Kudos to Apple for trying to solve the problems that make passwords ineffective in preventing the bad guys from hacking people's Web site accounts. While far from perfect, the iCloud Keychain introduced in OS X Mavericks, the latest version of the Mac operating system, is a positive step toward getting people to use something harder to guess than the popular "123456" and "password."
Mac to iPhone to iPad
iCloud Keychain is essentially a password manager in Safari that is set up in Mavericks, but extends to iPads and iPhones running iOS 7.0.3, the latest version of the mobile operating system. The concept is simple. To avoid having to remember separate passwords for multiple sites, users store them in Keychain, where they are encrypted and retrieved as needed.
This should encourage people to choose stronger options, such as a long string of arbitrary letters, numbers and symbols. However, that's only a theory and we won't know for sure, unless Apple tracks use and shares the results.
Nevertheless, I'm giving Apple credit for tackling a security problem that spans the desktop and mobile devices. Rather than have customers download third-party products, such as LastPass and 1Password, Apple is providing similar software as a feature in the OS.
Apple's generosity is not without its strings attached. Keychain only works with Apple products, so anyone with a Mac and an Android smartphone or tablet is out of luck.
People who take a best-of-breed approach to computing will have to turn to other vendors for password managers, which isn't a bad thing. Keychain is not nearly as advanced as the other products.
The Keychain Trap
One missing feature is a password generator that lets the user set the rules for the number and type of characters. But Keychain's biggest negative is the Apple only restriction.
I would not recommend Keychain to anyone except diehard Apple fans. If you decided to switch to an Android device or a Windows PC, then manually moving the stored passwords to a cross-platform product would be a real pain, especially if you are like me and have dozens of passwords.
With third-party managers, you simply install the plugin in the browser of your choice and you're ready to go. For Apple, making a move to another product that simple would not help it tie customers to its platform.
Apple was smart enough to let people store more than just passwords in Keychain. Credit card numbers are also welcomed, making them easily accessible to buy stuff in the future.
The time for smartphone and tablet makers to build in lots of security is now. People are beginning to recognize how much of their digital life is in their smartphone and they're starting to get worried.
In a recent Harris survey of about 1,000 Americans, more than 4 in 10 said they were concerned about losing personal information stored in their smartphone. Those worries have to go away before people start using their phones for purchases.
Apple is heading on the right path to ease consumers' troubled minds by making it easy to use much stronger security. What the company is offering is far from perfect, but it's a start.