ProtonBlog(new window)
Subskrybuj kanał RSS
is icloud keychain safe

Is iCloud Keychain safe?

Fergus O'Sullivan(new window)

Udostępnij tę stronę

If you’re on any Apple device, you’re familiar with the iCloud Keychain, the Apple password manager. It’s a handy tool that stores passwords for you and helps you manage your logins. 

For a program that stores all your most sensitive data in one place, you may have found yourself wondering whether iCloud Keychain is safe. While the software appears to be secure, there are a few issues that may lead you to find a better password manager.

Is Apple password manager safe?

The iCloud Keychain is secure from outside attack. It uses advanced encryption(new window) to keep your data secure, and Apple is open(new window) about how it encrypts your data and when (though the code itself is not open source, as we’ll explain below). As for privacy, Apple can’t see your Keychain data. Though Apple’s reputation for being a privacy-first company has taken a beating recently(new window), the logins you store on your Apple password manager are end-to-end encrypted(new window)

That’s not true of all your iCloud data though. For much of the info you save to iCloud, end-to-end encryption is not on by default, meaning the company can see your data. (Proton uses end-to-end encryption by default for all our services.) See our article on iCloud privacy(new window) to understand the limitations of Apple’s cloud storage.

Issues with the Apple keychain

Keychain is safe to use, but that doesn’t necessarily mean the iCloud Keychain is the right password manager(new window) for you. It has nowhere near the features you see with competitors, even free ones. Let’s go over some of its biggest issues.

Can’t share passwords

The iCloud Keychain lacks the ability to freely share passwords, letting you only share them with members who are in your Family group. If you want to quickly share a password with somebody, you’d have to add them, giving them more access than you might like. A proper password manager will streamline this process and give you more control over what you share.

Won’t work on non-Apple devices

Another, perhaps bigger issue, is that the iCloud Keychain doesn’t work very well on non-Apple devices. If you have an Android phone or a Windows laptop, you won’t be able to use anything stored on your Keychain without some serious tinkering. This means you would have to use Keychain on your Apple devices, and another solution on your non-Apple devices, which is a major hassle.

Closed source

The iCloud Keychain is also closed source, meaning independent researchers can’t verify how it works. If there are bugs or security issues, you’re counting on Apple and only Apple to find and fix them. (Apple’s track record(new window) in this regard is not great.) An open-source password manager can be audited by anybody, and that kind of transparency breeds a lot of trust.

Lack of flexibility

Finally, the iCloud Keychain only lets you store certain items, like passwords, passkeys(new window), and credit cards. It won’t let you add secure notes or let you add custom entries. This lack of flexibility can get constrictive when you have something that needs secure storage yet does not fit neatly into Apple’s structure.

An alternative to Apple password manager

Overall, the iCloud Keychain does a decent enough job of keeping your passwords safe. But why use it when there are much better alternatives out there? We developed Proton Pass with this in mind, an open-source password manager that offers the best in security and usability.

As we mentioned before, all our apps use end-to-end encryption, including Proton Pass. This means that nobody has access to your passwords, bank cards, notes, and certain metadata at any time except you and whomever you choose to share them with. Not even we can see what you’re storing. This makes Proton Pass a lot more secure by default.

Of course, we offer more than just security: Proton Pass works on most devices, and has apps for Windows, Mac (coming soon), Android and iPhone. Switching between these requires no effort; the transition is entirely seamless. So there are no compatibility issues like with the iCloud Keychain.

We also let you store miscellaneous items as secure notes, meaning all your secure items can find a home, not just what we deem you should store. Most importantly of all, our interface is laid out intuitively, meaning you can access all items and settings quickly without Apple’s many extra screens.

Best of all, Proton is not beholden to shareholders demanding profit, meaning that we don’t need to target ads at you. All our resources go into creating the very best experience for our community. If that sounds like something you’d be interested in, create a free Proton Pass account today.

Chroń swoje hasła
Utwórz bezpłatne konto

Powiązane artykuły

en
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
en
  • Podstawy ochrony prywatności
What is a brute force attack?(new window)
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
en
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
en
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
en
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
en
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage