Given the recent spate of more bad news about using LastPass (losing access to their backup vaults) I am wondering if anyone can provide me security assurances around using Keychain as an alternative. I see lots of folks recommending a switch to Bitwarden or 1Password for example, but few discussing the merits of simply using the existing Keychain as their default password manager. I understand Keychain is a more “bare bones” password manager, but it is a technically secure as the other commercially available ones? I am willing to sacrifice some UI ease in exchange for increase security. Thanks!
LastPass is disclosing they have been phished and the bad guys made off with lots (all?) of their customer vault backups. Because of poor management or programming, even the URL’s and Notes fields are in clear text so that a threat actor could use that information to create sophisticated spear-phishing attacks, even without the simple brute force cracking of a customers Master Password (which may or may not be very strong). Also, there are many known issues with LastPass in general (including but not limited to a number of security breeches in the past decade, allowing a low number of iterations, not informing users to increase the complexity of their master passwords, poor communication on this and past issues, and more) In summary, they have exceeding my trust factor and it’s time to move on. Ideally, I would like to use Keychain and Keychain Access but need reassurance beyond their end to end encryption capabilities. Do you think iCloud is as secure as say, AWS, Azure, etc.? I know this is probably an impossible question to answer but I am curious as to why I hear so little, relatively speaking, about using Keychain vs. other cloud based PW managers. I don’t use Windows devices (too insecure for me) and I really only use Safari.
Sorry if this is sort of a broad ramble but judging from the Reddit boards on this topic there are thousands and thousands of users like me who are wondering what to do next.
Thanks for all you do Gary, you rock.
a concerned Vermonter
Chris in VT