I’ve been a customer of 1Password for as long as I can remember. I love being able to have a dedicated application/service for password management, rotating one-time passwords, storing secure information like social security numbers. I know I have a dedicated place to manage all my data in a place I know is safe and easy to access. On the other hand, iCloud Keychain works well and is built-in on all my devices. Is it time for Apple to release a dedicated app for iCloud Keychain, so it’s easier to manage and interact with that data?
We’re all struggling with password management. The FIDO Alliance was created to help rethink how passwords should look going forward, and Apple is one of the newest members of the alliance. It joins other major technology companies like Microsoft and Google. It’s in the best interest of all vendors to make it easier to create and manage passwords.
The problem with managing passwords on iOS and macOS at the moment is the functions are scattered around. Some of the syncing happens on in the backend with no way to quickly see (especially on iOS). A prime example of this is the syncing of Wi-Fi passwords. It’s easy to remove old networks on the Mac, but on iOS, it’s all happened without being able to remove anything.
Apple should release a dedicated app for iCloud Keychain
As our devices continue to store ever more personal information, Apple should release a dedicated app to view, add, change, or delete anything being stored in iCloud Keychain. We’ve already seen rumors of iOS 14 bringing new features to iCloud Keychain, so this would be a natural next step. This app would help promote the security of iOS (it would be behind a second round of Face ID scanning) as a place where you can store your most personal data like social security numbers, PIN codes, etc. It would also allow you to view, update, or delete anything password related for website logins.
Right now, website passwords are stored inside of the Safari settings on macOS and inside of the Settings app on iOS. A dedicated app would put this front and center.
On top of a dedicated app for managing personal information, I’d like to see Apple help promote two-factor authentication. Right now, Apple has its own flavor of how it uses two-factor authentication to set up a new device or log in to iCloud.com on the web, but most websites use another format.
When saving a password to iCloud Keychain, a dedicated app could help facilitate the set up of a one time password for individual websites. Apple could even create an API that works with Sign in with Apple or just general website logins.
Apple has two-factor authentication built right into iOS and macOS, but they implement it in a slightly different way. Instead of using a third-party solution to generate a code, you’ll receive an alert on another one of your registered devices. Once you approve the login, a six-digit code will pop up, and you’ll input that on the new device.
Wrap-up
What do you think? Should Apple release a dedicated keychain application to bring the security of iCloud to the front and center? I think removing it from the Settings application would make it easier for people to look up their passwords if logging into a public computer, manually add new information in a secure way, and just generally have a better understanding of where all of the information lives.