There’s been a lot of recent talk online about the iOS 18 Passwords app sherlocking 1Password.
I’m not a 1Password employee/investor begging you to stay. I’m not going to make a list of all the 1Password features missing in Passwords.
I’m here to convince you that Passwords neither protects nor guarantees access to your passwords in a worst case scenario. Such as:
- Apple nukes your Apple Account for no reason (it happens)
- Your Apple Account is compromised (it happens)
- Your Apple Account is illegitimately recovered (it happens)
- You are mugged and forced to provide your passcode at gunpoint (it happens) and the thief remotely wipes all your devices to prevent you from applying iCloud lock to the phone
In any of these scenarios, you’re absolutely toast. Even if you can recover your Apple Account, those precious days/weeks without access to anything are crucial in preventing further damage. But account recovery is not guaranteed. And if the attacker wipes your passwords from iCloud, there’s no export, no history, no backup. Your passwords, and worse – TOTP codes, are gone forever.
I’m not a 1Password fanboy. I’ve been jaded since they replaced their beautiful fast native apps with slow buggy Electron. However, more than anything, I need my password manager to protect my passwords from unauthorised access while also never preventing me from accessing my passwords, especially in an emergency situation where I’m under attack.
I have complete faith 1Password will never randomly close my account because a hallucinating AI flagged my account for no reason. I have complete faith 1Password will never allow someone without my recovery code or secret ket to recover my account (as in, it’s literally impossible due to end-to-end encryption). And I have complete faith that if I can provide my recovery code or secret key + master password, I’ll be able to access my account without entering step-up purgatory. And if literally everything else fails, 1Password allows back up and export, which isn’t possible with Passwords (as of writing).
But I hear you say: what if someone forces you to provide your 1Password master password at gunpoint? What then?
This is not a scenario I’m concerned with. Street thieves may have room temperature IQ, but they’re smart enough to know you’ll remotely lock a stolen device as soon as you get home. They’ve clued on – so the reason they demand passcodes is because they want to beat you to the punch. If they lock you out of every other device you own then you can’t lock the phone before they sell it. They aren’t interested in taking over your digital identity. They aren’t interested in your 1Password master password.
But stolen Device Protection helps, right? It may help this one specific scenario. However, it introduces a whole set of new problems. Specifically, if FaceID breaks from a drop or just stops working, you’re completely dead in the water if you have Always require additional security measures turned on or if significant locations flakes out (which it does for me constantly) as there’s no passcode/password fallback. Besides, stolen device protection does nothing for the first three scenarios mentioned above.
Passwords is a step in the right direction but I won’t be migrating any time soon.