
Ask HN: Why don't Google or Apple make complete password Managers? - omosubi
By complete password managers I mean ones that work across all their devices and are synced ~<i>in the cloud</i>~. It seems like they would get a big chance to lock more people into their platforms.
======
tsucres
I might be missing something, but I think Apple’s iCloud KeyChain [1] does
exactly what you’re describing (for Apple devices only ofc).

[1] [https://support.apple.com/en-us/HT204085](https://support.apple.com/en-
us/HT204085)

------
Eridrus
OMG this whole situation infuriates me.

I've complained about this to Google's security folks, and basically the
answer I got there was that they don't believe in password managers as a
solution and would rather have FIDO/U2F become a thing.

Another part, I think, is that building a password manager is hard. I tried to
build my own and quickly found that the problem of finding out which fields
are username/password fields was not always easy. Some websites don't even
mark password fields with type="password", so you end up with JavaScript ML
systems and massive site-specific lists for guessing which fields are
username/password fields, and it's a pretty big task to make it really work.

Also, if you've ever recommended a password manager to someone not very
technical, pretty soon they forget their master password, and now can't access
their passwords, and its' your fault.

Having said all that, Chrome's password manager has been getting better, and
they do have an app auto-logic on Android, so maybe those will combine. But I
don't think it's a good lock-in strategy for Google, because they don't have a
holistic ecosystem - most people are not using Chromebooks - so there isn't
really any lock in play for them. Same thing goes for Microsoft, and to some
extent Apple, since Safari isn't overwhelmingly popular on OSX.

IMO what is really needed is a standard for this, rather than lock in, so that
these companies can co-operate on this and stop trying to make this a
marketing bullet point.

~~~
rstuart4133
> I've complained about this to Google's security folks, and basically the
> answer I got there was that they don't believe in password managers as a
> solution and would rather have FIDO/U2F become a thing.

They have a point. We've had the technology for improving authentication for
literally decades - that's effectively what a SIM does. We've had these secure
modules in our smartphones forever. The technology is dirt cheap, ubiquitous,
and with the advent of these wireless transports the user interface problem is
solved. The infuriating thing for me is we still don't use it.

Google has succeeded in forcing the planet to move to https, so I guess they
imagine they can do the same thing for authentication. If they succeed they
will kill phishing. I wish them luck.

If it were possible to have a NFC WebAuthn implanted in the back of my hand
and I could invisibly control the userHandle it handed out by invisibly
twitching a muscle or something, I'd be falling over myself to get the surgery
done.

------
stephenr
This is exactly what iCloud Keychain does, _except_ (unless it’s changed
recently?) you can sync it peer to peer too, you don’t have to store the
contents in iCloud.

The only part it’s “missing” is a 2FA TOTP generator, but apps like
[https://cooperrs.de/otpauth.html](https://cooperrs.de/otpauth.html) work
quite well in that regard so it’s not a major pain point.

Safari + (iCloud) Keychain is IMO evidence that good password management can
work client side - these “alternative” solutions like login links via email
etc are basically catering to the shit experience of other browsers/platforms.

------
duxup
Google would probabbly just prefer you sign in to all your services just using
their account.

Thus you wouldn't need a password manager if everything was Google Identity
Platform....

That aside chrome has a password manager. I'm not saying it is the perfect
solution, but it is there.

~~~
anticensor
You cannot sign in to your bank using your Google account.

~~~
duxup
Google probabbly wishes you would...

Other than a handful of cases that they're not focused on I'm thinking they're
still focused on their identity platform.

------
zapzupnz
On macOS: Safari app -> Preferences (Cmd-,) -> Passwords

Alternatively: /Applications/Utilities/Keychain Access.app

On iOS: Settings app -> Passwords and accounts -> Touch ID/Face ID

------
thedudeabides5
probably because then they would be liable for when someone hacks your shit
and then uses it to login to your bank and steal all your stuff

~~~
clubm8
> probably because then they would be liable for when someone hacks your shit
> and then uses it to login to your bank and steal all your stuff

Which law specifically would make Apple liable if your iCloud keychain was
hacked and the credentials used?

