# The discovery of one of my email addresses on HaveIBeenPwned (again) is making me seriously rethink online security.

There is no guarantee that the listing had an associated password, or that any password listed was up to date, but the frequency with which these huge data dumps are published is becoming increasingly worrying.

I'm considering letting Apple's Keychain generate complex passwords for me and then possibly using a password manager beyond Keychain because I'll obviously never be able to remember them.

Do I need another option beyond Keychain?

How does Keychain generate the passwords and should I be worried about the potential for 'algorithm leakage' here?

Keychain isn't perfect (it's obviously Apple only) and isn't the most convenient password manager (copying a suggested password at the time of creation is impossible, for example) but it's built directly into the software I use most and syncs for free via my iCloud account.

If the subscription for a third party solution is purely for added convenience then is it worth it?

I installed 1Password to test it during the initial trial and it didn't seem drastically more convenient than Keychain: similar steps but in a different order. The only immediate benefit, from what I can see, is that it's contained within an app rather than a few layers down in iOS Settings.

Whichever way I go it'll be a case of forming a new habit - always hard - but it'll be worth it.

  1. One really nice feature in 1Password is support for what I’ve seen called 2fa or time based one time passwords. Also web interface and Windows if ever need that. I’m still on my one-time purchase license(macOS, iOS), but planning to switch to subscription.
    1. Colin Walker says: #
      Cross platform/OS availability is certainly an attraction but I use Windows so infrequently at home now that I'm not sure it's worth it.