How to make Safari stored passwords more secure???

iCore24 · Feb 15, 2014

Ok the problem is I have a simple short password for my administrator account for my laptop because I have to input it like a dozen times a day. The problem is with that simple log-in password, you can access all my stored passwords in Safari! There is no option to add a standalone or Master Password only for Safari.

But to see my passwords for my iCloud and local accounts in the "Keychain Access" application in Utilities, I can set up a specific hard Keychain Password which I did.

On my iPhone 5s, I set up that same hard keychain password to lock my phone since I have touch id, so all my passwords are safe on there. But what if a lot of people use a simple 4 digit passcode or have an iPhone 5 and lower? That means if someone knows your 4 digit code (which is really easy to figure out by just starring at them put it), they can see all your stored passwords on your phone in the Safari settings!!! It seems to be one big flaw Apple missed.

So you have some options.

On OSX, you can set up a really hard login password so its harder to access saved Safari Passwords, then put auto-login to your laptop so you won't have to put it dozens times a day! But then your files won't be safe :/

On IOS you can use a more complex password instead of the "simple" password. But you will have to input it every time to use your phone which is VERY annoying...Unless you have touch id

But that being said, I didn't enable iCloud Keychain on my iPad due to that huge inconvenience.

So is there a way to make saved passwords in Safari more secure by using a secondary password? I was also thinking why doesn't Safari just use the Keychain Access password, instead of your login password. It seems to be a simple fix Apple can do if they knew?

Please help guys!

Weaselboy · Feb 16, 2014

iCore24 said:
So is there a way to make saved passwords in Safari more secure by using a secondary password? I was also thinking why doesn't Safari get the login information from Keychain Access instead of storing it since Keychain Access is much more secure?

Please help guys!

Those passwords you see in Safari are not stored in Safari, they are actually stored in the Keychain and just displayed in Safari. You can have a Keychain password that is different than your login password and I believe accomplish what you are after. Unless I am misunderstanding.

iCore24 · Feb 16, 2014

Weaselboy said:
Those passwords you see in Safari are not stored in Safari, they are actually stored in the Keychain and just displayed in Safari. You can have a Keychain password that is different than your login password and I believe accomplish what you are after. Unless I am misunderstanding.

Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.

Weaselboy · Feb 16, 2014

iCore24 said:
Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.

How are you seeing the passwords in Safari. All I see in the Safari pref pane is the placeholder dots like below.

flynz4 · Feb 16, 2014

This is a good post. Some comments:

First I use 1Password on all my computers, which has a secondary password... but that has one annoying problem that iOS sandboxing (or whatever they call it) does not allow interaction between password programs and Safrari... which means that I must use 1Password's built in browser. I deal with it... but wish Apple would provide some type of interface to allow password programs to interact with Safari... or alternately, allow an alternate browser to be specified. Because I use 1P... I disable keychain passwords.

Regarding the OPs specific Mac problem... I would toughen up the log-in password. I have a complex medium length login password (15 characters) that I can type in with blazing fast speed. My fingers are just trained to do it. It is not a dictionary word... and just appears as a bunch of garbage characters... but it takes me so little time to enter. At first it was a pain in the butt, but my finger's "muscle memory" overcame that problem.

Regarding OP's iOS devices... My recommendation is to replace your iPad when one is released with finger ID. You will take a small financial hit... but it should be minor.

/Jim

iCore24 · Feb 16, 2014

flynz4 said:
This is a good post. Some comments:

First I use 1Password on all my computers, which has a secondary password... but that has one annoying problem that iOS sandboxing (or whatever they call it) does not allow interaction between password programs and Safrari... which means that I must use 1Password's built in browser. I deal with it... but wish Apple would provide some type of interface to allow password programs to interact with Safari... or alternately, allow an alternate browser to be specified. Because I use 1P... I disable keychain passwords.

Regarding the OPs specific Mac problem... I would toughen up the log-in password. I have a complex medium length login password (15 characters) that I can type in with blazing fast speed. My fingers are just trained to do it. It is not a dictionary word... and just appears as a bunch of garbage characters... but it takes me so little time to enter. At first it was a pain in the butt, but my finger's "muscle memory" overcame that problem.

Regarding OP's iOS devices... My recommendation is to replace your iPad when one is released with finger ID. You will take a small financial hit... but it should be minor.

/Jim

Thanks Jim. Yea I might just have to that. I am wishing the iPad Air 2 will have a fingerprint scanner, which it should, and am going to upgrade for sure! Now only if the MacBooks had some form of fingerprint reader???

But Apple should really fix this. Just make the Keychain Access password work with Safari's listed password and boom, fixed!

----------

Weaselboy said:
How are you seeing the passwords in Safari. All I see in the Safari pref pane is the placeholder dots like below.

Image

Yes Weaselboy, but the problem is anyone can see them by the users login password. So I need a long complicated login password just to keep that safe, but will be a pain to login my laptop every time. But the Keychain Access app has an option to make a specific password only for it.

Apple has to integrate that Keychain Password to Safari so if you want to see the passwords in Safari, the login password won't work, only the Keychain Access password.

Consultant · Feb 16, 2014

Use a secure password.

Using a "simple" password is a problem waiting to happen.

iCore24 · Aug 18, 2014

I guess this problem will just die out after every Apple device has touch id...

simsaladimbamba · Aug 18, 2014

iCore24 said:
I guess this problem will just die out after every Apple device has touch id...

Or doesn't exist if one uses a strong account password. I use letters and numbers for mine and it is longer than 10 characters.

appleii.c · Aug 18, 2014

This is an issue I found recently as well and have since stopped storing sensitive passwords in my keychain (banking etc). In iOS7 when I go to Settings > Safari > Passwords & AutoFill > Saved Passwords, it seems all my Safari KeyChain passwords are all there in plain text. Unless I'm seeing something different, that was a bit of an eye opener.

ApfelKuchen · Aug 18, 2014

appleii.c said:
This is an issue I found recently as well and have since stopped storing sensitive passwords in my keychain (banking etc). In iOS7 when I go to Settings > Safari > Passwords & AutoFill > Saved Passwords, it seems all my Safari KeyChain passwords are all there in plain text. Unless I'm seeing something different, that was a bit of an eye opener.

Do you use a passcode? When I do this, I'm prompted for my passcode before the password is revealed.

appleii.c · Aug 18, 2014

ApfelKuchen said:
Do you use a passcode? When I do this, I'm prompted for my passcode before the password is revealed.

Ah OK, That helps a bit. It would be nice if I could use a separate password for that. I have a few family members that have my passcode to my phone and iPad since I don't mind them using it, but wouldn't necessarily want them having access to all my passwords. But at least I feel a little better that I can keep them private if I ever misplace my phone. Thanks for the tip.

glenthompson · Aug 18, 2014

I'm surprised that you need to enter your password that often. I don't require a password for some time after my screen saver kicks in so it's rare that I have to enter it. Best is to use a long password that quick and easy to type. Unless you're a very slow typist it can be entered quickly. My 1Password master password is over 15 characters and I can type it on my MBP in just a few seconds. Takes a bit longer on the iPad and much longer on the iPhone.

In this age, a password manager is an absolute necessity. It's very difficult to stay secure without one. You're either repeating passwords or creating unsafe ones.

mg10461 · Mar 11, 2015

Keychain lock doesn't work for safari

iCore24 said:
Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.

I realize this is an old post, but Ido need help. I tried to enter a strong master password for keychain so that before logging in to safari sites the passwords wouldn't auto load, someone would have to enter a strong password first. But what a nightmare. Aparently a lot of other apps are constantly using keychain in the background, so I am getting constant messages to enter my keychain password. Additionally, it is not accepting the new password, and I had to reset it and then it froze.

Is there no other way to have to enter a master password in safari before before getting autofill passwords?

Search

Search

How to make Safari stored passwords more secure???

iCore24

macrumors 6502

Weaselboy

Moderator

iCore24

macrumors 6502

Weaselboy

Moderator

flynz4

macrumors 68040

iCore24

macrumors 6502

Consultant

macrumors G5

iCore24

macrumors 6502

simsaladimbamba

Guest

appleii.c

macrumors 6502a

ApfelKuchen

macrumors 601

appleii.c

macrumors 6502a

glenthompson

macrumors demi-god

mg10461

macrumors newbie

Our Staff