An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Use Keychain Access as password software?
#62460 09/01/22 08:51 AM
Joined: Aug 2009
Likes: 6
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 6
One of the two 32 bit apps that I really like and can still use (Mojave 10.4.6) is Passwords Plus. However, there isn't a 64 bit version and I'm thinking of going to Monterey for improved security.

I've been looking at replacement password software and haven't seen any I really like and many are subscription, rather than one-time payment, which really doesn't interest me. I was thinking Keychain Access should be able to do the job, especially since I remember my most-used passwords and the requirement to "look up a password" is infrequent. Also, passwords could be saved automatically rather than opening a separate piece of software and creating a new entry.

Thoughts?


ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro
Re: Use Keychain Access as password software?
ryck #62462 09/01/22 09:31 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
The down-side of Keychain Access is that as long as you're logged in, your keychain is unlocked, and your passwords are available to anyone with access to your Mac. It can be mitigated to some extent, though, by keeping automatic login disabled.

I get around that by having my critical - that means "with access to money" - passwords memorized and storing only innocuous ones in my keychain.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Use Keychain Access as password software?
artie505 #62466 09/01/22 07:49 PM
Joined: Aug 2009
Likes: 7
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 7
Because my boot drive is encrypted and because I have Wallet populated, autologin is not an available option. Further, I have System Preferences > Security & Privacy > General > Require Password set to Immediately after sleep or screen saver begins and System Preferences > Desktop & Screen Saver set to show screen saver after 5 minutes together with a “Hot Corner” to activate Screen saver. So essentially any time I walk away from my computer it either locks automatically or I lock it. That way I am not concerned about anyone getting access to the contents of my keychain unless:
  1. They have cut off my finger so they can use it to unlock my computer
  2. Have my Apple watch and it's passcode to unlock the watch so it can unlock my computer (but at that point they would already have access to the Keychain which is on the watch)
  3. I have willingly or unwillingly given them my logon password


With those precautions, I am unconcerned about the contents of my Keychain. That said, my appraisal of Keychain is...
  1. PRO: it is “in the box” on all my devices.
  2. PRO: it works on all my applications on all my devices
  3. PRO: through iCloud the keychains on all my devices remain synchronized
  4. PRO: it is secure
  5. PRO: It works in all Apps
  6. PRO: It works automatically
  7. CON: Although is greatly improved, the password generator does not work with all sites. Possibly not even a majority of sites.
  8. CON: Unless you are rigorous in cleaning out the Keychain it is all too easy for multiple logons to the same site to accumulate
  9. CON: It can be annoying to access and manipulate the contents.


Because of Keychain's “Cons” I have long used various third party alternatives. I used 1Password until they recently moved their device synchronization to a proprietary site and the annual subscription went up significantly. I looking around for an alternative I came across the open-source utility KeePass. To start with the KeePass database encryption is arguably as strong as, or stronger than Keychain and there are any number of different UIs available such as StrongBox, KyPass, My Keepass, AuthPass, and those are just some of the offerings on the App Store. NOTE: All use the same KeePass database so if you don't like one front end, you can always choose another with no loss of data or data conversion. You can even use different “front-ends” on different devices to access the same KeePass database.

My “pick of the liter” of the front-ends is StrongBox.
  1. PRO: there are versions for macOS, iOS, and iPadOS.
  2. PRO: all of my devices access the same KeePass database on my iCloud drive (actually in the Documents folder on my local HD which in turn is mirrored on iCloud.)
  3. PRO: it is secure: encryption keys can be passwords, hardware devices, a complex graphics file, or a combination of two or more of these
  4. PRO: It works in all Apps including Safari
  5. PRO: it is not limited to passwords and can store keyfiles and other data files as well
  6. PRO: the password generator is far more flexible than the one in Keychain with many options to meet the requirements of any site.
  7. PRO: because KeePass is first and foremost a database there are multiple options for organizing and structuring the contents
  8. PRO: THIS IS PERSONAL but, I find KeePass much easier to work with and manage than Keychain
  9. PRO: can be opened with any Apple authentication including, fingerprint, face-ID, and Apple watch.
  10. CON: choosing between Keychain and Strong Box is an extra step


"Sacred cows make the best hamburger"

- Mark Twain
Re: Use Keychain Access as password software?
artie505 #62473 09/02/22 03:34 PM
Joined: Aug 2009
Likes: 6
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 6
Originally Posted by artie505
I get around that by having my critical - that means "with access to money" - passwords memorized and storing only innocuous ones in my keychain.
That's what I do...and your mention of it makes me realize that Keychain Access wouldn't be good in the future. When I head for "the other side" my daughters need to be able to access all my accounts, particularly the ones with money. If I use Keychain Access, they're stuck.

Last edited by ryck; 09/02/22 03:35 PM.

ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro
Re: Use Keychain Access as password software?
joemikeb #62474 09/02/22 03:44 PM
Joined: Aug 2009
Likes: 6
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 6
Originally Posted by joemikeb
My “pick of the liter” of the front-ends is StrongBox.
[list=1]
[*]PRO: there are versions for macOS, iOS, and iPadOS.
That has appeal but I bump into a Catch 22 as it requires OS 15. If I upgrade to OS 15 the Passwords Plus (32 bit) is not going to work so I won't be able to export its data as a CSV file.


ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro
Re: Use Keychain Access as password software?
ryck #62475 09/02/22 04:17 PM
Joined: Aug 2009
Likes: 7
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 7
Originally Posted by ryck
That's what I do...and your mention of it makes me realize that Keychain Access wouldn't be good in the future. When I head for "the other side" my daughters need to be able to access all my accounts, particularly the ones with money. If I use Keychain Access, they're stuck.

...or you could put your password in your will.

By-the-way, one of the options with Strongbox is to print out the entire password database in an unencrypted, comma delimited spreadsheet format, which is stored in my safe. Of course if Apple, Microsoft, et. al. have their way, passwords will soon be going the way of buggy whips and all this will become a footnote in history.


"Sacred cows make the best hamburger"

- Mark Twain
Re: Use Keychain Access as password software?
joemikeb #62476 09/02/22 04:19 PM
Joined: Aug 2009
Likes: 6
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 6
Originally Posted by joemikeb
...or you could put your password in your will.
Except, the fee to make a Will change is likely much more than a bit of dough for software.

I suppose it would work if I purchase MyKeepass (7 beans is hardly a showstopper) which only needs 10.13 (I'm 10.14.6) and then, once the OS upgrade to Monterey is done, upgrade to Strongbox. It's a bit convoluted but seems reasonable.

Last edited by ryck; 09/02/22 04:22 PM.

ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro
Re: Use Keychain Access as password software?
ryck #62477 09/02/22 05:15 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Mojave.

You can add a codicil yourself...quite easy...I know, I did myself and it's free.

Google the procedure if you want the instructions.

jaybass


OS 10.14.6 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD, Noise Ninja.
Re: Use Keychain Access as password software?
jaybass #62485 09/03/22 09:01 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted by jaybass
You can add a codicil yourself...quite easy...I know, I did myself and it's free.
ryck and I and pretty darn near everybody else are all in the same position, i.e., needing to leave at least one password behind, be it an Admin password (to unlock a keychain), or one to an app or to an encrypted sparse image such as I use to store my critical passwords, and that one password MUST be in the clear somewhere.

Since the added information would in no way change your will, though, should you decide to go that route, there's no need to either rewrite it or add a codicil. (I emphatically note that depending upon your purpose, a codicil can be quite a lousy idea!!!) Simply staple a piece of paper to the original will, and the job is done.

What remains, of course, is to securely store that piece of paper.

Oops! Back to square one. shocked frown


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Use Keychain Access as password software?
artie505 #62486 09/03/22 09:08 AM
Joined: Aug 2009
Likes: 6
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 6
Originally Posted by artie505
Simply staple a piece of paper to the original will, and the job is done.

What remains, of course, is to securely store that piece of paper.

Oops! Back to square one. shocked frown
Not an issue. I'm planning a what-if guide for my daughters, with a whole range of things like people to contact and things to be done, et cetera, which I will provide them in a password protected PDF. This information could simply be there.


ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro
Re: Use Keychain Access as password software?
ryck #62487 09/03/22 09:45 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted by ryck
Originally Posted by artie505
Simply staple a piece of paper to the original will, and the job is done.

What remains, of course, is to securely store that piece of paper.

Oops! Back to square one. shocked frown
Not an issue. I'm planning a what-if guide for my daughters, with a whole range of things like people to contact and things to be done, et cetera, which I will provide them in a password protected PDF. This information could simply be there.
As long as you trust them with the p/w prior to your passing. shocked tongue


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Use Keychain Access as password software?
artie505 #62492 09/03/22 09:30 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
10.14.6

I might add that if you add a codicil or note in longhand, you don't need witnesses and that applies to wills too.

My will is in a safety deposit box with whomever you have given permission to open it.

"A codicil can be quite a lousy idea" I don't see the logic in that. However, to each his own...

jaubass


OS 10.14.6 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD, Noise Ninja.
Re: Use Keychain Access as password software?
jaybass #62493 09/03/22 10:40 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted by jaybass
"A codicil can be quite a lousy idea" I don't see the logic in that. However, to each his own...
A codicil, because it isn't prepared by an attorney and witnessed, is considerably more vulnerable to a challenge than an actual will because it doesn't demonstrate the same forethought and followthrough.

For instance, it's a terrible idea to reallocate assets with a codicil, because the person who gets shorted will almost invariably claim coercion, sue over it, and have a far better chance of at least some success than would have been possible had the intent to make the same change been clearly expressed by a new will.

I've seen all too many instances in which attorneys fees ate up estates, leaving between little and nothing for the heirs.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Use Keychain Access as password software?
artie505 #62498 09/04/22 01:06 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
To my mind, a codicil ins't something to use for making multiple changes, it is by definition a supplement to a will.

As far as challenging a codicil or will, if it is worded to the extent that there are very little or nothing to dispute, then that should suffice. I image disputing wills is more prevalent among large families.

And of course there are some that will challenge anything if they think there is a buck to be made. Unfortunately, there are some people who actually make a living doing that sort of thing, not just wills.

You mention attorneys eating up the estates value...thats another ball game.

jaybass


OS 10.14.6 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD, Noise Ninja.
Re: Use Keychain Access as password software?
jaybass #62505 09/04/22 08:49 PM
Joined: Aug 2009
Likes: 7
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 7
I have personally known of codicils being "lost" (a.k.a. "shredded") by an heir who felt their interests were damaged by the codicil and codicils the executor failed to execute.


"Sacred cows make the best hamburger"

- Mark Twain
Re: Use Keychain Access as password software?
joemikeb #62508 09/04/22 10:33 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
I don't doubt that codicils (even wills) have disappeared but I wouldn't have thought that beneficiaries had access to such documents unless the benefactor hasn't properly secured them.
As regards to executors failing to execute them, isn't that a crime?


OS 10.14.6 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD, Noise Ninja.
Re: Use Keychain Access as password software?
jaybass #62511 09/05/22 12:49 AM
Joined: Aug 2009
Likes: 7
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 7
Originally Posted by jaybass
I don't doubt that codicils (even wills) have disappeared but I wouldn't have thought that beneficiaries had access to such documents unless the benefactor hasn't properly secured them.

These were supposedly stored securely in a safe at the attorney's office, but somehow got "lost in transit" between the attorney and the accountant in the adjoining office.

Originally Posted by jaybass
As regards to executors failing to execute them, isn't that a crime?

Technically, but proving it is not always easy and is always expensive, frequently more expensive than the potential gain.

Having been burned twice, I file my will with the County Clerk, and any subsequent changes or additions become amendments to and part of the original filing. Besides that, filing the will with the county clerk saves the executor a step when the will is probated.


"Sacred cows make the best hamburger"

- Mark Twain
Re: Use Keychain Access as password software?
jaybass #62516 09/05/22 09:55 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted by jaybass
You mention attorneys eating up the estates value...thats another ball game.
And it's frequently a codicil that puts the ball into play.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, dianne, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.25 Page Time: 0.033s Queries: 50 (0.024s) Memory: 0.6742 MB (Peak: 0.8135 MB) Data Comp: Zlib Server Time: 2022-11-29 08:47:58 UTC
Valid HTML 5 and Valid CSS