Thanks for the Mac Security series. It fills is a few missing pieces that I’ve needed to address.
My question is regarding password managers. You mentioned that you use 1Password. I know that 1PW has a few other features that the built in PW manager in the MAcOS doesn’t have. Why do you personally prefer 1Password over the built Mac app?
I actually don't. I prefer the macOS/Safari built-in password manager and use that the majority of the time. But I also use 1Password. I use both. It is fairly easy to use both as when you create a new password you get prompted by 1Password to save it. So I end up having the password in both places.
But I like 1Password because I can save other kinds of things easily: ATM pins, padlock combinations, passport and known traveller numbers, secret telephone passwords for security systems, and so on. macOS/Safari is more about login ID/passwords.
I can also add notes in 1Password easily, so I can record security question answers, airline mileage codes (when they are different from the login ID), and even notes about how to navigate to things I need on some websites.
A fairly new feature to 1Password is the ability to fetch some 2-factor codes, so it can act as the way I get my password, and also fill in the 2-factor code in one action.
Also, 1Password has browser extensions for all browsers. So if I want to use Chrome or Firefox for something, I can get to my passwords in those easily. And of course if I also had a Windows machine or Android phone I could use 1Password there as well.
I have used 1Password forever for the reasons that Gary mentions. In addition, the latest version has drag-and-drop, which is very handy when auto-fill won't work. However, I have tried the suggestion of using both Keychain and 1Password but stopped because I found it confusing as to where a particular password is saved or will be saved. Since I now use a 1Password subscription, where all devices are synched, I found it much simpler to just use 1Password. Maybe I'm missing something.
Dave: In most cases it is just saved to both. For instance, if you have Safari fill in a new password, then it saves in Safari (since Safari created the password). But then you usually get a prompt from 1Password to save as well. I agree and now I have it in both places.
I just came from a Cyber Security Awareness safety class and learned that many Internet browsers, such as Safari, are an unsafe way to save passwords since the passwords are not encrypted and can be easily stolen. I hate the thought of moving away from Safari's very convenient and what I thought safe and secure password manager. Since Safari's password manager is not encrypted, wouldn't this be a good reason alone to move to a password manager like 1Password?
Joseph: Safari passwords are encrypted.
Yes, but if someone gains access to your computer your passwords would be compromised via the browser, correct? And if you had 1Password or another securer password manager might this give you another level of protection?
Joseph: They'd need your computer, plus your password to get into your account. If they have that, you'll be changing all of your account passwords anyway.
Gary: Thank you! Wasn't sure if using another password manager was more secure but it appears not.
Gary, I am tempted to try 1password. I now use Keychain on my MacBook, and I love the Touch ID feature to fill in logins/passwords. So I really would use Keychain as my primary password manager — Unless this capability is in 1Password. Is it? That is, the ability to use your fingerprint to fill in passwords from 1Password. Or, I guess since I have Touch ID turned on, it is going to use keychain password regardless if 1password has the capability or not, I presume?
Ed: 1Password can use Touch ID too, yes. You can use both. That's what I do.