is icloud keychain safe

If you’re on any Apple device, you’re familiar with the iCloud Keychain, the Apple password manager. It’s a handy tool that stores passwords for you and helps you manage your logins. 

For a program that stores all your most sensitive data in one place, you may have found yourself wondering whether iCloud Keychain is safe. While the software appears to be secure, there are a few issues that may lead you to find a better password manager.

Is Apple password manager safe?

The iCloud Keychain is secure from outside attack. It uses advanced encryption to keep your data secure, and Apple is open(new window) about how it encrypts your data and when (though the code itself is not open source, as we’ll explain below). As for privacy, Apple can’t see your Keychain data. Though Apple’s reputation for being a privacy-first company has taken a beating recently, the logins you store on your Apple password manager are end-to-end encrypted

That’s not true of all your iCloud data though. For much of the info you save to iCloud, end-to-end encryption is not on by default, meaning the company can see your data. (Proton uses end-to-end encryption by default for all our services.) See our article on iCloud privacy to understand the limitations of Apple’s cloud storage.

Issues with the Apple keychain

Keychain is safe to use, but that doesn’t necessarily mean the iCloud Keychain is the right password manager for you. It has nowhere near the features you see with competitors, even free ones. Let’s go over some of its biggest issues.

Can’t share passwords

The iCloud Keychain lacks the ability to freely share passwords, letting you only share them with members who are in your Family group. If you want to quickly share a password with somebody, you’d have to add them, giving them more access than you might like. A proper password manager will streamline this process and give you more control over what you share.

Won’t work on non-Apple devices

Another, perhaps bigger issue, is that the iCloud Keychain doesn’t work very well on non-Apple devices. If you have an Android phone or a Windows laptop, you won’t be able to use anything stored on your Keychain without some serious tinkering. This means you would have to use Keychain on your Apple devices, and another solution on your non-Apple devices, which is a major hassle.

Closed source

The iCloud Keychain is also closed source, meaning independent researchers can’t verify how it works. If there are bugs or security issues, you’re counting on Apple and only Apple to find and fix them. (Apple’s track record in this regard is not great.) An open-source password manager can be audited by anybody, and that kind of transparency breeds a lot of trust.

Lack of flexibility

Finally, the iCloud Keychain only lets you store certain items, like passwords, passkeys, and credit cards. It won’t let you add secure notes or let you add custom entries. This lack of flexibility can get constrictive when you have something that needs secure storage yet does not fit neatly into Apple’s structure.

An alternative to Apple password manager

Overall, the iCloud Keychain does a decent enough job of keeping your passwords safe. But why use it when there are much better alternatives out there? We developed Proton Pass with this in mind, an open-source password manager that offers the best in security and usability.

As we mentioned before, all our apps use end-to-end encryption, including Proton Pass. This means that nobody has access to your passwords, bank cards, notes, and certain metadata at any time except you and whomever you choose to share them with. Not even we can see what you’re storing. This makes Proton Pass a lot more secure by default.

Of course, we offer more than just security: Proton Pass works on most devices, and has apps for Windows, Mac (coming soon), Android and iPhone. Switching between these requires no effort; the transition is entirely seamless. So there are no compatibility issues like with the iCloud Keychain.

We also let you store miscellaneous items as secure notes, meaning all your secure items can find a home, not just what we deem you should store. Most importantly of all, our interface is laid out intuitively, meaning you can access all items and settings quickly without Apple’s many extra screens.

Best of all, Proton is not beholden to shareholders demanding profit, meaning that we don’t need to target ads at you. All our resources go into creating the very best experience for our community. If that sounds like something you’d be interested in, create a free Proton Pass account today.

Protect your passwords
Create a free account

Related articles

Identity theft is a major sector of criminal activity. About 24 million people fell victim in the United States alone in 2021, costing them over $16 billion. Credit card fraud is the most common type, but criminals target all kinds of personal data.
Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi