Because my boot drive is encrypted and because I have Wallet populated,
autologin is not an available option. Further, I have System Preferences > Security & Privacy > General > Require Password set to Immediately after sleep or screen saver begins and System Preferences > Desktop & Screen Saver set to show screen saver after 5 minutes together with a “Hot Corner” to activate Screen saver. So essentially any time I walk away from my computer it either locks automatically or I lock it. That way I am not concerned about anyone getting access to the contents of my keychain unless:
- They have cut off my finger so they can use it to unlock my computer
- Have my Apple watch and it's passcode to unlock the watch so it can unlock my computer (but at that point they would already have access to the Keychain which is on the watch)
- I have willingly or unwillingly given them my logon password
With those precautions, I am unconcerned about the contents of my Keychain. That said, my appraisal of Keychain is...
- PRO: it is “in the box” on all my devices.
- PRO: it works on all my applications on all my devices
- PRO: through iCloud the keychains on all my devices remain synchronized
- PRO: it is secure
- PRO: It works in all Apps
- PRO: It works automatically
- CON: Although is greatly improved, the password generator does not work with all sites. Possibly not even a majority of sites.
- CON: Unless you are rigorous in cleaning out the Keychain it is all too easy for multiple logons to the same site to accumulate
- CON: It can be annoying to access and manipulate the contents.
Because of Keychain's “Cons” I have long used various third party alternatives. I used 1Password until they recently moved their device synchronization to a proprietary site and the annual subscription went up significantly. I looking around for an alternative I came across the open-source utility
KeePass. To start with the KeePass database encryption is arguably as strong as, or stronger than Keychain and there are any number of different UIs available such as
StrongBox,
KyPass,
My Keepass,
AuthPass, and those are just some of the offerings on the App Store.
NOTE: All use the same KeePass database so if you don't like one front end, you can always choose another with no loss of data or data conversion. You can even use different “front-ends” on different devices to access the same KeePass database.
My “pick of the liter” of the front-ends is
StrongBox.
- PRO: there are versions for macOS, iOS, and iPadOS.
- PRO: all of my devices access the same KeePass database on my iCloud drive (actually in the Documents folder on my local HD which in turn is mirrored on iCloud.)
- PRO: it is secure: encryption keys can be passwords, hardware devices, a complex graphics file, or a combination of two or more of these
- PRO: It works in all Apps including Safari
- PRO: it is not limited to passwords and can store keyfiles and other data files as well
- PRO: the password generator is far more flexible than the one in Keychain with many options to meet the requirements of any site.
- PRO: because KeePass is first and foremost a database there are multiple options for organizing and structuring the contents
- PRO: THIS IS PERSONAL but, I find KeePass much easier to work with and manage than Keychain
- PRO: can be opened with any Apple authentication including, fingerprint, face-ID, and Apple watch.
- CON: choosing between Keychain and Strong Box is an extra step
