How to use iCloud Keychain

Apple's new iCloud Keychain aims to solve an irritating problem: even if you've entered usernames and passwords on your Mac, you still have to reenter every single one manually on your iPhone and iPad (as well as any other Macs you use). As of OS X 10.9 Mavericks and iOS 7.0.3, however, iCloud Keychain keeps these account credentials, along with credit card numbers and other personal information (including your account settings for email, contacts, calendars, and social networking services) in sync across your Macs and iOS devices automatically.

Plus, Safari on both platforms now sports new features that integrate with iCloud Keychain, such as a built-in random password generator and an improved autofill capability. (Third-party apps may add support for iCloud Keychain in the future.)

The setup process for iCloud Keychain is suprisingly involved, and has a couple of less-than-obvious steps. However, once you've done this for each of your devices, iCloud Keychain syncs invisibly in the background, just like other iCloud data, and normally requires no manual intervention.

Before I explain how to use iCloud Keychain, I want to point out that you're free to leave it turned off if you prefer, or to use a different password manager such as AgileBits's $40 1Password 4 and $18 1Password for iOS (), which include a number of additional, useful features. But if your only reason for avoiding iCloud Keychain is not wanting to store your passwords (encrypted though they are) on Apple's servers, it's possible to maintain device-to-device syncing without storing your passwords in iCloud--you just have to know the trick, which I'll explain in a moment.

Set up your first device

The process for setting up your first device (whether it be a Mac or an iOS device) differs slightly from the one for setting up subsequent devices, because you must approve every subsequent device to use iCloud Keychain--either by entering a security code that you've chosen or by entering your Apple ID password on another device that's already set up for iCloud Keychain.

OS X: If you weren't prompted to set up iCloud Keychain while installing Mavericks, you can do so in the iCloud pane of System Preferences; the process is basically the same either way. Select the Keychain checkbox, enter your Apple ID password, and click OK. You'll then be prompted to create and confirm an iCloud Security Code. By default these are four-digit codes; to get more options, such as a long random string, click Advanced. You'll also be prompted to enter a mobile phone number for receiving SMS messages to confirm this code.

Now here's the trick to prevent iCloud from storing your passwords, if that's what you want to do. In the Advanced view, click Don't Create Security Code, and your iCloud Keychain will be stored only on your device, though it can still sync between devices if you use one device to approve another. (For more on this topic, see Apple's iCloud Keychain FAQ.)

If you don't already have your Mac set to require a password after a period of inactivity, you'll be prompted (but not required) to enable that feature in the Security & Privacy pane. Click Not Now if you want to defer that decision.

iOS: First, make sure your iPhone is running iOS 7.0.3 (or later). Your phone must restart after updating. Then, tap Settings > iCloud > Keychain and turn the switch on (it's green when on). Follow the prompts (similar to those just mentioned) to set up an iCloud Security Code, or opt to skip the code.

Once setup is complete, you'll get a new keychain on the device called 'iCloud', which initially contains most of the entries from your existing login keychain. To change settings (such as your iCloud Security Code) later on a Mac, go to the iCloud preference pane and click Account Details. On an iOS device, tap Settings > iCloud > Account >Keychain.

Approve a device

Once your first device is set up, move on to the next one. Enabling iCloud Keychain works the same way, except that after entering your Apple ID password, you'll be prompted to choose a method to approve access:

Use iCloud Security Code (iOS) or Use Code (OS X): Enter the security code you selected when you set up your first device. You may also have to enter a verification number sent via SMS to your mobile phone, although in my testing this didn't happen.

Request Approval (iOS) or Approve from Other Device (OS X): Tap or click this button, and a notification will appear on all your other devices that have iCloud Keychain enabled with the same account. On a Mac, open the iCloud pane of System Preferences, click the Details button next to Keychain, enter your password, and click Allow. On an iOS device, enter your Apple ID password when prompted, and tap Allow.

Use iCloud Keychain in Safari

To use iCloud Keychain in Safari on a Mac, choose Safari > Preferences, click AutoFill, and make sure all desired categories are selected. On an iOS device, tap Settings > Safari > Passwords & AutoFill, and enable your preferred categories.

Then, when you visit a site in Safari for which you've previously stored a username and password, the fields should be filled in automatically; just click or tap the Login (or similar) button to log in. If you manually enter a username and password that wasn't stored in your iCloud Keychain, a prompt should appear; click Save Password to store your credentials for that site.

Generate a password: To generate a new, random password for a site on which you're setting up an account, first make sure the Password field is blank and then click or tap in it. Safari will suggest a password; click or tap it to fill it in and save it in iCloud Keychain.

Store more than one password per site: iCloud Keychain can store more than one username/password combination per site, too. When you visit a site for which you have multiple credentials, delete the prefilled username and password, and then click in the Username field. Safari will pop up a list of options for you to choose from.

Store credit card numbers: Credit card numbers work almost the same way as passwords. When you enter a number the first time, Safari prompts you to save it. Later, when you see a blank Credit Card Number field in Safari, click or tap in that field to display a list of credit card numbers you've stored in iCloud Keychain; then select the one you want. Although Safari fills in your card number and expiration date, you must type in your CVV number yourself--an irritating limitation.

To view or remove saved passwords on a Mac, choose Safari > Preferences and click Passwords; on an iOS device, tap Settings > Safari > Passwords & AutoFill > Saved Passwords. Both versions of Safari also have a setting that lets you override sites that disable AutoFill--it's Allow AutoFill Even for Websites that Request Passwords Not Be Saved on a Mac, and Always Allow on an iOS device.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppleOS X MaverickssecurityOS XApple October 2013 Eventsoftwareoperating systems

More about AppleEnablingMacs

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joe Kissell

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place