This article originally appeared in TidBITS on 2016-03-22 at 12:31 p.m.
The permanent URL for this article is:
Include images: Off

FlippedBITS: 1Password Versus iCloud Keychain

by Joe Kissell

Everyone agrees that passwords are a pain. The idea that each user of a computer, Web site, or online service should gain access using a unique identifier (a username) and a self-selected password must have seemed logical back in the day, but the system hasn’t scaled well. Now we all need passwords for dozens or even hundreds of services, while frequent high-profile security breaches remind us that a password-based infrastructure is inherently fragile and vulnerable.

In response, service providers make ever-harsher demands of their users: create longer, more complex passwords; change them whenever the provider sees fit; answer security questions; add two-step verification; and so on. Frustrated users, in turn, respond in ways that make them far less secure: they often choose easily guessable passwords, and reuse the same password (or one of a few) everywhere.

I’ve been thinking and writing about the password problem for a long time. In the recently published “Take Control of Your Passwords, Second Edition [1],” I lay out the whole problem from top to bottom and help readers think through a sensible, safe, and sustainable strategy. One key recommendation is to use a password manager whenever possible. This type of software automatically generates, remembers, and fills in passwords as needed, and syncs them across your various devices. Although a password manager alone isn’t a complete solution to anyone’s password woes, it can eliminate a large portion of the hassle while increasing your security tremendously.

There are lots of great password managers out there, and I truly don’t care which one you use, as long as it works well for you. I know that apps like LastPass [2], Dashlane [3], Blur [4], and many others, have lots of fans. In addition, Apple’s own solution, iCloud Keychain, works in Safari for recent versions of OS X and iOS — and it’s free for anyone with an iCloud account. I wrote extensively about iCloud Keychain in another of my books, “Take Control of iCloud [5].”

My personal favorite, however, is 1Password [6], which I’ve been using for nearly ten years. I’ve found that it hits the sweet spot of power, usability, and affordability — and it keeps getting better all the time. I like it so much I wrote yet another book about it, “Take Control of 1Password [7],” which explains how to make the most of the app’s extensive capabilities, many of which aren’t entirely obvious.

But wait a minute! Since iCloud Keychain is free, requires no extra software, and is supported by Apple, why would anyone bother with a third-party product in the first place? I’ve heard this question a number of times. For example, when I covered the latest major release in “1Password 6 for Mac Adds Teams, Expands Sync Options [8]” (18 January 2016), a commenter named Jim inquired:

This would be a great chance to ask the question I’ve always had about 1Password. I hear nothing but praise for it, but… What exactly does it do that Apple’s built-in tools (Keychain, iCloud Keychain, etc.) don’t do?

I’ve read so many glowing reviews of 1Password, yet that’s the part I still don’t get…

I replied by pointing out a number of things 1Password can do that iCloud Keychain can’t, but the question deserves a more extensive answer. After all, 1Password isn’t free and does have a bit of a learning curve — and switching from one password manager to another isn’t always simple. I can understand why this might seem like a Pepsi-versus-Coke choice, but it’s more like pitting a standard can of Pepsi against a Cherry Vanilla Coke float made with artisanal hand-churned organic ice cream — and two straws.

Before I get into the feature differences, let me make two quick disclaimers. First, although I’m talking only about 1Password here, many of the features I point out can be found in other third-party password managers too. And second, I’m not trying to diss iCloud Keychain. In fact, as I’ll explain later, it’s an ideal choice for certain tasks, and there’s no reason you can’t use it alongside a third-party tool.

1Password’s Advantages -- 1Password was developed long before iCloud Keychain was a gleam in Apple’s eye, and over many years it has been refined based in large part on user feedback, an approach that Apple often seems to be allergic to. Here are some of the ways in which 1Password surpasses iCloud Keychain:

iCloud Keychain’s Benefits -- Having said all that, let me now change my tune slightly and say some nice things about iCloud Keychain:

Sure, that’s a shorter list of compliments than the one I gave 1Password, but they’re not insignificant. If you use only Safari on Apple devices; have only a modest number of accounts; prefer iCloud syncing; and have no need to store other data types, share credentials, or use one-time passwords, you might be perfectly content with iCloud Keychain. Without question, using iCloud Keychain is a thousand times better than using no password manager at all, and if you like it, more power to you.

However, keep in mind that this isn’t an either/or decision. You can use iCloud Keychain and 1Password together. For example, you might rely on iCloud Keychain to handle your Wi-Fi passwords and the credentials you use most frequently in Safari for iOS, but 1Password for everything else. Or you could try to keep both apps updated with the majority of your passwords, using whatever happens to be easiest at any moment (given your current platform and browser). Or use 1Password to generate new passwords but iCloud Keychain to store and fill them. Although using both together is more work and arguably a bit less secure than picking just one, it’s not an unreasonable approach.