Apple’s new iCloud Keychain aims to solve an irritating problem: even if you’ve entered usernames and passwords on your Mac, you still have to reenter every single one manually on your iPhone and iPad (as well as any other Macs you use). As of OS X 10.9 Mavericks and iOS 7.0.3, however, iCloud Keychain keeps these account credentials, along with credit card numbers and other personal information (including your account settings for email, contacts, calendars, and social networking services) in sync across your Macs and iOS devices automatically.
Plus, Safari on both platforms now sports new features that integrate with iCloud Keychain, such as a built-in random password generator and an improved autofill capability. (Third-party apps may add support for iCloud Keychain in the future.)
The setup process for iCloud Keychain is suprisingly involved, and has a couple of less-than-obvious steps. However, once you’ve done this for each of your devices, iCloud Keychain syncs invisibly in the background, just like other iCloud data, and normally requires no manual intervention.
Before I explain how to use iCloud Keychain, I want to point out that you’re free to leave it turned off if you prefer, or to use a different password manager such as AgileBits’s $40 1Password 4 and $18 1Password for iOS (), which include a number of additional, useful features. But if your only reason for avoiding iCloud Keychain is not wanting to store your passwords (encrypted though they are) on Apple’s servers, it’s possible to maintain device-to-device syncing without storing your passwords in iCloud—you just have to know the trick, which I’ll explain in a moment.
Set up your first device
The process for setting up your first device (whether it be a Mac or an iOS device) differs slightly from the one for setting up subsequent devices, because you must approve every subsequent device to use iCloud Keychain—either by entering a security code that you’ve chosen or by entering your Apple ID password on another device that’s already set up for iCloud Keychain.
OS X: If you weren’t prompted to set up iCloud Keychain while installing Mavericks, you can do so in the iCloud pane of System Preferences; the process is basically the same either way. Select the Keychain checkbox, enter your Apple ID password, and click OK. You’ll then be prompted to create and confirm an iCloud Security Code. By default these are four-digit codes; to get more options, such as a long random string, click Advanced. You’ll also be prompted to enter a mobile phone number for receiving SMS messages to confirm this code.
Now here’s the trick to prevent iCloud from storing your passwords, if that’s what you want to do. In the Advanced view, click Don’t Create Security Code, and your iCloud Keychain will be stored only on your device, though it can still sync between devices if you use one device to approve another. (For more on this topic, see Apple’s iCloud Keychain FAQ.)
If you don’t already have your Mac set to require a password after a period of inactivity, you’ll be prompted (but not required) to enable that feature in the Security & Privacy pane. Click Not Now if you want to defer that decision.
iOS: First, make sure your iPhone is running iOS 7.0.3 (or later). Your phone must restart after updating. Then, tap Settings > iCloud > Keychain and turn the switch on (it’s green when on). Follow the prompts (similar to those just mentioned) to set up an iCloud Security Code, or opt to skip the code.
Once setup is complete, you’ll get a new keychain on the device called ‘iCloud’, which initially contains most of the entries from your existing login keychain. To change settings (such as your iCloud Security Code) later on a Mac, go to the iCloud preference pane and click Account Details. On an iOS device, tap Settings > iCloud > Account > Keychain.
Approve a device
Once your first device is set up, move on to the next one. Enabling iCloud Keychain works the same way, except that after entering your Apple ID password, you’ll be prompted to choose a method to approve access:
Use iCloud Security Code (iOS) or Use Code (OS X): Enter the security code you selected when you set up your first device. You may also have to enter a verification number sent via SMS to your mobile phone, although in my testing this didn’t happen.
Request Approval (iOS) or Approve from Other Device (OS X): Tap or click this button, and a notification will appear on all your other devices that have iCloud Keychain enabled with the same account. On a Mac, open the iCloud pane of System Preferences, click the Details button next to Keychain, enter your password, and click Allow. On an iOS device, enter your Apple ID password when prompted, and tap Allow.
Use iCloud Keychain in Safari
To use iCloud Keychain in Safari on a Mac, choose Safari > Preferences, click AutoFill, and make sure all desired categories are selected. On an iOS device, tap Settings > Safari > Passwords & AutoFill, and enable your preferred categories.
Then, when you visit a site in Safari for which you’ve previously stored a username and password, the fields should be filled in automatically; just click or tap the Login (or similar) button to log in. If you manually enter a username and password that wasn’t stored in your iCloud Keychain, a prompt should appear; click Save Password to store your credentials for that site.
Generate a password: To generate a new, random password for a site on which you’re setting up an account, first make sure the Password field is blank and then click or tap in it. Safari will suggest a password; click or tap it to fill it in and save it in iCloud Keychain.
Store more than one password per site: iCloud Keychain can store more than one username/password combination per site, too. When you visit a site for which you have multiple credentials, delete the prefilled username and password, and then click in the Username field. Safari will pop up a list of options for you to choose from.
Store credit card numbers: Credit card numbers work almost the same way as passwords. When you enter a number the first time, Safari prompts you to save it. Later, when you see a blank Credit Card Number field in Safari, click or tap in that field to display a list of credit card numbers you’ve stored in iCloud Keychain; then select the one you want. Although Safari fills in your card number and expiration date, you must type in your CVV number yourself—an irritating limitation.
To view or remove saved passwords on a Mac, choose Safari > Preferences and click Passwords; on an iOS device, tap Settings > Safari > Passwords & AutoFill > Saved Passwords. Both versions of Safari also have a setting that lets you override sites that disable AutoFill—it’s Allow AutoFill Even for Websites that Request Passwords Not Be Saved on a Mac, and Always Allow on an iOS device.