What if password managers were never allowed on iOS?

Posted by Matt Birchler
— 3 min read

I have found myself writing about myths and what I find to be unfounded fears about allowing companies to compete with Apple’s apps a lot recently. One of the concerns a few people brought up with my last post about competition was that even if it might make Apple’s Wallet app better, people don’t think that any other company in the world is trustworthy enough to make a wallet that can also be set as your default on the iPhone and that can make contactless payments at the grocery store.

I’ll let my previous posts speak more to why I think many of those fears are based in a fundamental misunderstanding of the involved parties’ incentives, but today I wanted to pose an alternate history that I think explains some of my optimism around opening up iOS to allow alternate wallet apps to be set as the default on your iPhone, as well as letting those wallets use the NFC chip for contactless payments.

Password managers

iOS ships with Keychain, a password manager that includes numerous features including but not limited to:

  1. Sync passwords between Apple devices
  2. Autofill passwords in apps (iOS only) and Safari
  3. Suggest strong passwords
  4. Store two-factor (2FA) codes
  5. Store passkeys

And it does all this securely and with the user’s interests in mind. It’s not ad-supported or carelessly stores your credentials unencrypted. It’s good!

Now let’s pretend that App Store rules for the last 16 years have blocked other companies from making password managers. After all, passwords, 2FA codes, and passkeys are sensitive stuff! “Do you really want to trust anybody with that? No thank you, it’s actually good that Apple maintains absolute control over how our passwords are stored. If we let other companies do it, all we’d get are trashy apps that are only out to scam me and keep my passwords insecure. After all, you just said Apple’s Keychain is good, so why are you complaining?”

Based on some of the responses I’ve gotten to my pieces about wallets, I 100% guarantee the above argument would be made about password managers if they hadn’t been allowed forever already.

But password managers have been able to exist on iOS since the start, and we’ve been able to set other apps as our default password manager on iOS since 2018. I think it’s fair to say this has been good for pretty much everybody as well. 80% of the market can use Apple’s built in solution, but those who don’t fit into that mold can get something better suited to their needs.

For my part, I use 1Password because my needs don’t match up well with Apple’s Keychain features:

  1. I want to store more than passwords and passkeys
  2. I need first-class support on Windows and Android
  3. I don’t use Safari as my default browser on the Mac (the Chrome extension is not good)
  4. I want to autofill in apps on my Mac
  5. I need more sharing options

And on top of that, I just prefer 1Password’s UI to Keychain’s.

Although I recently tried using Safari more and that meant using 1Password's Safari extension. As a Chromium browser user, I never really understood the ire people seemed to have for 1Password's extension since it worked wonderfully for me. Using the Safari version feels like using a totally different app, though. I'd say 75% of the time the extension remains locked because it can't seem to talk to the app, which is absolutely maddening. If you use Safari and 1Password, I totally get why you'd be irate at its reliability.

And 1Password has a sterling reputation for security. People have issues with their UI decisions and their move to pure subscriptions, but no one is going to argue that they’re just pretending to make a good password manager and in fact actually want to steal all your personal data and sell your passwords on the black market. See also Keeper, Proton Pass, Chrome, Bitwarden, Dashlane, and LastPass (although that last one has had more security issues than you’d love to see).

My point is not that one must use these third party password managers or that we live in a risk-free world for passwords, but that despite third party options for storing some of our most secure items, everything has been pretty much fine and we don’t have widespread gnashing of teeth around whether the above companies should be allowed to exist on the iPhone.

You can apply this line of thinking to other parts of the operating system as well, but I think password managers are a particularly good comparison to digital wallets. In fact, 1Password also has all of my card info stored in it as well! So while some are catastrophizing a theoretical future where users are scammed by terrible wallet apps, I think we can look at the password manager market and go, “huh, it’s kinda the same situation and it’s actually all pretty okay.”