Though they are not without flaws, passwords have become the standard method by which our computer systems and online accounts are protected. You've probably heard that you need to use unique passwords for all of your accounts. However, just like flossing, being constantly reminded of the benefits doesn't necessarily lead to improved habits.
In an effort to organize the myriad of passwords that you have created (or, at least, should be creating), Apple introduced the Keychain as something of a security database for your Mac. Despite its power, many Mac users never take advantage of its expansive features. I'm going to take a look at some of the most useful things that Keychain lets you do to keep your passwords organized and your Mac more secure.
Open Up Keychain
First things first: Let's open up your Keychain. To find the Keychain Access application, open Applications > Utilities.
By default, your Keychain password is the same as the password you use to login to your computer. Click on the padlock icon in the upper left corner of the window to unlock the Keychain.
Forgot Your Password?
If you have forgotten your user password (and consequently, can't open your Keychain), you can easily change your Admin password. You'll need to be running OS X Lion or later, and have a Recovery HD partition set up, (which you probably do).
1. Save your open files and turn off your Mac.
2. Hold down on the Command-R keys, and press the power button. Hold down those two keys until you see the Apple logo on the screen. This will boot your Mac into recovery mode.
3. From the recovery screen, select Utilities > Terminal. A new Terminal window will open. If you have a deep-seated fear of Terminal, fear not. We are going to enter a very basic command.
4. Type resetpassword and hit return.
5. You'll need to select your primary volume. If you haven't partitioned your Mac, this should be your only option.
6. Enter your new password, confirm it, and click save.
7. Quit Terminal, and restart your Mac.
Simple, huh? Remember that before you think an account password will protect your data. For true protection, use the FileVault encryption feature.
Along the left side of the window you should see two boxes, one with a listing of keychains and the other showing categories. If you haven't used this utility very much, you should only see Login, System, and System Roots. Below the keychain box you'll find a list of categories that help narrow what you see in the main window.
Login and System keychains store passwords and other secure data for the user and for the operating system. The Login keychain is where the passwords that you have saved for apps are stored. Storing passwords in this way allows you to give your password for, say, an email client, without that password being exposed.
Recover Your WiFi Password
If you decided to use a unique password when you set up your wireless network, you may have forgotten it. Normally, this isn't a problem, as your computers will remember it for you. But what if you have guests over, and you want to give them the password?
Select the System keychain in your left column. You should see the name of your wireless network. (If you've forgotten that too, click on the wireless logo in your menubar and find the network that has a checkmark next to it. If you're at home, that should be your network).
Double click on your network, and a new window pops up with some basic information. At the bottom, you'll see an empty checkbox with show password next to it. Click the box, and you'll be asked to enter your login password. From there, your network password will be displayed.
Recover Application and Web Passwords
Just like websites, many applications on your Mac ask you to create passwords to access. If you've forgotten, say, your Evernote password, you can save yourself from having to reset it by selecting Login from your Keychain menu, finding the application in question, and following the same steps as above.
If you let your browser store passwords for you, those can also be found under Login.
If you have a snippet of text that you want to keep private, the secure notes feature of Keychain is a great solution. From the File menu, select New Secure Note. Anything you enter will be kept private. To view any notes you've created, double-click them in the list and select show note.
By default, applications will store your passwords and never ask you for them again. This is handy when you have, say, an email client constantly checking a server for new messages. Keychain's database prevents you from having to constantly retype your email password. However, you may want to ask OS X to require that you enter a password for another application more frequently.
Double click on the app you'd like to secure, then select Access Control from the top of the window.
Below Confirm before allowing access, check the box labeled Ask for Keychain password. Now, before the application can access your stored password, you will be prompted to enter your Keychain password.
Moving Keychains to Other Macs
Apple makes migrating to a new Mac an extremely straightforward process. However, I am a proponent of doing clean installs whenever I upgrade my operating system or move to a new computer. That means that have to manually move over the files and settings that I want. Whether you do this as well, or just want to have your passwords handy on a second machine, you can easily make a copy of your Keychain.
To find your Keychain file, you'll need to open your Library folder. Apple has decided to obfuscate its location in its latest OS release, presumably to prevent novice users from accidentally deleting an important file. A quick way to find it is to use the Go To Folder function by opening Finder, and hit Shift-Command-G. The window that pops up will have ~/library/ already typed in, so all you'll need to do is type the word Keychains onto the end of that and hit enter.
From the window that pops up, select the login.keychain file, and copy it. Throw that onto a USB drive, email it to yourself, or use any other method of moving files. Go over to your new machine, open Keychain Access and from File > Add Keychain.
Tip: For more information about accessing the Library folder in Mountain Lion, check out our comprehensive tutorial.
Manually Add Items
You may want to add a password or secure number to Keychain, and doing so is very easy. For instance, you may want to save your bank PIN in case you forget it.
With Keychain Access selected, go to File > New Password Item.
The three fields that you need to fill out are the name of the item (for websites you will enter the URL here, but in this example we can just name it "ATM PIN"), your Account Name (which in this case doesn't matter, but normally would refer to your user name or email address that you signed up with on a website or application), and of course, the password (which is just your PIN, in this example).
You will see a horizontal gauge showing the strength of your password. PINs are inherently weak, so you'll see some red if you save it. When you save a website password, make sure you create a stronger password.
As I mentioned, passwords remain an imperfect system for securing computers and networks. However, we can limit the chances of someone gaining access to our sensitive data by using strong passwords. This tutorial has covered how the Keychain Utility helps us practice good security habits by remembering all the unique passwords that we create. Of course, it can do a lot more, like help you find WiFi passwords, store secure notes, and much more.
How to you use Keychain Access? What other features do you use?