Having used 1Password since its very beginning, I grew increasingly distrustful of their product management and roadmap (the key point for me being that I will not subscribe to their cloud syncing service), so this is an attempt at putting together a systematic list of decent alternatives for my own use.
The features I need are:
- iCloud or OneDrive/Dropbox cloud sync across Mac and iOS (Windows and Linux are secondary).
- TOTP support.
- Having a subset of data (TOTP and credit card PIN codes) quickly available on the Apple Watch.
This will be turned into a proper table later, but here are the ones I’ve used and tested, as well as a few others of note:
KeePass
The KeePass ecosystem is the best long-term option (given its maturity, stability, features and cross-platform support), but clients are kludgy and lack creature comforts. Around mid-2023, I decided to make the switch and adopted KeePassium Pro to use across both macOS and iOS, with KeePassXC for my Linux and Windows machines.
I belive this is the best solution for those of you who need full cross-platform, “local” vaults, and a great one if you want a third-party complement to the first-party options above.
And, of course, if you need something that works in Android, there are plenty of compatible apps.
KeePassium is also Open Source, and the Pro version is a lifetime purchase that also works on Apple Silicon Macs–including full AutoFill integration in Safari.
They also have an excellent guide on how to migrate from 1Password to the KeePass ecosystem via KeePassXC.
Alas, they do not have plans for a Watch app and, at least from my perspective, are completely missing the point about how useful it would be.
Other alternatives are:
- MacPass, a polished macOS counterpart that used to have some issues under BigSur (which have since been fixed), but no iOS counterpart.
- Strongbox also has macOS and iOS apps that can sync in various ways, but I haven’t tested them yet–plus it has subscription tiers, which is something I usually stay away from.
- KeePassXC is ugly as sin but great for converting your 1Password vaults, as well as installable via
brew install --cask keepassxc
The KeePass ecosystem (currently) doesn’t have passkeys support, however, which is why I am also using OS options (but definitely not Google’s Passkey implementation).
First-Party OS/browser options
The password management space is something that I see as being ripe for Sherlocking in various ways (at least for browser logins), so its worth keeping in mind that there are already some pretty usable options out there that do 80-90% of what most people need:
- Keychain Access (and iCloud keychain) work for browser logins and support TOTP and Passkeys in current releases of iOS/macOS, but have no support for arbitrary secure fields, notes, etc. (and no Watch support for TOTP either). Interestingly enough, Apple now has a Windows app for managing passwords as well.
- Microsoft Authenticator provides mobile access to the Edge browser keychain and has TOTP support but also doesn’t go beyond that.
Secrets 3
Secrets was my choice until May 2023. I have decided not to upgrade to Secrets 4 because it too emphasises subscription pricing (even though there’s a cross-platform single lifetime in-app purchase) and does not address my needs (like having a watch app).
I picked it back in 2019 because:
- It has great import features–it can import from multiple other password managers, and imported my 1Password vault without a hitch, including TOTP tokens, notes and other metadata.
- It does native iCloud syncing between iOS and macOS.
- The UX is very smooth (on the phone, you can navigate pretty much anywhere with just your thumb).
It also has a number of “creature comforts” like displaying passwords in large type or spelling them out, tag support, and a browser extension for Safari (as well as TouchID/FaceID and Shortcuts support, as well as other native features).
Only thing I’m missing on the Mac is getting to my favorites to copy a password/TOTP straight from the menu item, which I could do immediately on 1Password Mini.
Full disclosure: I know the Secrets developer personally (as we both worked at Portugal Telecom), and I believe the security design to be very sound.
Other Options
- PwSafe
- PasswordWallet
- QtPass, a front-end for
pass
- Passbolt, an intriguing option for teams
- vaultwarden, a self-hostable sync server for Bitwarden, another little ecosystem I’m aware of but which seems too complex.