Mac 101: Keychain
The Keychain on your Mac is a little application buried in the Utilities folder in your Applications folder. I say buried because I think Keychain is sadly neglected by most users. Here are some things you can do with it:- Save web page passwords
- Save login info (aside from websites, like your IM logins)
- Save protected notes (secret stuff)
This 101 will be a little longer than usual, so I can show you how to use Keychain to store passwords and other secret things. Later, in our Secure Your Mac series, we'll talk about making a good password so all these things stay private. Full details on how to easily use Keychain after the jump.
Step One, Saving Passwords:
Let's make sure you are saving passwords into Keychain. Go to Safari, click the word Safari (drops down a menu), go to Preferences, then click on AutoFill. Make sure 'User names and passwords' is selected. This will tell your Mac to save all those name/password combos in Keychain. Note that Firefox, one of the more popular browser alternatives, stores passwords in its own password manager though Camino, a TUAW favorite, does share Safari Keychain entries. Not everything uses Keychain, but most everything does, and we're assuming you're just using more of what Apple gives you.
Step Two, Locating Saved Passwords:
Assuming you have actually gone to a website, entered in a username/password, and allowed Safari to save it (it'll ask if you want to save, which is nice) you may now open Keychain, located in the Utilities folder in your Applications folder.See the category list? Kinda like playlists in iTunes, those are all the "things" Keychain can save for you. The Passwords can be opened up to reveal AppleShare, Application, and Internet.
AppleShare is for connecting to network drives, Application passwords are for things like AIM (that is, an application on your machine that needs to log in somewhere in order to work), and Internet is for all those web form passwords.
Of course, you can stay on All Items and just search in the upper-right corner of Keychain!
Point is, when you want to find your lost password, you can go here. You'll need to type your "admin password" which is the password you probably use to log in to your machine. NOTE: If you are not the "administrator" or your login doesn't work to open stuff up, ask whoever set up your machine-- they probably locked it down for good reason.
Step Three, Seeing the Passwords:
Looking in the large area to the right of the Categories you'll find all your saved stuff. The little blue @ sign is a web form password (like you might use to log in to Amazon or something). If you double-click one of these items, you'll see a window open with info, and at the bottom there's a little checkbox with "Show password" and a blank field next to it. Click that checkbox and yet another box opens. This is where you'll need that admin password (if you set up your own machine it'll be whatever you set your login password to be). You then check either Allow Once (safest) or Always Allow (less safe, because anyone can come behind you and re-open and see the password, but they still have to have your machine in their hands). Either one will then reveal the password for that account.
Whew!
Tips and a gotcha
Let's say you have something that needs to be private, but you don't know where to save it. Maybe the PIN to your phone's voicemail. Well, in Keychain, go to File > New Secure Note Item... and bingo, a locked-down snippet of info in Keychain is yours. To see the data, you'll have to enter that admin password again. There's also a Notepad Widget for your Dashboad that'll make this a little faster.
Most of the time the Keychain is something you just "set and forget" but for those random times you need to get something you forgot, don't be afraid! If you have a .Mac account, you should also start backing up your Keychain data too, but we're hoping Leopard will automate this process as well with Time Machine. Until then, Apple has a way for you to back up your Keychain data without using a .Mac account.
The "gotcha" to all this? Well, if you forget or lose or never knew your admin password you won't be able to get in to see these things, so Keychain is only as good as that password, and only useful if you can gain access. That's the way security works, but that's why we started a series about securing your Mac.
Share
Categories
The Keychain on your Mac is a little application buried in the Utilities folder in your Applications folder. I say buried because I think...
Add a Comment
Hi. Please help. I just bought an Imac intel cor 2 G5 used off ebay. Guy gave me the user password so got it up and running no prob. The when I tried safari or ebay it came up with the box enter keychain password. then threw me off safari when I didn't have the password. Looked all through keychain access areas. Guy doesn't know keychain password, it wasn't his. Please advise. thanks Elizabeth
October 21 2007 at 10:19 AM Report abuse Permalink rate up rate down ReplyVictor,
I, too, love the keychain. Obviously, I'd like to back it up in another place besides my system, because it has such important information in it. However, I am leery about throwing copies of the keychain file on the different servers I usually use for remote back-up of my stuff, because it DOES contain such crucial information. In other words, if you were using the "old school" method of just having every password written down on a ragged piece of paper, it seems like the equivelent of leaving copies of that paper all over the place.
Is there no way to get at the keychain password info without the "master password" that unlocks the keychain? Am I worrying about nothing?
Every time my mac goes to sleep, and then wake up, I have to type my airport password for the internet, even though its saved on the keychain. Can someone help me?
September 17 2007 at 11:05 PM Report abuse Permalink rate up rate down Reply(#10) @NextLevel - Resetting the User password from the Install Disk or command line *does not* reset the Keychain password. When you set up the initial account or a new account, by default it sets the "login" keychain password to the same as the user password (which makes sense, given that the "login" keychain is simply a little hook that says "when user logs in, if there is a keychain called login, try unlocking it with the same password"). You don't actually even need a "login" keychain; you can operate without it, or create a new keychain with a different name and make it the default keychain, the drawback being that you have to manually unlock it at least once after you log in to your user. However, after the initial user setup, the login password for the user and the "login" keychain password are kept completely separate. This fact leads to the most common issue with Keychain, which is where a person forgets their user login password (set for autologin, rarely installs software, etc), resets the password using the Install Disk, logs in successfully with the new password, and is suddenly prompted by every application (that has a stored password) to unlock the keychain "login". The individual keychain files (actually, the individual items within each keychain) are encrypted using whatever password has been set and should be reasonably secure (absent big time brute force cracks) even if the unit were booted into Target Firewire and the keychain file itself was pulled/copied. There are even ways to store keychains on removable volumes, if you really don't want the data to leave your sight.
September 17 2007 at 6:32 PM Report abuse Permalink rate up rate down ReplyI have a confusing problem.
It keeps asking me if I want to save the password when I open Mail for the first time I open the program.
I want to save it but the password does not save.
@NextLevel: can you define "easily" please? I think you'll find ANY security system can be bypassed given enough time and knowledge. Credit cards are "easily" stolen if one leaves their wallet on the bus.
So of course, the safest thing to do is disable cookies, remove autofill, have nothing stored on your Mac at all, but work from memory or a piece of paper in a safe in a room surrounded by sharks with lasers on their heads.
Again, saying "NOT very safe" without a quantity of comparision is like saying "my water is NOT very good." Compared to what?
Is there something you'd like to recommend?
i love keychain, and use it faithfully. as a happy customer, i'll also add that 1Psswd is a great piece of security software that works in conjunction with keychain: http://1passwd.com/
September 17 2007 at 3:42 PM Report abuse Permalink rate up rate down ReplyThis is NOT very safe..
You can reset an admin password very easily on a mac, therefore getting access to the keychain and any important information.
#7 -- Aron, we know, we know... the pain is shared.
#6 -- Rafe, in Safari 3 beta there's an option in Reset Safari to leave the keychain passwords alone; clearly this has been an issue for others.
Rafe, that's a really good point, and I didn't realize Safari could wipe that stuff out with autofill off.
September 17 2007 at 1:29 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
- Philips wOOx Alarm Clock Radio for Apple iPod / iPhone for $60 + free shipping
- iWatchz Elemetal Collection Bracelet for iPod nano for $75 + free shipping
- iFrogz Luxe Lean Hard Case for iPod touch for $10 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
17 Comments