Here's Apple's big problem: it's not a replacement for so many alternatives because it isn't supported on all platforms.
Safari? Not on Windows.
Apple Music? This actually has a Windows client. I'm not sure how good it is. But Spotify supports Windows and even Linux.
Apple Password Manager? Will this be tied to iCloud? Will I be able to use it on Android? If I no longer have an iPhone will it be a pain to maintain and use?
A dog cannot serve two masters. A company like Apple doesn't see any of these things as a product. They're a means to an end: to push the iPhone platform (and hardware sales). That priority will always trump the interests of a product like this.
It's also why I refuse to buy more into Google products: it's too much of a risk to lose access to everything if Google wakes up one day and decides to suspend your account with no recourse other than making enough of a stink on social media such that an employee will actually look into it.
People don't want everything tied to one identity, one service, one login.
I think this is exactly what _most_ people want.
With password management specifically, Apple has had a Chrome extension available for a while now which has allowed me to use it on other browsers/platforms. Not ideal, but good enough for most.
On top of that, they don't lock you in with passwords. You can easily import and export your passwords, just like you can with 1Password.
Apple Music has had a web client for a long time. iTunes has been on Windows for 20+ years and Apple Music was supported via that until recently when they built an Apple Music specific app.
Like seven people replied to say this, but they're all missing the trick.
Most people want this because they're guided to want it. If you show people the convenience but not the risk, of course they want something with an advantage and no apparent disadvantage. But the disadvantage exists, it's just not immediately obvious.
Then some corporate machine learning algorithm decides that it's your day to have a bad year, or the screws only get tightened after you're already locked in, and the regret comes some time after the decision is made.
Whereas the nerds who can see the inside of the machine are aware that this sort of thing happens and their response is no thank you. A starkly different preference from the people paying the most attention is a troubling sign. It's the early stages of this:
https://xkcd.com/743/
The thing that gets me is that people then defend the practice because it's likely to be successful. Lots of unsophisticated people are going to put all their eggs in one basket and then have a bad time, which is a result we should be trying to prevent, not defend the people causing it because they're likely to turn a profit. Companies making money on information asymmetries and the misfortune of others is a flaw we should be looking for ways to optimize out.
I’m curious to know what you’re thinking as far as what bad outcome(s) will or may result from people choosing this over some other password manager.
It's putting password management into the same basket as the device.
Suppose your Apple ID gets compromised. The attacker is a jerk and decides to remote erase your device. Then they use your account for black hat stuff and get it permanently banned, or just erase everything on iCloud too.
If the password manager was a different service then you'd still have the password for that service and could get in and recover your accounts on everything else. If it isn't, where's your stuff? The device and the cloud backups are both gone because they were both tied to the same compromised account.
Or you just break your phone and then realize you don't know your password. You can reset your password with your email, so now you just need your email password, which is iCloud, which is the same password. Uh oh.
Whereas if your eggs aren't all in the same basket, you can get a foothold somewhere. If you use a third party email service and haven't forgotten that password, you can still get your email on another device. If your password manager backs up to a third party service or your very own Raspberry Pi, you have access using a different set of credentials than the ones you forgot.
I think you might be making some assumptions about how this stuff works without looking into it.
- A lot (most?) people’s Apple Account name is actually their main email address (e.g. Gmail), so they would still control their email address even if their Apple Account was compromised.
- You can still recover your Apple Account and iCloud Keychain without any devices (e.g. if phone broke like in your scenario).
- Your passkeys stored in iCloud Keychain are still protected even if your Apple Account has been compromised.
Source: https://support.apple.com/en-us/102195
But the login for the Gmail address is a passkey that's on the Apple account...
So what's the point of passkeys if you can get access to them without passkeys?
How can something be protected when the thing that controls access to it has been compromised?
A passkey is just a replacement for a password. Google (and other apps/websites) have account recovery processes for users who get locked out of their accounts. The way you get back into your Google account doesn’t change much just because you’re signing in with a passkey vs. a password.
Account recovery is a problem that service providers have to solve (and do solve) regardless of whether a user authenticates to their account with a password or a passkey.
Some huge benefits are:
1. They are highly phishing resistant. Unlike passwords and popular forms of 2FA (TOTP and SMS), users can’t be tricked into sending their credential to a fake/malicious server. A passkey is bound to the server domain at the time the credential is created, and your OS/browser will simply not send it to the wrong place.
2. There is no credential for attackers to steal from servers in the case of server breach. This is because only a public key is stored on the server, instead of password hashes (or worse, plaintext, if the app/website developers don’t know what they’re doing).
3. Passkeys are guaranteed to be unique and secure. The same cannot be said for passwords. Even a password manager cannot guarantee that every single credential stored in the password manager is both unique and secure. And password complexity requirements often make it a painful game of trial and error to create a secure password, even when using a password manager.
4. Because of annoying password complexity requirements, the process of creating a new password can be annoying and take up to a minute or two of fiddling around, even when using a password manager. With a passkey, the process takes as long as Face ID or Touch ID (or equivalent on other platforms) every time. Every single credential creation and authentication is a fantastic user experience (both fast and easy).
I suggest watching Apple’s WWDC videos. There you will find a very very in-depth answer to this question.
All of the points I’ve made above (and more) are covered in the linked videos.
Move beyond passwords: https://developer.apple.com/videos/play/wwdc2021/10106/
Meet passkeys: https://developer.apple.com/videos/play/wwdc2022/10092/
Deploy passkeys at work: https://developer.apple.com/videos/play/wwdc2023/10263/
If you won’t watch any of the above then you should at least read the FAQ on passkeys on the FIDO website here, which should answer many of your questions:
https://fidoalliance.org/faqs/#PasskeysFAQs
This is answered in the article I already linked above. Here is the link again.
About the security of passkeys: https://support.apple.com/en-us/102195
Specifically, carefully read the following sections titled “Synchronization security” and “Recovery security”. The short answer is that gaining access to the user’s iCloud Keychain contents requires more than just having access to the Apple Account.
Ok so let's assume passkeys are a form of saved generated password.
So why does my browser or password manager send saved normal passwords to a different domain than the one they were saved for? This is not a limitation of passwords but of the software that encourages saving passwords. It didn't need switching to machine only passwords to fix.
What has stopped developers from using irreversible transformations on stored passwords in the past? The math was there.
If it's generated by software, any software should be able to assure uniqueness. This is again a failure of saved passwords / password managers.
Yes and here we get to the elephant in the room.
You become dependent on an easily stolen or destroyed device for authentication. It is a fantastic user experience until you're a plane flight away from home, your phone gets stolen. Your passkeys are safe in the secure enclave. Too bad you can't access them any more. How do you get home? You don't have any other devices to prove your identity, if you even have backup devices, they're at home. The flight options are in an app that you don't have the passkeys any more for. Your flight may get canceled or rescheduled and you have no way of knowing. If you didn't bring any physical credit cards or backup cash, you can't even eat.
Passkeys are all fine in your average techie environment, but can be a disaster outside it.
The most basic scenario:
Someone use their phone as their only computing device (e.g. only other device is their school or work computer).
Their phone dies and the shop convinces them to go for a Pixel 9.
How screwed are they if everything was in iCloud, vs they were using 1Password ?
What about any or all among of their contacts, messages, docs, notes, schedules, photos, apps, app contents...?
That would be a more appropriate picture.
Not much. Annoyed maybe but as long as they have access to their email and phone number they can reset their passwords.
What about the other way around? If a person broke their Android phone and a friend convinces them to move to Apple? You could argue that then they may have everything in Google and that they could log in on an Apple device with their Google account and use Chrome and Gmail and whatnot, but then they'd be storing everything in Google.
What if Google sunsets a product? Or Google unilaterally decides to close their account overnight with no human in reach for support?
I'm all for interoperability. I do get the risks at hand. But the hodgepodge of separate solutions forming a duct-tape held system is hardly usable for the "mere mortal", let alone integrating the together in reliable ways.
People want technology to disappear so they can go on with their lives and do stuff that matters to them (which integrating platform-independent third party solutions is not). So "all eggs in same basket" is an extremely valuable feature for most.
At best they spend hours and hours up to days resetting the passwords for all the account they ever had. Looking at my password list, there's 700 or them, it would take me a week of my life, if I ever get to do it at all.
At worst they actually can't access their email and it's the end (or a week or two of back and forth sending official documents to get it back ?)
As a first point: they don't have to go all Google. They can have a Google account solely for their phone, and have everything elsewhere. That's a nobrainer as long as they have a solid password manager. You call it hodgepodge, but that's just what we've doing for the last centuries.
The issue of a service unilaterally killing an account isn't limited to Google. Apple will also kill your account if they assume you misbehave, and you might get someone on the phone, while not getting any resolution.
Do we hear it more about Google ? sure. But Google is also in the biggest service provider on earth at this point.
No, the most basic scenario is:
Someone uses their phone as their only computing device.
Their phone gets destroyed or stolen while they're far away from home to require a plane flight to get back. Perhaps stolen along with their ID.
How do you recover when your logins are passkey only and the passkeys are gone with the stolen phone?
People are driven away from open standards to vendors like Apple because so much open stuff just sucks so goddamn bad. So will Apple one day fuck me over? Perhaps, but in the meantime their shit just works and I am going to use it because I don’t have time to spend hours troubleshooting why manufacturer A doesn’t work with free publisher B when free driver C is loaded.
But have you thought to ask why that is?
The general mechanism for free software to be developed is for the individual users to make modifications. Not all of them, of course, but the ones who know how to. Someone sees something wrong, fixes it.
Apple interferes with this. If you don't like an app on your iPhone, even if it's open source, you can't just make a minor change because for that you have to pay $100/year and buy a Mac and all of this friction that discourages people from doing it. And then upstream doesn't get the little change (times a thousand individual users with an itch to scratch), and the one-time contributor doesn't become a repeat contributor either.
Not only that, you can't distribute a half-finished app to the public -- even if it's free -- because it wouldn't pass review. But then you can't get any users who might help you to finish it. So the state of open source software on the iPhone is a shambles, because Apple neutered the primary mechanism for free-as-in-speech software to become any good on their platform.
Compare this to Linux on a PC where simple things are about as likely to "just work" as they are on a Mac, more likely to do so than on Windows, and weird and complicated things work better than on either of them because even though they're not always easy they're very nearly always possible.
Which is the perpetual sham of "it just works". Simple things are simple everywhere because they're common and well-supported. Complicated things are often difficult, but some platforms make them prohibitively difficult or simply disallowed, and people confuse this with "easy" because you don't remember spending time to make something work when you can't. But that's not actually an advantage, because you're not obligated to spend time on something that doesn't immediately work, but the option to choose to is valuable when sometimes it's worth it.
Not sure of your reality, but my apple ecosystem just works. I spend nearly zero time fiddling with my rig just to get to a point of productivity but see Linux using peers in a constant state of tweaking trying to achieve and failing of what I have by just opening a box.
Same. The only issues I ever have are with non-Apple hardware, like Sony headphones, Acer monitor, etc.
Do I wish they worked better? Of course. Have I experienced those same problems with Android / PC? No, but different problems existed.
Ahhh so you want the public to do your QA for you and don’t mind interfering with their productivity when the first iterations of your software are a buggy mess? I am ok with Apple trying to keep the pests out of their garden, or providing a lockable gate like TestFlight where I can go into a testing situation with my eyes wide open and risks well understood. Your open source devs are not always great at disclosing the fact that their software is half baked and people install expecting a robust app and finding instead…a load of crap
Well that's all fun and games until you start putting off paying Internet bill for two weeks because it turns out that you misconfigured your password app and it actually didn't save your password to the utility service provider and you realize you have no internet one day and you have a school assignment ugh and maybe your credit score gets 0.5% lower and yeah it's all very much your fault. "But you can just be more careful! Handle stuff like this as it arises!" Yeah, sure, just like during Communist times you could easily get more than one pound of coffee per half a year if you're just careful and note when it's available in stores as a drop-in
I believe this whole Apple vs Linux debate is perfectly analogous to the West vs East Germany debate, to the point that almost all intuitions/arguments for the latter are perfectly reusable in the former
Ive watched people who swear that Apple "just works" struggle when it doesnt.
The difference is just that because of the halo effect they dont blame Apple for the shit that doesnt work. If there is a 3rd party tangentially involved they blame them instead.
The difference (in my experience) is if it works with Apple, it "just works". If it doesn't work, it will never work.
It's a binary and you generally know the answer straight away.
Some people dislike it because they enjoy looking for answers and the freedom to change how things work. Others like it because they don't want to spend their time searching and mucking about with configurations.
That was a bit part of my move to Mac from Windows back 24 years ago. It was such a pain trying to get all the bits and pieces working together and with the Mac, yes it was more expensive (although honestly, not that much more expensive) but stuff just worked out of the box and I didn’t have regular crashes. I’m sure things have improved in Wintel land since 2000–2001, but my Apple experience has been remarkably stress-free.
"The people want the thing that they want because they are wrong"
I never understood how this argument even makes sense. It sounds a whole lot like you're upset that most normal people don't care about and don't want what you want.
I feel like I explained it above. People often want things because they don't have all the information and people who are uninformed, especially when they're intentionally uninformed, make poor decisions.
And maybe there are some people who, faced with the risk of losing all their stuff, conclude that maybe all their stuff isn't that important to them and they don't have time for this YOLO! But there are even more people who never even consider the risk, and it seems like somebody should be looking out for them instead of people just saying "shut up nerd, normal people don't care about whatever you're worried about." Uh yeah, that's the problem, they're not made aware of it until it bites them on the ass and anybody who tries to express the concern on their behalf is told to keep their foot away from the hose of the money vacuum.
This is the bell curve meme. People just want the things that work for them, people that know what they are doing want things that work easily and know their way around a little better too.
You're overblowing the harmfulness, I'm not even sure what the argument is.
Prove to me you deserve to be called a "nerd."
GP’s smug superior attitude over non-technical people and general lack of perspective is enough nerd cred for me.
Word
There are hundreds of examples throughout history of people being marketed something horribly harmful to themselves and defending their need for it even after being explicitly shown the downsides. Oftentimes, instead of fixing the individual people society chooses to punish the businesses that abuse this lever.
Same shit with the Microsoft Netscape trial, really. People didn't want alternatives because Microsoft went absurdly far out of their way to stop fair competition on their platform. Now we're seeing the same shtick, again, on a different platform.
It's more of: people want things obviously bad for them because of abusive salesmanship techniques, which exploit information asymmetry and opportunity cost (i.e. that people can't be bothered to do deep research on every one of the thousands things they buy). This includes effective marketing, that is typically deceptive and stops short of direct lies (sometimes not even that).
You should read this piece in the NYT titled “The Tyranny of Convenience” [1]. It asserts that your entire worldview is essentially flawed. En masse, people do what is most convenient, which is completely orthogonal to what is right / wrong / best / worst. For instance, it’s an empirical fact that eating healthy and getting exercise is better than eating poorly and living a sedentary life. Yet, most people live sedentary lives.
1: https://www.nytimes.com/2018/02/16/opinion/sunday/tyranny-co...
But this is precisely the problem. If you want the right thing to happen, you can't allow the wrong thing to be more convenient. "The wrong thing is more convenient so STFU" is the flawed worldview, because it's what causes the wrong thing to continue happening.
Now consider what happens if people do the opposite. Instead of defending convenience as an end unto itself as Moloch would have it, you create friction against bad choices. Complain about them, refuse to assist your allies in making a mistake. Do things that make bad options less convenient and redirect people to better choices.
People will still do what's convenient, but now the more convenient thing is the better thing.
> Now consider what happens if people do the opposite. Instead of defending convenience as an end unto itself as Moloch would have it, you create friction against bad choices. Complain about them, refuse to assist your allies in making a mistake. Do things that make bad options less convenient and redirect people to better choices.
What about making "the right option" better instead of making the "the wrong option" worse?
The flaw in your logic is that you’re taking too myopic a view. In your world “making something worse” is somehow divorced from the tyranny of convenience, but in reality it’s not. Changing society is itself inconvenient, and therefore unlikely to happen unless leaving society as-is is less convenient.
This point of view essentially reduces to the same place libertarians are at: Institutions are bad, Apple is bad, Google is bad, we should refuse to support institutions, or maybe even institutions should not exist, depending on how severe the FOSSism is.
And look, I don't feel that libertarians (or, let's kill the analogy, FOSSers) are always wrong. Of course they're right about some things; they're just wrong about so much more than they're right about, its like a 90/10 split, its not close. I think the cognitive dissonance is something similar to chesterton's fence: FOSSers don't respect the massive profit-motivated and closed-source companies and systems which, at best, make pockets of productive, awesome open source possible; but more realistically and worse those pockets are just the software version of "buy a Subaru because we donate money to cancer research", they're free labor/recruiting/tax writeoff/community goodwill campaigns by gigacorps, and its all just profit at the end of the day.
Nerds who can see the inside of the machine and are aware that this sort of thing happens is literally just stating in different terms the stereotype type-As assign to nerds: that they don't understand anything but the technology [1].
[1] https://www.youtube.com/watch?v=hNuu9CpdjIo
Apple and Google aren't institutions. They're for-profit corporations with a long track records of behaving like amoral artificial minds that they are. In this sense, corporations are beasts - society can benefit from putting them to work, but they will also occasionally maul someone because that's what they do.
I think that what is convenient to you, or to fellow engineers, is not what is convenient to the mass public or non-technical people. Very simple solutions, which are often platform-specific, tend to be a lot easier in many cases -- not necessarily all cases, but when something is built-in to a device or OS, this does remove some burdens from users.
Guided to want it. Sure. Everyone else, all those other folks with other lives, opinions and preferences, they are brain washed by my enemies. Come on, man :)
I just wanted Passwords to be its own app because the Settings applet(?) is obnoxious to interact with in some scenarios. My passwords are already all in there.
Now, I use a Windows laptop too and would love for Apple to make the Passwords thing work there too. It probably won't :)
Now that many sites are moving to passkeys or TOTPs, it would be great if Apple could not lock users in there as well.
That's only on Windows and requires you to install iCloud tools locally, right?
What is the adoption for passkeys? I do not get the impression that they will replace passwords or “social” logins anytime soon.
I have yet to notice a site asking me a passkey.
Really? That’s how I log into GitHub!
I stopped logging in into there since they forced 2FA on me because of an old contribution to an open source project. It's too much of a pain and I don't need to be logged in to look at the code of the modules or libraries I'm using or I could use. As collateral damage, I stopped opening issues on open source projects, that was maybe two or three issues per year. All my customers are on Bitbucket at the moment and it still works with username and password. If it would switch to 2FA, I'd have to comply.
It amazes me the lengths people will go to to avoid security.
It’s not that the gp is trying to avoid being secure.
It’s that for a service that you only have a need for, a few times a year, mandating 2FA is an unnecessary hassle that can lead to user frustration.
I’ve experienced the same with Gitlab. I rarely use Gitlab and don’t have anything important hosted there but when a project I was a member of enabled 2FA for all contributors, it made my Gitlab account completely frustrating to use.
Typical scenario: I’m trying to do something brief on Gitlab that requires me to be logged in so I login then get shown an interstitial page saying I cannot proceed until I enable 2FA on my Gitlab account. Every action I attempt while logged in will fail unless I either enable 2FA or remove myself from the project that enabled mandatory 2FA after I was added.
GitHub’s 2FA implementation is night and day better than Gitlab’s but I imagine the user frustration must be similar if you find yourself suddenly having to enable 2FA because a GitHub org you were already part of mandates it.
True, but the alternative is that people with valuable projects to secure don't do that (because they aren't forced to), and lose things.
That said, the sign-in flow with a Passkey and BitWarden is great. Click "sign in with a passkey", click "confirm", done. No username, password, or 2FA required.
One day I hope BitWarden implement my suggestion of not requiring that second click if you only have one key.
If you have something like 1Password, it takes one or two clicks to set up 2FA for a given site and Passkey setup for a given site is pretty painless. There’s even a decent amount of CLI integration for signing commits, etc. As a federal contractor working in and out of higher security areas, 2FA and Passkey are… really not intrusive or disruptive to my daily life.
Funny enough, you can use a passkey to log in with Nintendo
Yet if the limit is one then you'll still need a fallback like forgot password. Because the original device may fail.
I've found them to be a real pain in the arse because they're implemented so inconsistently. Only the biggest sites are offering them, but it's those big sites where I'm worried about locking myself out because of setting it up wrong.
I've locked myself out of Squarespace by setting up then subsequently removing a passkey. Doing so triggered a bug which "updated" the TOTP (that was already set up) and the backup codes. Support was absolutely deaf to the whole thing being a bug, absolutely impossible to report, and I'm sure it'll keep being an issue for years to come.
There are 3-4 I regularly use. Google offers it for their business accounts, of which I have a couple.
They might not ask you to setup a passkey, but many sites already support it: https://passkeys.directory/
The king of wishful thinking has entered the chat.
Here's the iCloud Passwords extension for Chrome -- works on my Mac happily, and also with Arc (which means I now get to use it just as much as Safari)
https://chromewebstore.google.com/detail/pejdijmoenmkgeppbfl...
The Chrome extension also works on macOS.
Luckily, _most_ people don't buy overpriced and closed Apple devices.
In the desktop world people tend to buy cheaper, yet equally as closed Windows machines.
In what ways are desktop Windows boxes as closed as Apple? I would say there are many many things to fault Microsoft for, but closing down the OS has never been one of them (though that is gradually changing outside the EU, to be fair).
When using the terms “open” and “closed” with operating systems, one is traditionally talking open the source code.
As such both Windows and MacOS are closed source.
As for “opening up the OS” both are pretty gosh darned flexible and extensible wrt other features.
However being based upon a BSD core, MacOS has had access to the Unix command line natively since forever. For Windows one used to have to rely on CgyWin before the virtualized WSL platform came to be.
Whilst MacOS has the somewhat opaque ~/Library for storing user settings and data, it pales into comparison to the massively Opaque Windows Registry.
I’ve had had very few issues fixing app install issues with my Mac - with Windows I’ve had more than one occasion where I’ve had to do a complete reinstall of the OS due to the Registry being totally hosed to the point I couldn’t reinstall apps again.
You said "equally as closed Windows machines."
In terms of the machine Windows is way more open in that you can use what hardware you want. But yeah the software is closed source.
TBH, the parent also stated “but closing down the OS…”
So waters were indeed muddied.
I don't think when someone is talking about a "closed device" they usually mean "closed source". I at least took it to refer to whether you can run whatever software you want on that device+OS, and how easy it is to do so.
I think Windows is up there with the open source OSs (Linux, BSDs, etc) on regular PCs are at the same end of "run anything you want from wherever you want it", iOS devices are at the other extreme of "only run things approved by Apple", Android devices are pretty closer to iOS because they make you jump through hoops and potentially lose access to various functionalities to install certain things or gain root access. Modern macOS, as far as I understand, is somewhere in the middle: you have to jump through quite a few hoops to install certain kinds of software, and a few aren't permitted at all I think (unsigned kernel modules?).
I think the keynote here is the closed/open hardware.
You can run Windows almost on any hardware. So it is much more open in general.
You can equally run almost any imaginable software on both operating systems (if we ignore the performance), but you have extreme difficulties to run macOS on most hardware.
Counter point - in what ways is macOS 'closed' and Windows not? And I am specifically talking about macOS, not iOS.
MacOS is only licensed for use in Apple branded hardware, as I understand it. Even running it in a VM could be problematic if that host isn't running MacOS.
So your issue isnt the openness in terms of being limited on what you can do on it, and more that you want it to be bloated with drivers for millions of various pieces of hardware like Windows, got it.
True. However I can (and have multiple times) migrate from machine to machine without needing to reinstall everything.
My work MacBook was pulled from an original Air from something like 2015, to a 2017 Pro and currently my 2019 Pro.
So I’ve got apps installed on my Mac that have been installed damn near 10 years ago.
Ditto my home 2015 Pro was later on migrated to a M1 Air. Hell, I’ve still some 32 Bit Steam games that still somehow run on my Air (least Steam tells me they’re 32 bit).
We could play this game ad-infinitum, each finding a level of supposed “openness” but the basic facts are that neither Windows, nor MacOS are truly open.
If you want open, then Linux is always going to be in the answer somewhere. Not MS Windows. And not Apple MacOS.
Many could disagree about the pricing of MacBooks, for example.
M Pro series are probably the best laptops on the market, and if people keep buying them, is the price too much?
MacBook Air is actually quite well priced for what you get.
There are demographics where Apple has dominance.
Is there a way to export all your passwords on a Windows PC, or from iPhone? I do not have a mac
Why don’t you just install the windows app they announced?
No
The backup situation is terrible - Mac only - Only Passwords (no passkeys) - Only items you created (so nothing shared with you, even if you own the shared “group”)
In short your only option is one at a time manual export
A more important question is, is there a way to export all your passwords after you're locked out? One of the major risks here is you permanently lose access to your One Ring to Rule Them All account and thereby all of the others.
In theory you can export the data to some out-of-ecosystem backup device on a regular basis, but we all know that most people are not going to do that.
I couldn't agree more. I use Google's password manager because (1) it syncs everything (2) I already use Chrome everywhere (3) I can't be arsed to set up another password manager that is generally inferior in terms of integration.
I don't care for the FOSS argument. I just want stuff to work and work easily.
Plus, I sincerely believe Google is 'too big to fail'. If somehow Google gets hacked and my plain text passwords all get leaked, it means something huge has happened and we're all massively screwed anyway. So, whatever.
Google might be too big to fail (I don't think so, but could be wrong).
The flip side of that is that google is too big to care. We all know from countless reports that they will evaporate your google account and everything ever associated with it, for no reason at all and zero chance of you ever being able to reach anyone to fix it.
I can't see why anyone would risk anything of value to such a platform that can destroy all your content at any second for no reason with no warning.
The only real solution to this is to self-host, locally. Which isn't feasible for the vast majority of people.
Why not use Bitwarden?
It's better in every single way.
No. Please stop being speaker for most of the whole world.
There are people, including me or my wife who is not technical at all, who will never use anything similar from Apple. Or any similar SSO/access/security platform. Google and FB tried that decade+ ago, only fools fell for that regretful trap if the service has actually any long term added value.
He did say ‘I think’ so not speaking for the whole world
It's ironic that you suggest they should not speak for the whole world, and then use your own personal opinion as a stand-in for what you think should be the whole world's opinion.
I see many comments replying to the above statement, and I am no exception.. what about the saying that goes: "Don't put all your eggs in one basket"?
I think it's a lot more important to decide who you want to trust.
The problem is that there are a lot of small apps that end up being scams. Or they end up selling their software to scammers. Or they just don't have the ability to properly secure their system (LastPass).
Apple has kind of made a name for themselves as a big company that cares about privacy and is serious about security. And they don't have the reputation for totally screwing over their customers randomly like Google.
I can see a lot of people making the pragmatic decision to just keep trusting Apple instead of figuring out which other company to trust as well.
Besides the web client,
https://cider.sh exists and is in various distro package managers already too.
...and is miles better than Apple's attempt at providing "support" for other platforms than their own.
Until they don't, which always happens sooner than you would think.
This is what they think they want, until something happens and they are forced to move out of the walled garden, and have to replace everything.
But, admittedly, that's Apple's bread and butter, and they've managed to avoid big controversy so far...
Easily export passwords, I’m not so sure. I remember trying to script this once and for each item it would prompt a password to extract the entry. Maybe the Passwords app changes this.
> I think this is exactly what _most_ people want.
Yes, and they should have it. As open source software that a free market of hosting companies can compete on price and quality for. Not as closed source software hosting by a Big Tech oligopoly.
You should be able to host your info on a server of your choice, encrypted end-to-end from your devices. That server is the one which should collect payments, manage subscriptions, do access control checks, and deliver data to others. That server is the one which should send notifications and push news updates to your devices as well as subscribers’ devices. You should always be able to migrate easily to another server, or use several at once, as fallbacks.
People have learned helplessness (“oh I wish Twitter would add feature X”, “oh, I guess we all have to get a Google Plus account”, “oh, sucks that Google Plus and all my data and social connections there are going away”) because open source developers didn’t stick around long enough to make something that is good enough to compete with it, and is decentralized and federated.
I can count on one hand: Mastodon. Bluesky.
I am working on fixing it: https://github.com/Qbix/Platform
Larger vision for 2025 and later: https://qbix.com/ecosystem
This is EXACTLY what people want. Please remember that HN is not a cross section of the general public.
> Please remember that HN is not a cross section of the general public.
Yup. I need to constantly keep that in mind, when I’m designing my software.
Very often, the fact that I like it, is a negative.
What this forum needs is for its members to volunteer their time at their local library doing tech support. It’d be a rude awakening for a lot of folks.
I can’t begin to count how many hours I’ve spent trying to help my mom untangle passwords for all of her accounts. I can’t help but laugh at the indignance over an approach that isn’t fully decentralized/anonymized/self-hostable/brushes-your-teeth-and-makes-you-toast/whatever.
I don’t need idealism. I need my mom to be able to figure out how to log into her bank without having to call me every time. The more that’s tied to a single ecosystem the better.
My mother actually writes them all down in a booklet. It's very old-fashioned, but it does work for her.
Incredible insight. Too often I'm building something and it rises in complexity precisely due to me wanting extra features that might be very niche and technical in nature, so I too must remember to not bloat the product and make it much more streamlined.
SWEs build for maximum tinkerability. General users just want the software to work without having to tinker with it at all.
I think they want one login, but don't want it all controlled by one company. I think they either like or just don't notice that everything they do is controlled by one company at first, until they see something shiny and cool that another company is doing, and realize how difficult it is to switch.
What would they prefer instead? controlled by another company? controlled by many companies? manage it on their own?
You made the same mistake as the person you're refuting, only worse because you added "exactly" as if case closed.
Here's another take: "People" want different things. They listen to different music, have different opinions, buy different cars, have different tolerances of when a car needs washing.
My non-technical Mum refuses to use online banking; my non-technical Dad loves online banking. My non-techie sister loves issuing verbal commands to her smart speaker; my non-techie Mum refuses to speak to devices & switches her TV off at the wall every night.
The only "EXACTLY" is in marketing efforts trying to convince you of that state.
You could fix iy by saying "this is exactly what > 90% of people want"
The other big problem is that in the case that you get on Apple’s bad side for whatever reason, you now lose your passwords to everything.
Terrifies me. I can't really piss 1Password off, so that'll never be a worry. My iCloud Email can at least be re-directed to Fastmail as I own the domain (other than Hide My Email, which is a shame).
You can't piss 1Password off, until you do. There's nothing inherit about Agile Bits that shields them from arbitary account closure.
You can't piss Apple off, until you do.
I personally haven't heard of people's account getting randomly shut down for whatever reason for either company, but I'm sure it happens.
It's a matter of surface area to somehow trigger the automated detection that kills an account.
With 1Password, I can only really think of payment issues (ultimately, everything within your account is just a matter of sharing a binary blob they can't read - maybe if you try to use it as a file store and the size becomes excessive), whereas with Apple, I'm not entirely certain what they could read on my machine that could trigger them (hopefully with Advanced Data Protection, this is a small surface area).
But you are right, both of them could cause headaches.
Off topic: I just saw your comment and I also used the term "surface area" :D
Though, there' a 3 minute gap, I had not seen your comment (hadn't refreshed the page) when I typed mine.
There is a difference - the surface area where you interact with that certain company. As an Apple device owner, your interaction with Apple and it's various services (known; and unknown to you - e.g. watching a certain video on YouTube in Safari) compared to that of Agile Bits (or BitWarden for that matter, which I prefer), where the service is exactly one, is much much bigger. Hence making your chance to trip so much more in case of Apple and Google.
Apple already has an iCloud app for Windows and has had an iCloud Password Chrome extension for years. There is no support for Android.
Which is also only available for Windows, as far as I know.
And needs iCloud installed for it to work.
They aren’t preventing you from using 1password which requires their cloud service, or any other. I use third party calendar, address book (contacts), text editor, but use Apple mail and safari. And mostly use Dropbox for file storage.
Other people can make different choices. This doesn’t seem like a crisis.
It’s also available on macOS.
I don’t see why that would be a big problem for Apple.
As this article explains, this isn’t new functionality. It’s (mostly) a new UI for existing functionality, to make the hardware they sell and make lots of money on more attractive.
Seems to be the case that commenters do not know that Keychain Access exists.
Apple has tried various approaches of surfacing this functionality (eg the passwords panel in Safari and again in iOS’s settings app). This just seems to be the app-agnostic way of providing this functionality to everyday users, and probably a good thing as platforms move away from passwords.
No, Keychain Access is just a terrible app. It is sufficiently terrible that I'm 100% aware of its existence and instead choose to pay for a less OS-integrated, but far better app.
No, the commenters I'm referring to are ones that think Apple including a password manager is anticompetitive lock in, and other similar comments that are clearly unaware that this is not new functionality.
Your comment has zero bearing on what I posted. Apple themselves use 1PW
I am not sure what you mean by it’s “terrible”. It works well for me. It saves my passwords, generates secure passwords for me, works with Safari, and works with apps.
How many people use Mac and Windows at the same time? There are some, but I bet most people do not use multiple OS. Usually, people who have a Mac have an iPhone and maybe an iPad. They are entirely in the Apple ecosystem because they see all the benefits when all those devices work seamlessly together.
Quite a few. Windows desktop/laptop + an iPhone/iPad is a super common combo.
Especially for gaming
For me the issue is gaming. It remains a central hobby of mine and while Mac has gotten much deeper into gaming in recent years it's a far cry off from Windows. I use Apple ecosystem otherwise (work, mobile). Also, I have left Linux behind after my academic years and don't miss it.
I would immediately leave Windows in the dust if gaming was equally supported on macOS. Maybe in the future, let's see. For enterprise work, MS365 is also really central and it's basically not possible to work without Excel, PowerPoint, Outlook and Teams even if you personally prefer other software (I don't). They're fine on macOS or the web interface but clearly neutered in comparison to Windows native.
They have a windows app for it.
Windows app will certainly help adoption.
An Android app would be nice as well, but I doubt that many people use both iOS and Android devices[1] (or concern themselves whether they will be able to switch platforms easily).
[1] Android devices as in devices where password manager is desired, not as in 3 Billion Devices Run Java
I wonder what the number of people who use Macs and Android is. I would guess that it’s a tiny fraction of the marketplace (and likely entirely populated by people with Kindle Fires, not Android phones).
Actually now I'm thinking that there are probably quite a few developers with Macs + Android phones.
I use Apple Music and Apple Notes every day on my Debian workstation. Works like a charm.
Notes web version is pretty limited though, ex: can't attached images.
I use Notion in cases where it's too limited. Unfortunately notion charges for really large attachments.
Trick I do do sometimes is, just WhatsApp the files to myself and attach them from my phone
Word. I do the same. The web versions aren't perfect but they do the job. There are way too many Android-only users in these comments that don't have a clue what they are talking about.
It's more platform lock-in and it leverages their market position. Unabashed monopolism. Completely unchastened by recent lawsuits.
Except for the fact that you can import from and export to other password managers using built-in functions. That kind of kills the whole lock-in vibe.
Literally not a monopoly.
Someday I hope a company might emerge that develops things for the sake of developing things to enhance their popularity.
That's contradictory; what you're looking for is a charity.
A company does things for the sake of profit.
It can be profitable to be innovative in my opinion.
There's a difference between Google's products and Google's services. You can use either one without the other. I am a happy user of Google hardware, and am even happier to be almost entirely extricated from their services.
Do you mean stuff like Pixel but with a degoogled version of Android?
Even without degoogling, you can refuse to log in to a Google account and disable most of their apps. I rather do like GrapheneOS, though.
Apple wants it to be a problem so it incentivizes you to switch over.
But Apple knows that there are many reasons why a user who may choose Apple where they make decisions for their dollars, is also a user who is stuck in other ecosystems in other context.
Of course, I'm talking about, for example, work environments where you may be stuck with a Windows PC, or have to use a corporate-owned Android device for your phone...
If they haven’t already, I won’t be surprised if Apple creates a reasonable password app for Android and Windows specifically to address this concern. Fanning out to other platforms to enable customers to continue using Apple products is a decent strategy that probably does more to retain people within the Apple ecosystem than it does to enable a move away from Apple.
Apple already has a Windows iCloud password app and a Chrome extension https://support.apple.com/guide/icloud-windows/manage-passwo...
Apple thinks "One Ring to rule them all" will work on mindless enough. But otherwise, yeah. Those who aren't mindless wouldn't want that.
People always ignore the simpler explanation: it’s more time and work to make something a second time on a platform you don’t know and control.
This is what OAuth attempts to do, and most users and devs I know like it.
I'm well aware of the risks of putting all eggs into one basket. I'm already doing it with 1Pass (albeit with external MFA for some sites), so I see no difference with letting Apple manage it.
Counterpoint from an interesting source:
https://gist.github.com/nckroy/dd2d4dfc86f7d13045ad715377b6a...
Sadly this will take off, and be tied to everything apple. From a tech perspective I would never use their tools even if they are the most convenient. But the reality is most people will see this as the only option for password management, and 1password isn't free, so for them they will see no better way out.
I would be happy if more people adopted password managers. We'd all be a lot better off if they did. And personally I don't care which tool they use to get there. But there's still too much friction in using a password manager, not all of which is the fault of the password manager (eg different password requirements, how 2FA verification is handled, the antiquated notion of password expiry, some sites split username and password onto two pages so you have to verify twice, some sites using a third field you have to fill in like surname).
So I'm not sure how many people will actually use this just because of this friction.
Branding a solution as Apple isn't a guarantee of success. If it were, we'd still have Safari for Windows.
People literally want everything tied to one identity, service, and login. You are almost totally wrong. People do sometimes want to switch to something new when they feel what they've bought into hasn't met their expectations or has fallen behind in innovation. And guess what? Apple in very limited ways actually locks people into things like passwords, files, photos, notes etc. Their entire ecosystem is pretty easy to migrate away from, I've done it several times. Theres an import/export tool for most everything.
After this year you probably can't even say they are locking people into their ecosystem with iMessage.
It is absolute garbage, but luckily the legacy integration in iTunes for windows still (sort of) works.
Apple Music has a decent web player, so it's technically supported on Linux
I do, because i don't have any windows or android machines
You'd be surprised. People want a neat solution so they don't have to deal with multiple nuissances.
They worry less about vendor lock-in (if they even understand the issue unless it's bitten them, and then they can consider the costs of switching as totally normal and expected, similar to how they just go find app replacements for platform-exclusive software).
It's good that it's not cross platform, we do not need any more product monopolies, we have enough. Still there's a chance this will hurt the password manager market which leads to an even better outcome: we still have a monopoly but it doesn't make the product available on platforms most people use.
No, it's not Apple's problem, let alone be a big problem. Apple does not like to provide services for free on other platforms and isn't even very good at doing it for paid services. This passwords app is meant for those who use and depend on Apple's ecosystem, not as a generic competition for other password managers.