Having used 1Password since its very beginning, I grew increasingly distrustful of their product management and roadmap (the key point for me being that I will not subscribe to their cloud syncing service), so this is an attempt at putting together a systematic list of decent alternatives for my own use.
The features I need are:
- iCloud or OneDrive/Dropbox cloud sync across Mac and iOS (Windows and Linux are secondary).
- TOTP support.
- Having a subset of data (TOTP and credit card PIN codes) quickly available on the Apple Watch.
This will be turned into a proper table later, but here are the ones I’ve used and tested, as well as a few others of note:
Secrets is my current choice. It does not have a Watch app, but:
- It has great import features–it can import from multiple other password managers, and imported my 1Password vault without a hitch, including TOTP tokens, notes and other metadata.
- It does native iCloud syncing between iOS and macOS.
- The UX is very smooth (on the phone, you can navigate pretty much anywhere with just your thumb).
It also has a number of “creature comforts” like displaying passwords in large type or spelling them out, tag support, and a browser extension for Safari (as well as TouchID/FaceID and Shortcuts support, as well as other native features).
Only thing I’m missing on the Mac is getting to my favorites to copy a password/TOTP straight from the menu item, which I could do immediately on 1Password Mini.
First-Party OS/browser options
The password management space is something that I see as being ripe for Sherlocking in various ways (at least for browser logins), so its worth keeping in mind that there are already some pretty usable options out there that do 80-90% of what most people need:
- Keychain Access (and iCloud keychain) work for browser logins and are getting TOTP in upcoming releases of iOS/macOS, but have no support for arbitrary secure fields, notes, etc. (and no Watch support for TOTP either). Interestingly enough, Apple now has a Windows app for managing passwords as well.
- Microsoft Authenticator provides mobile access to the Edge browser keychain and has TOTP support (and partial Watch support, since you can use it for MFA with Microsoft personal and corporate accounts) but also doesn’t go beyond that.
The KeePass ecosystem seems like the best long-term option (given its maturity, stability, features and cross-platform support), but clients are kludgy and lack creature comforts.
Still, they might be the best solution for those of you who need full cross-platform, “local” vaults, and a great one if you want a third-party complement to the first-party options above.
And, of course, if you need something that works in Android (which I don’t these days) or Linux (which I might need in the future), this seems like the best way to go.
- Keepassium, an Open Source, KeePass-compatible app that can use any iOS cloud provider (works OK in cursory testing with iCloud, but am not sure how reliable it will be in the long run). They also have a beta (Catalyst) Mac app that mostly works, but (even better) an excellent guide on how to migrate from 1Password to the KeePass ecosystem via KeePassXC.
- MacPass, a polished macOS counterpart that seems to have some issues under BigSur (which are getting fixed).
- Strongbox also has macOS and iOS apps that can sync in various ways, but I haven’t tested them yet–plus it has subscription tiers, which is something I usually stay away from.
- KeePassXC is ugly as sin but great for converting your 1Password vaults, as well as installable via
brew install --cask keepassxc