How to better manage passwords with Keychain Access

If you've ever encountered a dialog box that, upon asking for a password, offers to store it, you've had a brush with OS X's keychain. And perhaps you think that's all it's good for--storing your web, email, and network passwords. While it can do all that, the keychain and its partner, Keychain Access, offer additional password-related options you should be aware of. Here's how to put these options to best use.

Retrieving saved passwords

Since the keychain holds your passwords, it's hardly a leap to believe it can be used to retrieve them. However, since it does so automatically, you may so rarely interact with your passwords that you forget them. This is particularly so if you use Apple's password generation tools, which create passwords difficult to remember. Should you need to retrieve your password, you can easily do so with two options using Keychain Access.

The first is to launch Keychain Access (found in /Applications/Utilities) and search for your desired, for example. Double-click the keychain entry to open it and then enable the Show Password option. When prompted, enter the username and password associated with the login keychain and click Allow. The password will appear in the appropriate field.

In addition to this approach, you can copy a password to the clipboard by selecting Edit > Copy Password to Clipboard (or press Shift-Command-C or right-click on the item). Again, you'll be prompted for the username and password for the login keychain. Once the password is in the clipboard you can paste it where you need it.

Troubleshooting password management

Beyond password storage and retrieval, Keychain Access allows you to troubleshoot problems you may have with passwords on your Mac. If you find that an app repeatedly prompts you for a password when you've already added it to the keychain, something in the keychain may not be right. To fix this, you have two general options in Keychain Access.

Check the health of your keychain by selecting it in the Keychain Access sidebar and then choose Keychain First Aid from the Keychain Access application menu (or press Shift-Command-A). The panel that appears can be used to repair your keychain file.

You can also remove individual keychain entries, which can be done by selecting the one (or ones) associated with your problematic accounts or services, and then deleting them so OS X can re-create them. This can also be useful for removing duplicate keychain entries for the same account, which may prevent services from retrieving the correct password and then prompting you to supply it.

Beyond the basics

These options are fine for general use, but there are additional options in the keychain that might be helpful for handling your passwords and securing them.

Locking your keychain. By default, your Mac manages all of your passwords in the login keychain, which is unlocked when you log in (and locked when you log out). But suppose you want to lock your keychain while still logged in. You can, of course, configure the Security & Privacy system preference so that the keychain locks when you put the Mac to sleep or the screen saver begins. But Keychain Access provides you with additional options. Using its advanced options you can auto-lock your login keychain.

To auto-lock your keychain just select it in Keychain Access and choose Edit > Change Settings for Keychain ["name of keychain"]. This will allow you to set a separate timer for locking your keychain. If you don't want to lock it automatically but want the freedom to do so manually, open Keychain Access' preferences and, in the General tab, enable the Show Keychain Status In Menu Bar option. From this menu you can then choose Lock Keychain.

Creating additional keychains. Sometimes having just one keychain isn't enough, particularly if you want to log into your Mac without granting access to all of your services. To do this, choose File > New Keychain to create a new keychain and then drag specific password items from your login keychain to this new one (and authenticating when prompted). As with your login keychain you can change this keychain's settings and lock it from the Keychain Status menu.

While the use of separate keychains may seem odd at first, it can be helpful if you use your Mac for different tasks in the same work environment. For example, if you have special network shares that you use only periodically and wish to keep unmounted and unavailable most of the time, you can create a separate keychain to store the passwords for these shared folders. With such a setup, you can still access your email and other online services using your account's login keychain, and then unlock the separate keychain using the Keychain Status menu whenever you need to access your special network shares.

And on beyond

And there's more. Password-centric though Keychain Access may appear, it has other talents--syncing iCloud keychain items, creating secure notes, and managing certificates. While its benefits may be lost on casual Mac users, those who have more advanced skills should spend some time with it, if only to explore the many ways your Mac helps secure your data and personal information.

Join the CSO newsletter!

Error: Please check your email address.

Tags ApplesecurityOS Xsoftwareoperating systems

More about Apple

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Topher Kessler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts