Jamf Nation Community

The Keychain isn't a great UI, it can do it but it's not designed to be super easy to pull passwords out, generate passwords, or warn you when two services have the same password.

I recommend LastPass over 1Password because 1Password requires manual work to setup a Dropbox sync, making sure to not use the same password for Dropbox as you use for your actual password vault and etc. Also, until you roll something out company-wide, a co-worker can go and sign up for a free LastPass account on their own.

I also like the new user setup LastPass uses, very easy but also teaches and encourages about passphrases.

I actually use a combination of Keychain and 1Password. Keychain is great for convenience - especially if you happen to use Safari. As mentioned previously, Keychain isn't really designed to be a user-facing password archive though. That's where I use 1Password - it's more of a "vault" and a replacement for that encrypted Excel sheet of passwords and sensitive info that everyone used to keep somewhere. It's also nice you can throw documents and other miscellaneous files into it if you need to.

I'm a 1password and keychain user. 1passwords Dropbox integration is good, although I just do an occasional wifi sync and leave automated syncing options off as I'm a bit paranoid given the data stored in the 1password vault. Both solutions are personal though.

If you want something that can share passwords with colleagues, LastPass might be a better option. If you need a company store of passwords you might need to look at some enterprise options. We have a bespoke internal system for security reasons. We're not keen on putting our clients server credentials into Dropbox!

Keychain really isn't the most secure choice, and while I also use 1Password for historical reasons the best bet for enterprise at this point appears to be LastPass, especially that, as @adamcodega said, there are free accounts that people can sign up for before you get Enterprise.

What is the intended purpose? You can't get around (that I know of) using the Mac Keychain for certain things like account passwords (login).
If you're on Active Directory, it's more of a challenge on the Macs - especially if user's have more than one Mac/PC as you have to manually change things on the Macs.

A day doesn't go by where a user at my main account doesn't forget their AD password, which means it has to be reset and their keychains deleted. In spite of telling clients to keep track of their passwords, they don't.
The company has a work-around for them. They allow them a crazy long passphrase that doesn't expire, so they don't need to change every 90 days. It seems to help, but that's a bad solution IMO.

I use 1Password on all my devices. Not only does it manage passwords, but Credit Cards, software licenses, etc. and I get instant access to all my data by simply syncing with either Dropbox or iCloud. One password to manage, and well, it works amazingly well. If my Mac Keychain ever gets hose, I lose basically nothing.

I've never thought about using 1P as a company-wide solution, and I've never even looked at other options. But Apple's iCould Keychain is getting better and does a decent job, but it of course requires 10.9+ and iOS7+ and an AppleID, etc.

I guess it comes down to what you're trying to provide to your clients...

+1 for 1Password. KeyPass and the others can be great solutions but nothing beats 1Password for user experience in my opinion.

+1 for 1Password love it for personal use, but for our department we use Secret Server

SecretSever Link

http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571

+1 for 1Password. The Dropbox sync is especially nice, and it works across Win/OSX/Android/iPhone.

Ahh heck. Apparently it's all moot, at least temporarily!

http://www.macnn.com/articles/15/06/17/flaw.in.how.apple.handles.secure.app.data.storage.keychain.websocket.disclosed.129099/

This is why I only use banks that offer dual-factor authentication. ;)

Agile posted this on their blog. info here