The Keychain’s Hidden Powers
Passwords, serial numbers, ATM codes—we’re all swimming in a sea of information that’s secret (or should be). Make it easy to remember, and someone may swipe it. Make it hard to guess, and you may forget it yourself. Mac OS X has the answer: the Keychain. Here’s how to use the Keychain in OS X 10.3 to hide all sorts of information, from password hints for Web sites to notes on a confidential business deal.
If you’ve ever entered a password in your Web browser or e-mail client, or provided a password for an encrypted disk image, your Mac has probably asked whether you’d like to save that password to your Keychain. In addition to accessing your keychain through these dialog boxes, you can work directly with your Key-chain via Keychain Access (Applications: Utilities).
When you launch Keychain Access, you see a list of all the items in your Keychain, including information about each item’s name, kind, creation date, and modification date. If you haven’t opened Keychain Access before, most of these items will be passwords—Internet passwords, application passwords, disk image passwords.
Select any password item to bring up information about that item at the bottom of the window: the item name and kind; the account name (if applicable); and the specific URL, application name, or disk-image name for which you use the password. You can view the actual password by selecting the Show Password option and entering your Keychain password. To paste a password into another application, click on the Copy Password To Clipboard button. You can also add comments about the item—say, to remind you what a particular item is for, or to include a Web site’s password hint and answer.
You can edit any of these fields by clicking in the field; however, the Comments field and the password field (which isn’t labeled but appears just below the Show Password option) are the only ones I recommend touching. Make password field changes only if your password has actually changed. When you’re done editing, click on the Save Changes button.
The Access Control tab lists the applications allowed to access each item. Although you can manually change these settings, errors are less likely if you use the dialog box that appears when an application requests access to your Keychain.
Add Your Own Secrets
Beyond application passwords, the Keychain is a great place to store ATM-card PINs, software serial numbers, and other sensitive data. To add a new password item, click on the Password icon in the Keychain Access toolbar. Give the new item a name (for example, ATM PIN), enter the account or user name associated with the password (if applicable), and then enter the password or passphrase you want stored in the Keychain. Click on Add to save the new item.
Save Notes Securely
The Keychain can also store secure notes. These are just snippets of text, but because they’re part of your Keychain, they’re safe from prying eyes. To create a secure note, click on the Note icon in the toolbar. Give the note a name; then type your note text or paste it in from another application, such as TextEdit, Microsoft Word, or your e-mail client (see “Don’t Pass This Note”).
A secure-note item works much like a password item: you can see information about the note in the Attributes panel at the bottom of the Keychain Access window. By selecting the Show Note option and providing your account password, you can view the note itself.
You can delete Keychain items—notes or passwords—at any time. Simply select an item and press the delete key (you can also click on the Delete icon or choose Edit: Delete). OS X then permanently deletes the item.
Keep Your Keys Safe
Now that you’ve stowed your valuable data away, it’s time to lock the Keychain itself. This is a useful feature when you’re stepping away from your computer and you want to make sure no one can access Keychain items.
You can lock your Keychain by launching Keychain Access and clicking on the Lock icon in the toolbar, but if you lock your Keychain frequently, a more convenient method is to enable the systemwide Keychain menu. From within Keychain Access, choose View: Show Status In Menu Bar. This adds a menu extra (a padlock icon), to your systemwide menu bar. You can then lock the Keychain by clicking on the icon, choosing Lock Keychain Name, and entering your Keychain password. As a bonus, the menu’s Lock Screen command lets you immediately turn on OS X’s screen saver— and turning it off will require a password, even if you don’t have this feature enabled in the Security preference pane.
You can also set your Keychain to lock automatically after a period of inactivity. (In Keychain Access, go to Edit: Change Settings For Keychain Name. ) Just be aware that each time an application accesses the Keychain qualifies as activity —so if your e-mail client stores your account passwords in the Keychain and checks for new mail frequently, your Keychain may never lock automatically. Another option is to tell the Keychain to lock when your Mac goes to sleep; when you wake your computer, you’ll need to enter your password before you or any application can access your Keychain.
Change the Locks
By default, your Keychain password is the same as your OS X account password, and OS X unlocks your Keychain when you log in. If you’d rather do the unlocking yourself—so that nothing and no one can access your confidential data until you explicitly authorize it—you can disable this behavior in your Keychain’s settings or, more securely, change your Keychain password (Edit: Change Password For Keychain Name). Click on the i (info) button in the Change Keychain Password dialog box to view the Password Assistant, which shows how secure your new password is. (For more on the Password Assistant, see find.macworld.com/0044.)
Explore Your Keys
Having your confidential information fall into the wrong hands is no joke. But if you exploit the full powers of OS X’s Keychain, your secrets will remain just that—secret.
Sidebar: Keychain First Aid
[Senior Writer DAN FRAKES ( www.danfrakes.com ) has much more to say about the Keychain and data security. For the full story, see his book Mac OS Power Tools, second edition (Sybex, 2004; www.macosxpowertools.com ).]OS X’s Keychain goes beyond password protection. You can store secure notes in it, too.
The Keychain’s Hidden PowersNext Page