It's a huge difference to use system specific passwords on that specific system or to trust a properitary buggy system with passwords to other, potentially critical, services and infrastructure.
Whenever you click any "Save my password" option offered by any application on any OS, that password will need to be stored in some reversible encryption somehwere - there is just no way around it.
And unless you want to type in a password every time you need to access any of these stored passwords (which would nearly defeat the purpose), then the application or OS needs to keep that password and/or key in memory somewhere.
At that point, I would trust an application that runs with privileges that not even root can get (thanks to 10.11's rootless mode) much more than any other application, even given the eventual security flaw.
This severely reduces the attack surface to only the keychain application itself and to the component that enforces the privileges, whereas in other cases any root-exploit will cause you to lose your passwords.
In the year of 10.11's existence, no security flaw has been found in either system integrity protection (= rootless mode) nor in keychain (the bug listed here isn't a bug. if you ask keychain to give you the password, it will have to give you the password or there would be zero point in even storing it in the first place)
i dont even know which version i run, so no idea if i have to be scared or not. updates are way to painful to do regulary on a working dev machine. (lazy linux user here)
anyway i never saved a password, thats exactly my point. There is not a single reason to believe that the apple keychain can be fully trusted, its that simple.
Yeah, there's no great answer here other than its an area that requires innovation. Apple is usually pretty good in this area, and I'd love to see them bring something to the table. My hope in writing the article was to spur enough debate and attention around the subject that it might foster that innovation conversation.
I think by digging through the comments on the multiple portals this was posted since I went to bed last night that at the least, people have strong opinions on both sides. It's either security or convenience, but it's certainly presented on the surface that its both. The point of the article was it is not.
> There is not a single reason to believe that the apple keychain can be fully trusted, its that simple.
How do you believe that differs from any other cloud manager, local or cloud-hosted? What reason(s) do you have to believe they can be fully trusted? Or do you not use password managers at all? I assume you don't re-use passwords from site to site (because there's also no single reason to believe any particular site you log into can be fully trusted with a password you've used accross sites), I assume you use secure passwords (because you clearly prioritize security)... how do you remember them all?
I dont use any of these but use the gnome keyring at home. Its OS, based on industrie standards and afaik never had serious issues. (It sure helps that linux has more restrictive user rights)
On other places i use a password sheme, and if possible 2fa. A sheme is not perfect ether, but would require to attacker to fetch multiple of my passwords until he can recreate it.
Is there reason to believe that's significantly more secure than just re-using the same (strong) password everywhere?
Personally, I'd feel safer with a unique strong password for every site, even though it effectively requires a password manager (and trusting that password manager). So far, i think most attacks don't usually involve your local computer, people aren't attacking your laptop trying to crack your password manager (I think? Any known attacks of such? I guess I'd assume the NSA probably _is_, but anyway, regardless, I'd rather have unique strong passwords).
yeah :) not my native language. thanks for the correction.
I am on my phone and lazy so excuse missing sources. But afaik a lot of malware targets password managers. Dont forget that some of these also are really really bad and easy targets. some bigger ones may be good, but still tend to fail from time to time.
a unique password for every site is defintly better, but not if these passwords are saved anywhere.
My sheme, which only exists in my head, imo provides therefore more safety.
honestly i am just paranoid, but the way some users use password managers scares me.
i use a password sheme, and if possible 2fa. A sheme is not perfect ether, but would require to attacker to fetch multiple of my passwords until he can recreate it.
Which IMO is purely negligently