Apple wants to help me remember my passwords. That’s good because I’ve got a lot—over 200 right now. That’s too many to remember, and I shouldn’t keep a list in my desk drawer or just use the same one for every website. Everyone needs a password manager, and Apple installs iCloud Keychain on every computer and mobile device they sell.
I’ve been using it to manage my passwords for the last few years. Before that, I used LastPass and loved it. I wanted to discover for myself whether Apple’s solution was up to the task, and I’m surprised at how well it has met my needs. It remembers all of my passwords, makes them available on all of my devices, and fills them in automatically.
That’s not to say that it’s perfect. It’s safe and secure, but limited in some areas. All of my devices have the Apple logo on them, but if you have a Windows computer or Android device in your life, it won’t work there, and for a password manager to be effective, it needs to work on every device you use. I also had to make a decision to switch to Safari as my primary (well, only) web browser. That’s a pretty significant restriction, and not something everyone will be willing to do.
Besides being locked into the Apple ecosystem, the service lacks features that have become expected in a password manager. I’d become accustomed to using them with LastPass, and there have been times I really missed them. I’ll outline them later in the article.
Table of Contents
What is iCloud Keychain?
iCloud Keychain is Apple’s password manager. It’s conveniently built into every Mac, iPhone, and iPad. It’s easy to use, and makes it simple to create safe, complex passwords. It fills them in automatically while using Safari, and stores other types of sensitive personal information for you. These are synced to other Apple devices you’ve enabled Keychain on.
According to Apple, iCloud Keychain stores:
- internet accounts,
- passwords,
- usernames,
- wifi passwords,
- credit card numbers,
- credit card expiration dates,
- but not the credit card security code,
- and more.
Is iCloud Keychain Safe?
Is it a good idea to store your passwords in the cloud? What if your account was hacked? Wouldn’t they gain access to all of your passwords?
That’s a question asked of all password managers, and like them, Apple uses end-to-end 256-bit AES encryption to protect your data. They don’t know the passcode you use, so you can’t access your data, and that means if someone was able to hack into iCloud, they couldn’t access your data either.
iCloud protects your information with end-to-end encryption, which provides the highest level of data security. Your data is protected with a key that’s made from information unique to your device, and combined with your device passcode, which only you know. No one else can access or read this data, either in transit or storage. (Apple Support)
While that keeps your data secure, it also means that Apple can’t help you if you forget your passcode. So choose one that’s memorable. That’s common for most password managers, and only McAfee True Key and Abine Blur are able to recover your master password for you if you forget it.
You can further protect your account with two-factor authentication (2FA). This means that even if someone was to discover your password, they still wouldn’t be able to access your account. Turn it on using the Security tab in iCloud system preferences.
On this page, you can set up security questions and a rescue email address, as well as turn on 2FA. Once it’s enabled, you’ll receive a message on your other Apple devices asking for permission before iCloud Keychain can be enabled on another device. No one can access it without your permission, even if they have your password.
Two-factor authentication on other password managers is a little more flexible, especially in McAfee True Key. With Apple, you’re limited to using other Apple devices as your second factor, while other apps offer additional options and flexibility.
What Can iCloud Keychain Do?
iCloud Keychain will securely store your passwords and sync them onto your Apple devices—Macs, iPhones and iPads. That’s great if you live in the Apple ecosystem, but not enough if you also use Windows or Android.
There’s no easy way to export your passwords if you decide to use something else—though if you’re technical, there are some third-party scripts. Import is also missing, so you’ll need to save your passwords one by one. Let’s just say that iCloud Keychain’s primary problem is vendor lock-in.
iCloud Keychain will automatically log in to websites, but only if you use Safari—other browsers are not supported at all. That means if you use Chrome or Firefox some of the time, your passwords won’t be available. That’s very limiting, and if you do use other browsers, you’ll be better off using a different password manager.
iCloud Keychain will generate strong, unique passwords. This encourages secure password practices, and you won’t need to remember those complex passwords because Keychain will do that for you. Unlike other password managers, you’re not able to specify the length and other criteria of the password.
iCloud Keychain will automatically fill in web forms, though I believe it’s using your information stored in the Contacts app rather than in Keychain itself. This is useful but not as flexible or secure as other password managers that allow you to store all the information you need to fill in web forms for several identities in the app itself.
iCloud Keychain will automatically fill in credit card details. If you have more than one card, you’ll be able to select the one you want to use. For your safety, the security code is not stored in Keychain, so if the website requires it you’ll have to check the card yourself.
iCloud Keychain will store secure notes. This could be a safe place to keep your alarm code, safe combination and driver’s license details. You’ll find “Secure Notes” when you open Keychain Access, which you’ll find under Utilities in your Applications folder. I haven’t used this feature personally because I find it too limited, and awkward to access. Other apps also let you securely store files and other types of structured information.
iCloud Keychain will warn you of reused passwords. When I navigate to Safari/Preferences/Passwords, I can see I have a number of passwords that are used on more than one site.
Unfortunately, you have to navigate to that settings page to see the warnings, so it’s not a particularly effective notification. Other apps will also warn you if the password is weak or hasn’t been changed for some time.
What Can’t iCloud Keychain Do?
iCloud Keychain can’t work with other operating systems and browsers. If you can’t live within those limits, choose another app. All of the alternatives work with Mac, Windows, iOS, and Android, and a wide range of web browsers.
iCloud Keychain won’t let you share your passwords with others. Other apps do—as long as they also use that app. If you change the password their app will be automatically updated, and you’ll be able to revoke their access at any time. This is great for a family, team, or business.
iCloud Keychain won’t warn you of compromised passwords. Many of the alternatives do. If a website you use is hacked and your password compromised, you should know about it so you can change your password as soon as possible.
iCloud Keychain won’t automatically change your passwords for you. The worst thing about having to change a password is the effort involved. You have to navigate to the site and log in, look for where the “change password” button is, and create a new one.
LastPass and Dashlane offer to do all of that work for you automatically. This only works with co-operating websites, but there are hundreds of them, with new ones being added regularly.
Best Alternatives to iCloud Keychain
1. LastPass
LastPass is the only password manager to offer a usable free plan. It syncs all of your passwords to all of your devices and offers all the other features most users need: sharing, secure notes, and password auditing.
The paid plan provides more sharing options, enhanced security, application login, 1 GB of encrypted storage, and priority tech support. It’s not as cheap as it used to be, but it’s still competitive. Read our full LastPass review.
Personal $36.00/year, Family $48.00/year, Team $48.00/user/year, Business $72.00/user/year.
LastPass works on:
- Desktop: Windows, Mac, Linux, Chrome OS,
- Mobile: iOS, Android, Windows Phone, watchOS,
- Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge, Maxthon, Opera.
2. Dashlane
Dashlane arguably offers more features than any other password manager—and even throws in a basic VPN—and these can be accessed just as easily from the web interface as the native applications.
In recent updates, it has outpaced LastPass and 1Password in terms of features, but also in price. Read our full Dashlane review.
Personal $39.96, Business $48/user/year.
Dashlane works on:
- Desktop: Windows, Mac, Linux, ChromeOS,
- Mobile: iOS, Android, watchOS,
- Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge.
3. 1Password
1Password is a leading password manager with a loyal following. It includes most of the features offered by LastPass and Dashlane, and one that’s unique: Travel Mode will let you remove sensitive information from the app when you’re entering a new country, and add it back after you arrive. Read our full 1Password review.
Personal $35.88/year, Family $59.88/year, Team $47.88/user/year, Business $95.88/user/year.
1Password works on:
- Desktop: Windows, Mac, Linux, Chrome OS,
- Mobile: iOS, Android,
- Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge.
4. McAfee True Key
McAfee True Key doesn’t have a lot of features—in fact, it doesn’t do as much as LastPass’ free plan. You can’t use it to share passwords, change passwords with a single click, fill in web forms, store your documents, or audit your passwords.
But it’s inexpensive and offers a simple web and mobile interface and does the basics well. And unlike most other password managers, it’s not the end of the world if you forget your master password. Read our full True Key review.
Personal 19.99/year.
True Key works on:
- Desktop: Windows, Mac,
- Mobile: iOS, Android,
- Browsers: Chrome, Firefox, Edge.
5. Sticky Password
By comparison, Sticky Password is only a little more expensive than True Key and offers additional features. It’s not perfect: it looks a little dated, and the web interface does very little.
Its most unique feature is security-related: you can optionally sync your passwords over a local network, and avoid uploading them all to the cloud. Read our full Sticky Password review.
Personal 29.99/year or $199.99 lifetime, Team 29.99/user/year.
Sticky Password works on:
- Desktop: Windows, Mac,
- Mobile: Android, iOS, BlackBerry OS10, Amazon Kindle Fire, Nokia X,
- Browsers: Chrome, Firefox, Safari (on Mac), Internet Explorer, Opera (32-bit).
6. Keeper Password Manager
Keeper Password Manager is a basic password manager with excellent security that allows you to add on the features you need, including secure chat, secure file storage, and BreachWatch. On its own, it is quite affordable, but those extra options add up quickly.
The full bundle includes a password manager, secure file storage, dark web protection, and secure chat. Read our full Keeper review.
Basic features: Personal $29.99/year, Family $59.99/year, Business $30.00/year, Enterprise 45.00/user/year. Full bundle: Personal 59.97/year, Family 119.98/year.
Keeper works on:
- Desktop: Windows, Mac, Linux, Chrome OS,
- Mobile: iOS, Android, Windows Phone, Kindle, Blackberry,
- Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge.
7. RoboForm
RoboForm is the original password manager, and it feels like it. After two decades the apps feel a little dated and the web interface is read-only. Accomplishing anything seems to take a few more clicks than with other apps, but it’s affordable and includes all of the features you need.
Long-term users seem quite happy with the service, but new users may be better served by another app. Read our full RoboForm review.
Personal 23.88/year, Family 47.76/year, Business 40.20/user/year.
RoboForm works on:
- Desktop: Windows, Mac, Linux, Chrome OS,
- Mobile: iOS, Android,
- Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge, Opera.
8. Abine Blur
Abine Blur is a privacy service with an integrated password manager. It provides ad-tracker blocking and masking of your personal information (email addresses, phone numbers, and credit cards), as well as quite basic password features.
Due to the nature of its privacy features, it offers the best value to those living in the United States. Read our full Abine Blur review.
Personal 39.00/year.
Blur works on:
- Desktop: Windows, Mac,
- Mobile: iOS, Android,
- Browsers: Chrome, Firefox, Internet Explorer, Opera, Safari.
Which Password Manager Should I Use?
iCloud Keychain is Apple’s password manager. It’s secure, comes included with every Mac, iPhone, and iPad, and includes basic password management features.
But it has two problems: it only works on Apple’s browser on Apple devices, and it lacks the additional offered by other password managers. Most users would be better served by a different password manager. Which one should you choose?
LastPass’ free plan has a lot going for it. You can use it on most operating systems and web browsers, and it includes features you normally need to pay for, including password sharing and security audits. But Dashlane has the edge, and if you’re willing to pay around $40/year offers the best password management experience available.
Read our full roundup of the best Mac password managers to learn why we recommend these apps, and for the details of what the others can do for you.
Storing passwords in the cloud is just stupid, sorry. LastPass is the worst thing you can do, a simple phishing attack can retrieve the master password and all your passwords are lost. That is due to the web based approach that lastpass is using. This is better with Apple KeyChain (like with every password manager software, e.g. KeePass, Gnome Keyring, KWallet etc.), but still it is stupid to give a company all your password. Even if the encryption is good and not broken, how do you ensure that the key is not transmitted to Apple as well?
IMO you should avoid storing sensitive information in the cloud in general. Use client side encryption wherever possible. Don’t trust proprietary software from companies that you cannot verify. The best solution I know is the Standard Unix Password manager https://www.passwordstore.org/. The passwords get encrypted using PGP. Each password is individually encrypted. In combination with a Yubikey (used for RSA encryption) I can really ensure that private key never leaves the Yubikey. And I get a two factor authentication to access my password (The Yubikey is Pin protected). If I want I can sync passwords using Git, which is built into Pass, but I don’t need to. I can also use my own git server and don’t need to use any 3rd party cloud service. GnuPG, which is the basis of Pass is open source and verified for years. Pass itself is just a BASH script around gpg. Technically, PGP is a hybrid algorithm, the data files are encrypted using AES, the AES can is generated randomly for each password, which is then RSA encrypted. The RSA private key is secured on the hardware chip. I’m using two Yubikeys with the same key (that I generated offline on a air-gapped machine) so that I have a backup in case the Yubikey is broken or lost. To access a Git repo via SSH you can also use the Yubikey.
There exist convenient integrations into desktops, like e.g. dmenu, which can type the password for you, so you don’t even need to copy it into your clipboard. There exists even an Android App, so that you can use your Pass store and Yubikey via NFC on your smartphone.
The only thing that is better on Apple systems, is the marketing 😉
You’re able to access Keychain on your PC. It requires you to download iCloud desktop app and use Chrome or Edge as your browser (and install extensions for each in iCloud desktop app). I recently installed so can’t really speak to how well it works but it seems to be working fine so far.
There is no mention of Bitwarden. That’s unusual.
I found this article very helpful in making a decision of which password manager to use, I like the upfront frankness of if it’s a good manager or not. Thank you for a very informative article.
Very informative article. Unfortunately it’s a bit hard to read for my eyes due to the low contrast of the type. Luckily I can use Reader mode in Safari on Mac.
I received a message that several of my password leak, I delete them all. how do I recover them to change them instead?
Hi Larry, thanks for your comment. I happily used Lastpass on my Mac for many years without ever installing a Mac app. The browser extensions were all that I needed, just as they were when I used Linux before that. All the same, the Lastpass downloads page most definitely does list an application for Mac.
As a retired developer, I don’t understand how you ca recommend LastPass for macOS. For any other OS, yes…but they actually don’t even have a macOS app.
Wow! Great article, in simplified language that a tech – challenged person can relate to. Thank you!