A security related conundrum that we all surely face, and eventually realise needs proper addressing, is: password management. Over time we accumulate numerous usernames and passwords: Gmail, Netflix, Amazon, online banking, iCloud, and so on. We’re occasionally required to recall these usernames and passwords. A ‘system’ is needed to help us manage such login credentials, wouldn’t you agree?
Keychain: a solution to password management.
Apple devices come with a utility for this very purpose, that stores our passwords and account information, retrieving them as and when required. It’s called Keychain, and it’s actively ‘doing its thing’ in the background as we speak.
I recommend everyone to at least be familiar with Keychain. If you embrace it as a system, it will unite the devices you use, and reduce the number of passwords you have to remember and manage. Utilising Keychain is a step towards simplifying your life.
In this article we’ll look at how Keychain works; how to view your saved passwords; and the benefits of / how to set up iCloud Keychain.
Keychain in action.
Remember when you first joined your home Wifi network? The reason you haven’t had to re-enter that password ever since is because it was saved to your Keychain. The same goes for the Mail app: you don’t have to re-enter your email password every 5 minutes because it’s saved (to your Keychain).
If creating a new online account, Safari will ask ‘Would you like to save this password?’. If you click the Save Password button it’s saved…..
…. to your Keychain.
What’s more is, any such saved credentials can automatically make their way over to your other devices, via the iCloud feature, iCloud Keychain. This can be a huge timesaver!
How Keychain works.
1. You switch on your Mac, and enter the password for your macOS user account.
2. Once you’ve logged in, the Keychain for your user account, containing your previously saved passwords, is unlocked, and made available to you, and the apps you use.
3. Any previously saved passwords will be retrieved automatically as and when required.
(the principle is similar for iPhones and iPads).
To be in command of your Keychain, and to keep it secure, there’s a few specific accounts / login credentials, that you need to be familiar with. You will want to memorise these credentials (write them down if you must), and keep them private, because anyone who knows them, and has physical access to one of your devices, will be able to view your Keychain’s saved passwords.
The accounts / login credentials you need to memorise, and keep secure, are:
(If you’re unsure about any of these accounts, or would like to change a password, just click the appropriate link for directions.)
Once you’ve memorised the credentials to the above accounts, you won’t need to memorise most other accounts and passwords, as they’ll be saved to your Keychain.
To fully benefit from Keychain you must use Safari.
An important thing to note is, to really benefit from Keychain you need to use the Safari browser, because other browsers, such as Chrome and Firefox, don’t ‘talk’ to Keychain.
- automatically retrieve, and fill in any saved passwords for you.
- suggest new passwords when required (I believe you should accept such password suggestions, because manually creating unique passwords every time is such a drag…).
- save newly created accounts to your Keychain.
- provide a means to view, edit, add, and manage previously saved passwords.
To fully benefit from Keychain, you need to switch iCloud Keychain on.
There’s just a little more preparing to do. iCloud Keychain is the feature that unites your devices Keychains.
Here’s how Apple describes iCloud Keychain:
“iCloud Keychain keeps your Safari website usernames and passwords, credit card information, and Wi-Fi network information up to date across all of your approved devices that are using iOS 7.0.3 or later or OS X Mavericks 10.9 or later.
iCloud Keychain can also keep the accounts you use in Mail, Contacts, Calendar, and Messages up to date across all of your Mac computers. And when you sign in to Facebook, Twitter, LinkedIn, and your other Internet accounts, iCloud automatically adds your usernames and passwords to all of your devices.”
You’ll want to have iCloud Keychain enabled on all of your devices, which you may already have, but let’s just check to be sure. At this point you’ll want to have all, or most of the devices you use at hand, as you may encounter Apple ID or iCloud security procedures, such as two-factor authentication, or the iCloud Security code (don’t worry, just deal with these if and when they arise).
To check if iCloud Keychain is enabled on your Mac:
Go to the Apple menu (top left)->System Preferences, and click on iCloud. Ensure Keychain is ticked.
To check if iCloud Keychain is enabled on your iPhone / iPad:
From the Home screen, tap Setting->[Your Name] (at the top of the list)->iCloud. Ensure Keychain is switch on.
Viewing previously saved passwords in Safari on your Mac.
In Safari, you can view previously saved passwords by going to the Safari menu (top left)->Preferences, and click on the Passwords tab. You’ll be asked to enter your user account password before being able to view the saved passwords.
The above screenshot has been obscured, but clicking any item in the list will reveal the password in the right hand column.
You can see that, without knowing your macOS User Account password, you can’t view your saved passwords. Conversely, anyone who knows your computer user account password will be able to view your saved passwords.
Viewing your passwords in the Keychain Access app on your Mac.
In Safari, you won’t be able to view Wifi passwords or Internet Account credentials. For this we need to use the Keychain Access app instead, which you can find in your /Applications/Utilities folder. Keychain Access can be quite overwhelming because, in addition to passwords, it also lists lots of other ‘stuff’ that we don’t need to understand, or be concerned with.
To find something in Keychain Access, try doing a search (top right) by typing the first few letters or numbers of the item you’re looking for. It can be a bit like detective work so, use common sense. Once you’ve found what you’re looking for, double click on the item in the list, and in the resulting window, tick Show Password. You’ll be prompted for your macOS user account password. Once entered, the password will be revealed.
Viewing previously saved passwords on your iPhone / iPad.
To view saved passwords on your iPhone / iPad, go to Settings->Accounts & Passwords->App & Website Passwords.
Everyone needs a system to manage their usernames and passwords. Yes, you can devise your own (e.g. a pen, and a notebook), but I reckon it requires more time and discipline to maintain it.
Keychain, and iCloud Keychain, takes a bit of understanding, and setting up, in order to get the full benefits. It isn’t perfect but, when it works, it’s very satisfying. What’s more is, if you’ve been actively using Keychain, when you purchase a new device and sign into iCloud, you’ll be delighted by the fact that all your passwords and internet account are carried over, and automatically set up for you.
Some people might be horrified at the thought of saving passwords and credit card information in iCloud. I don’t believe any internet connected device, or ‘cloud’ based account will ever be entirely safe, but the convenience of iCloud outweighs paranoia, and Apple’s security measures are likely better than anything I could ever come up with (aside from turning everything off). I’ll never be an IT / internet security expert. Therefore I’m happy to use Apple’s free, consumer friendly, security features and recommendations.
Keychain isn’t the only password manager. There’s 1Password, for example, but I don’t see what advantages it has over Keychain.
Any Keychain questions, password manager thoughts, or suggestions, feel free to post them in the Comments section below.