit.
Yeah, I a think other browsers want to be able to test whether there is a saved password or not, and get the corresponding username, which is quite a big permission to give away. For actually filling in the password they could maybe offer a pop up where the user must authorise the app using biometrics or some other OS-level action. That’s already the experience with safari.
> allow this application to access all saved passwords
I'd like to see finer granularity, perhaps multiple web password vaults and a mechanism to allow certain browsers to use certain vaults.
It might also be nice to specify which passwords could be accessed with which kind of authentication. Unfortunately the current system password dialog is easily spoofable - it really looks like a questionable javascript popup.
What would that look like? Do you expect a prompt for every website you visit (Would you like to allow permission for Firefox/Chrome/whatever to view/store your password for "abcd.example.com"?) Would the permission be tied to the name of the app or the hash of the app? How do you securely identify the browser? Signed apps? Signed via a developer key -- trust the developer so that you can use Chrome as well as Chrome Beta?
The above is not a critique but certainly a list of things that lead to the possibility of a repeat of the infamous Windows popup for every single action you want to do out of the box. This leads to either decision fatigue or a pre-programmed "yes, just do it" response from the vast majority of users.
I personally think it should be an all-or-nothing type of allowance for this reason. Maybe the better way would be tracking access to passwords in Keychain. ie: Chrome+Safari+Firefox have all accessed your credentials for google.com but only Safari has seen your iCloud credentials and only Chrome has seen your HN credentials.
> Do you expect a prompt for every website you visit (Would you like to allow permission for Firefox/Chrome/whatever to view/store your password for "abcd.example.com"?)
This is pretty much exactly how macOS Safari prompts, and has for several years, at least in Touch ID scenarios. It shows a suggested username/identity with a Touch ID icon next to it, presented just like a normal autofill suggestion otherwise.
The per-site prompt and the inclusion of username/identity are really good signals, and feel like they reinforce the opposite of Windows UAC. They definitely gate access in a similarly repetitive way which encourages repetitive acceptance. But they demonstrate prior authorization that would have to be manual at least once at some point before the prompt, and you won’t be promoted the same way for sites you didn’t manually authorize first.
It’s a good enough signal that I generally use it as my first line of defense against phishing/domain spoofing. If I don’t get promoted for credentials for a service I expect to have an account with, I’m immediately suspicious. That doesn’t mean I automatically trust or distrust on that alone, but it’s a pretty decent sniff test.
It's not unheard of - iOS already provides granular permission capabilities for photos. You don't have to give all-or-nothing permission to apps to access photos anymore; you can now choose precisely which photos the app has access to.
I'm looking forward to iOS doing the same for contacts; there's no reason why WhatsApp/Telegram/etc need access to my entire address book if I just want to call Steve.
>> 2. On Mac it's tied specifically to Safari. I use Safari a lot but if I'm in a different browser then my passwords are unavailable.
> Yeah, this is super fucking weird. You'd think this would be connected in some fashion to "keychain", but nope
No it's not. I don't want some exotic product connect to a domain I have passwords in and prompting me for access. The password should be tied to the product you used to login with.
This is a misunderstanding of keychain vs. lastpass. One is designed to remember "safari passwords" or any swift/cocoa application implementing keychain. One key feature is: once stored in Keychain this information is only available to your app, other apps can't see it.
Lastpass and other similar products are designed as a data warehouse / vault for you security items. From there, plugins in browsers etc. can take over.
I will totally agree with the fact that the GUI is frustrating at best.
> The fucking name of the screen is "passwords"! I shouldn't have to get farther than "pas" for it to be the first entry on the list, "pass" in the worst-case!
Wow! Just discovered the Spotlight customization and it is so much faster and more useful when you remove certain locations and turn off definitions and Siri suggestions.
That sounds delightful. Sadly, while Apple documents “Suggestions in Search”, and I can even see that option when I search Settings for Siri, the option itself is missing from the Siri & Search page.
Bizarre. That's on iOS for me, searching in the settings app itself. I have to type most of "passwords" just to get it to show up at all, and some of the ones that are showing up instead have only the most tenuous connection to the search term "password".
It used to show up for me after a couple letters, in the settings app, until a few iOS versions ago, IIRC.
I use windows almost only for gaming (and CAD) too, and I've found that recently that the webapps, especially music and notes are good enough, and icloud drive and photos integration to windows actually work well.
But yes, passwords is annoying. You can use them on chrome on windows but not on MacOS, and on Windows it doesn't work on anything but chrome. Speaking of gaming, game launchers on windows can't get passwords from Apple and also seem to log me out all the time, so I have to revert to using my phone to see my password and manually type it in.
Yeah, I'm also a heavy user Spotlight Search and it's still impossible to get to Keychain settings. I suppose my higher level point was that it's damn near impossible to efficiently get to the keychain settings.
Just use Passkeys. Any account that allows 2FA allows multiple second factors. You should be setting up backup second factors anyway if you don't want to risk getting permanently locked out of all of your accounts.
Plus, putting second factors in the same location as your first factor (e.g., 1Password) seems to pretty much defeat the entire purpose of having a second factor. If you're using strong passwords with 1Password, your second factor is basically only defending against a leak of your password database. If you're storing your second factor in that same password database, what are you gaining?
Reminds of the occasional comment threads on here about homeless people permanently locked out of new accounts every few months because of stolen devices and the growing corporate obsession with forced 2FA, and all the replies that amount to "if they didn't want to fuck off and die they shouldn't have been poor".
If you're in this category, your alternative to Passkeys at all is SMS or no 2FA whatsoever. Enabling Passkeys does at least ensure that you have a minimum of two separate devices so you already do effectively have some form of backup of your second factor.
My comment is targeted at someone who is savvy enough to: a) care about having "real" 2FA, and b) is concerned about lock-in, and c) is extremely sensitive to being locked out. For someone like that, you're already buying YubiKeys or some equivalent. And if you don't already have some, you're never prevented from using them later.
> Plus, putting second factors in the same location as your first factor (e.g., 1Password) seems to pretty much defeat the entire purpose of having a second factor.
Not quite! 1password itself counts as two factors: something you know (the master password), and something you have (the additional secret key).
Passkeys in 1password would eliminate phishing as a problem.
Well, with the exception of AWS, unless something has changed recently — they notoriously only support one second factor (i.e. if you use YubiKeys or similar, you can only use one).
You can add multiple MFA devices since November of last year:
> Now, you can add multiple MFA devices to AWS account root users and AWS Identity and Access Management (IAM) users in your AWS accounts. This helps you to raise the security bar in your accounts and limit access management to highly privileged principals, such as root users. Previously, you could only have one MFA device associated with root users or IAM users, but now you can associate up to eight MFA devices of the currently supported types with root users and IAM users.
Yeah, AWS is the only exception I've encountered :)
But if you have backup second factors (you have backup second factors, right?) and you're worried about Passkey lock-in for whatever reason… just use that other second factor for AWS or any other account which supports only one.
passkeys isn't supported on linux desktop, at all. and if you know how to make it work, please let me know. I have to switch to a Windows machine to login with them.
Yeah, that's why I'd never touch passkeys. It feels like you're basically locking yourself into a weird ecosystem that you'll never be able to escape from.
If you're using hardware 2FA, you should absolutely have backups. I've used YubiKeys for years and have one in my laptop, one on a keychain, and one in a safety deposit box.
Passkeys are just another instance of this. I have added Passkeys to all of my accounts with 2FA and it's somewhat more convenient (significantly more convenient for mobile devices). But every account also has all my YubiKeys attached as second factors.
There is no lock-in. And while it's inconvenient and annoying to have to add multiple keys to every account, that is already the reality if you're responsibly using hardware second factors.
This would be less annoying if we could get actual federated identity that big players would actually accept, as it stands having to fetch a key from a safe deposit box every time I register a new account is a huge amount of friction.
It absolutely is. But that’s a separate problem entirely from “will Passkeys lock me in to the Apple ecosystem”, to which the answer is an unqualified no.
To be clear, I was referring to one federated identity that everyone would accept, as it stands there isn't a single, federated identity provider that Apple, Facebook, Google, Microsoft, Amazon, Bank of America, my power company, etc and so on will all accept. I'd like to secure one spot on the internet as an identity, a digital passport of sorts, and secure that heavily then have it log me in to everything. The closest thing we have currently to a digital identity is an email account, but we should really move past that.
Funny situation, there's another thread I was replying to someone who wanted to shift back to native apps instead of cross plat electron apps (for performance reasons).
Well, Apple Passwords on Windows is a good example of how that turns out in reality. I believe it's using WinUI. While the performance is nice, the experience is entirely unlike what you get on Mac and winds up making you wish you were using another service entirely.
This has been the story of Apple apps outside MacOS forever: they appear to always do the absolute minimum to claim support, and you end up with a super clunky windows app that is terrible.
I doubt they’d do much better using electron: I think their development model is that if it isn’t on one of their platforms, they pump out a minimum-effort, low quality app. I’d guess that electron ones would be just as clunky, except with a significantly higher memory and CPU footprint.
That hasn't really been true. Apple supported iTunes and Safari which were great options on Windows. Not just "I'm already an Apple fan so I have to use it", but actively deciding to use them.
The root of the problem for Apple is that they cannot get away with doing what they used to in the past, they already have a plethora of platforms within their own umbrella to support, adding Windows native to the mix seems to result in maybe a handful of developers taking on enormous burdens by trying to catch up to their expected Mac apps.
If Apple were to seriously put its weight behind a cross-platform toolkit, this might change, especially as they want their services to grow. It's the very reason why their main service competitors can even compete.
But I agree that if they were to suddenly switch to Electron without a care it wouldn't turn out well, but likely have a better end user experience than their current reveals.
> Apple supported iTunes and Safari which were great options on Windows. Not just "I'm already an Apple fan so I have to use it", but actively deciding to use them.
No they weren't. They were notoriously awful. Apple resorted to bundling Safari with QuickTime to try to get you to use it but everyone still hated it.
> Apple Passwords on Windows is a good example [...] the experience is entirely unlike what you get on Mac
If you were a Windows user, why would you want an app that acts like a Mac app? Surely the benefit of having a dedicated Windows app is that the experience should be like other Windows apps.
You're not really thinking about it as a "mac app", but rather "the service". You expect it to act like the service you use on other platforms with all the features you rely on.
If I'm using Spotify, I don't think "oh this doesn't use windows navigation component from winUI", I immediately know where the genre categories are because I've already used it on android or linux and expect it to be there. I know exactly how to add a song to my library, to shift around playlists, to manage folders, everything is as I learned it on [other platform].
Design development becomes this duplicated burden where every feature now has to go through the ringer twice (or more) to fit native components for their respective platforms. When you hit limitations on those native components, you're now having to make the decision to either hold back the feature entirely, or create fragile workarounds.
In an alternate timeline native components would have had far greater appeal, where people actually hate and boycott apps designed otherwise. But we don't. Even on iOS or mac, people regularly rely on apps that only vaguely interpret their native components. The situation is even worse on windows past 7, where the idea of a "windows app" is so jumbled there is nothing to "expect" from the experience - which is actually part of why I think these unified app designs have really taken off.
> If I'm using Spotify, I don't think "oh this doesn't use windows navigation component from winUI"
We're either very different people or we have different use cases :) It immediately feels jarring to me to be using macOS and suddenly presented with a non-native UI. But I only ever use macOS on the desktop, so I don't have this cross-platform issue. What I find strange is, I would have thought that was the 99% common case — it seems strange to me to optimise for individuals using multiple OSes rather than multiple apps on one OS.
> Design development becomes this duplicated burden
That sounds like an OS flaw if true. Of course, I accept that some design will be necessary, even with the finest SDKs available to humanity, but it should be so burdensome that going non-native is seen as the solution.
> Even on iOS or mac, people regularly rely on apps that only vaguely interpret their native components.
You're totally right. Every now and again, I say to myself "I really must use Safari for the 'more native' experience", but I always come running straight back to Chrome again.
> The situation is even worse on windows
This was one of the things I liked best about macOS when I first migrated — everything was so consistent, things didn't visually clash, etc. I still get the impression it's better on macOS, but heck, it's definitely not as good as it used to be.
Not that I disagree with you, but have you seen the new Windows app for Apple Music? It definitely feels Windows 11-ey, with the animations you'd expect. A notable departure from the Mac design, in favor of Windows design, is the placement of the back button at the top left corner of the window, instead of slightly to the right of the top left on Mac.
Apple had (has?) Cocoa ported on Windows actually, so whatever they could so on macOS, they could do on Windows as well. Cocoa as such is cross-platform.
Basically, it was called Yellowbox, but it didn’t officially survive the release of Mac OS X IIRC. But Apple was at least still using parts of it for some Windows ports back then I believe.
My biggest complaint is that it doesn’t keep a history! One misclicked “remember password” at the wrong moment (safari plugin often guesses password fields wrong) and you’ve just locked yourself out of your bank account. Literally happened to me.
On iOS, my only password manager I've ever used is the built-in Apple one.
I just tapped the "search" field on the home screen, and typed "passw".
"Top Hit": A store link to the LastPass password manager (which I do not and have never used—the button has the text "get", it's not installed and doesn't have the cloud-icon for previously-installed apps)
From there, it's three suggested Siri web searches: "passwords", "password manager", and "password generator"
Then two safari-iconed links (I assume these would search with my default search engine in safari?): "passwords on iphone" and "passew"
Searching inside the "settings" app is only marginally better. It's all much, much worse than it was a few iOS releases ago.
I learned from this thread that you can actually disable all that. I did so and my spotlight searching sped up 10-fold and now I only get app results. So much better.
Better yet, using the Shortcuts app for iOS, create a shortcut that opens a URL with `prefs:root=PASSWORDS` in Safari.
For macOS, you can make the same shortcut open `/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/PreferencePanes/Passwords.prefPane`.
A single shortcut can be used to accomplish this, using the OS check and an `if` condition.
Then add the shortcut to the home screen as an icon and it’ll also show up in Spotlight search.
I mean, thank you. Buttttttttt this is an asinine level of effort to achieve a workaround for a stock feature on the Apple platform. I'd just assume not use it before implementing this.
That said, this also proves that for non-power users: it needs an app and it needs integration with other browsers if it wants to be as easy to use (for most people) as the popular password managers.
Having to access something via a search incantation (or, alternatively, a ton of clicks) is not at all easily accessible. It’s buried alright.
Obviously you can find pretty much anything on macOS and iOS via search. That‘s how it‘s should be. But that doesn’t make things accessible or even just visible.
I believe Apple only lets you use certain APIs (like Keychain) if you distribute only through the App Store.
That policy has really killed a lot of functionality on macOS. I suspect it will cause fiction on iOS when the EU forces them to allow alternative install sources.
Personally, it grates me when Apple cripples functionality this way to try to keep us stuck in their platform. Can't use Firefox with Keychain. You can only view your current Apple Card balance on an iOS device -- not even a macOS device. At the end of the day, I hate being manipulated so much that it actually pushes me away from the platform to see this scummy behavior.
I will always regret being just slightly too late to enjoy Apple's golden era. When, yes, using an iPod meant locking into iTunes, but at least you didn't have Tim Cook nagging his captured audience into signing up for Apple Music Subscription Plus - Now for Families!
> You can only view your current Apple Card balance on an iOS device -- not even a macOS device.
That sounds especially annoying. An iPad next to you can auto-config itself as the umpteenth monitor of a Mac, but macOS can't pull Apple Card balance from your nearby iPhone?
Is there a reason Chrome, Edge, and Firefox aren't on the Mac app store? I know the yearly dev account costs can be an issue for small developers but Google, Microsoft, and Mozilla are already paying that as they release apps on the iOS App Store.
I assume it's annoying to jump through hoops and code review for every release.
Most macOS users don't use the app store. So directing folks there can be annoying for users, or even cause problems if they aren't signed into iCloud.
They'd likely end up with either an old version on the app store at all times, or with a massive, unpredictable day-or-week-long delay waiting for Apple's reviews before every release. Small wonder they don't bother.
If I had to guess, the review process would just be a hindrance to them for nearly no benefit (is there anything besides the keychain API that would entice them?).
And this annoys me greatly. I want cookies, bookmarks, and passwords to be owned by the system. That way I can switch between browsers with ease, and that would also lower the bar for new browsers to come out.
Agreed. This sounds like a nice user-friendly feature until you realize what a colossal privacy disaster this would be for any malicious app that the user grants these permissions to.
"DerpCo Derpolizer would like to access your stored cookies. This allows us to automatically log into your DerpCo account!" and then bam, they hoover up your login data in an instant and send it off as part of their telemetry.
Much better to have a system like (for example) sign in with Apple where you can easily click a button to have the system authenticate you, but no one gets access to anything without specifically asking for it.
Maybe if you're only using devices from one type of brand. But what if you wanna access those things on a Mac and Google Pixel and an Amazon Kindle. Sure, might not be that much of a mix, but I imagine a decent amount of people have at least one device from a different brand.
Maybe this was it...IIRC the user must also have iCloud For Windows installed? It's been several months since I tried this setup. For my personal user experience it was unacceptable.
Agree on most of this but Keychain Access IS a standalone app on the mac so slightly confused about the comment about it being buried in System settings. Its still a pain to go to the app and copy a password for non-Safari browsers though.
I just do cmd+space -> type "pass" -> Return -> fingerprint. That gets me to my iCloud Keychain. I used to use Keychain Access but like the UI of the Passwords tab of Settings more.
It‘s a view and editor for all kinds of stored keys. I don’t think its target audience ever were intended to be some random macOS users. That’s just not the target group. It‘s about power users that need to access or store all kinds of keys.
I ended up writing an AppleScript to open the Safari passwords dialog because I got sick of hunting for the proper dialog. If you save it as passwords.command and make it executable it'll open the window right up. But yeah, it's a kludge.
#!/usr/bin/osascript
tell application "Safari"
activate
end tell
tell application "System Events"
keystroke "," using {command down}
set pass_button to (button "Passwords" of toolbar 1 of window 1 of application process "Safari")
click pass_button
end tell
4. New passwords overwrite old ones. Easy to accidentally lose passwords in slightly odd situations like logging into an account whose password you just reset.
But I like it overall. Even though I use multiple browsers, I don't mind treating Keychain as the master DB and occasionally copying passwords out of it. Part of this is because I use Safari exclusively for the extra important things like my bank.
I use chrome to manage passwords on all my devices, it works well except for apps. When I'm trying to get a password for an app in iOS, I just switch to chrome to get the password. Same if my password was from registering from an app and I'm in Chrome. Rinse and repeat and now my passwords are in both password managers.
As for TOTP, if I lose my phone I don't know what will happen.
Most apps can use passwords from Chrome just fine, and you can also quickly open the native passwords window when encountering a password field using the key icon.
For TOTP, use apps like Authy which can be installed and used from multiple devices.
> The GUI is buried in System Settings. Heaven forbid you need search it's only a simple 37 clicks away!
I do: Cmd+space > "keychain" > Enter. Still not ideal but it's the fastest method I know. What do you mean, i.e. how do you access the GUI from the system settings? I tried finding keychain there but couldn't figure out where it is.
It's available as "Passwords" in the system settings. I think they added it recently to align it with iOS and iPadOS, where there is no mention of it being Keychain at all.
There seems to be a Google Chrome extension called "iCloud Passwords" but it only has two stars, so I don't think you'll be positively surprised.
Also, on iPhone it's ok-ish but on Mac the experience is a subpar too: Keychain, the app you use to view your passwords, feels like a 90s Visual Basic application. Plus you can't organize your accounts, and even if you prefix them to "sort by name", the special name you give is lost after using it.
On the other hand, I already have other Apple cloud stuff and kinda trust them, so I suffer through it. And other password managers aren't anything to write home about either to make me change :/
Note that macOS now has three “apps” to view your passwords, three different UIs for the same database. There’s Keychain Access, there’s the Passwords section of System Settings, and there’s the Passwords section of Safari preferences (which is the same UI as the pre-Ventura System Preferences app’s Passwords section).
The other two have even less organization functionality than Keychain Access, so this probably doesn’t help you, but the blog post was talking about the System Settings version so I wanted to point it out.
What's wrong with Keychain Access? It hasn't changed its appearance since more than a decade. That's a good thing for familiarity. Early Mac OS X apps have incredibly good design that doesn't waste space.
But it does waste a lot of space... there's a lot of duplication of keys (which are deduplicated in the iPhone app), and with other information (somehow I have hundreds of "com.apple.cloudd.deviceIdentifier.Production" in there). And I already mentioned organization fails. Plus it's kinda insecure as it enumerates your accounts exhaustively without asking for a password like iPhone/Safari (granted, not a problem specific to this app). And the interface to view the passwords is terrible. Old and familiar is not synonyms with "good".
However now that comex pointed me to the Password in the "System Settings" app, I at least can use it and it's fine if Keychain is left as is.
I use Safari a lot but if I'm in a different browser then my passwords are unavailable.
No, it's not. I alternate between Safari, Firefox, and Duck. If a password I use in Safari isn't stored in Firefox, I copy it from the Keychain program and paste it into Firefox. Firefox then asks to save it. No problem.
The GUI is buried in System Settings.
It has its own program. /Applications/Utilities/Keychain Access
It's not just a good product if you're 100% Apple, it's only a good product if you're 100% Apple and are willing to accept a great deal of friction if Apple's direction no longer suits you in the future. It's a version of what some people call "high time preference".
Personally, I was taught to care about the future.
Still adds a great deal of friction and makes it harder to, say, experiment with an Android phone or a Linux desktop for a month. Compare that to 1password which just works.
OP is suggesting it's a terrible UI on iOS and Mac too, and one of their principle complaints is your #3.
So OP disagree that it's even a good product if you are 100% Mac, but are suggesting the functionality is all there, it just needs an actually designed UI/UX.
I’m all in for personal web browsing. Safari is a great browser basically 99% of the time and having free synced passwords (and really any critical data!) between my desktop, phone and tablet, I get tremendous value.
For work, I use chrome and chrome password management because my company uses gmail.
Went the other route, sold my iPad and went with a Surface instead...
the short of it: It's inelegant, there's bugs, the UI is half-assed and some aspects are straight hostile (default widgets etc.). But it's an actual generic computer. Most task you assume you could do with a computer, there will be a way to do it.
It might take some efforts to get to a decent setup, but the walled garden was also a PITA, so all in all, I felt my time is better invested in making windows a nice place than the endless fighting of Apple on iOS.
As a halo effect, I'm kinda thinking about moving to Windows on my main computer as well on the next refresh cycle...not fully decided, but that feels like a viable option.
As stated by another poster, Netscape vs MSFT was about coercing OEMs not to include competing browsers to be pre-installed on new systems. Apple could create and give away a cross platform password manager without much fear of ramifications, unless they exclude all other password managers.
The main limitation of Apple's passwords implementation for me is lack of sharing. For accounts that my wife and I both need access to, we can have them in a shared location in bitwarden, but there's no comparable feature with Apple's. I'll probably even start paying for bitwarden so that I can share with more than one other person when my kids are old enough to need access to them
Yeah, this is a bugbear. FWIW my wife and I "share" keychain items by airdropping them to one another as required. It works, but nowhere near as nice as having a common record we can both maintain.
In short.
1. The experience on Windows is terrible. They can claim it's cross-platform but it's truly a sub-par product.
2. On Mac it's tied specifically to Safari. I use Safari a lot but if I'm in a different browser then my passwords are unavailable.
3. The GUI is buried in System Settings. Heaven forbid you need search it's only a simple 37 clicks away!
I think those were my big complaints. If you are 100% Mac then it's a good product. Going outside of the walled Apple garden leaves a lot to be desired.