Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 15, 2014, 11:20 PM   #1
iCore24
macrumors regular
 
Join Date: Jan 2013
Location: Michigan
How to make Safari stored passwords more secure???

Ok the problem is I have a simple short password for my administrator account for my laptop because I have to input it like a dozen times a day. The problem is with that simple log-in password, you can access all my stored passwords in Safari! There is no option to add a standalone or Master Password only for Safari.

But to see my passwords for my iCloud and local accounts in the "Keychain Access" application in Utilities, I can set up a specific hard Keychain Password which I did.

On my iPhone 5s, I set up that same hard keychain password to lock my phone since I have touch id, so all my passwords are safe on there. But what if a lot of people use a simple 4 digit passcode or have an iPhone 5 and lower? That means if someone knows your 4 digit code (which is really easy to figure out by just starring at them put it), they can see all your stored passwords on your phone in the Safari settings!!! It seems to be one big flaw Apple missed.

So you have some options.

On OSX, you can set up a really hard login password so its harder to access saved Safari Passwords, then put auto-login to your laptop so you won't have to put it dozens times a day! But then your files won't be safe :/

On IOS you can use a more complex password instead of the "simple" password. But you will have to input it every time to use your phone which is VERY annoying...Unless you have touch id :P But that being said, I didn't enable iCloud Keychain on my iPad due to that huge inconvenience.

So is there a way to make saved passwords in Safari more secure by using a secondary password? I was also thinking why doesn't Safari just use the Keychain Access password, instead of your login password. It seems to be a simple fix Apple can do if they knew?

Please help guys!

Last edited by iCore24; Feb 16, 2014 at 02:38 PM.
iCore24 is offline   0 Reply With Quote
Old Feb 16, 2014, 09:40 AM   #2
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by iCore24 View Post
So is there a way to make saved passwords in Safari more secure by using a secondary password? I was also thinking why doesn't Safari get the login information from Keychain Access instead of storing it since Keychain Access is much more secure?

Please help guys!
Those passwords you see in Safari are not stored in Safari, they are actually stored in the Keychain and just displayed in Safari. You can have a Keychain password that is different than your login password and I believe accomplish what you are after. Unless I am misunderstanding.
Weaselboy is online now   2 Reply With Quote
Old Feb 16, 2014, 10:50 AM   #3
iCore24
Thread Starter
macrumors regular
 
Join Date: Jan 2013
Location: Michigan
Quote:
Originally Posted by Weaselboy View Post
Those passwords you see in Safari are not stored in Safari, they are actually stored in the Keychain and just displayed in Safari. You can have a Keychain password that is different than your login password and I believe accomplish what you are after. Unless I am misunderstanding.
Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.
iCore24 is offline   0 Reply With Quote
Old Feb 16, 2014, 11:07 AM   #4
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by iCore24 View Post
Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.
How are you seeing the passwords in Safari. All I see in the Safari pref pane is the placeholder dots like below.

Weaselboy is online now   0 Reply With Quote
Old Feb 16, 2014, 11:39 AM   #5
flynz4
macrumors 68030
 
Join Date: Aug 2009
Location: Portland, OR
This is a good post. Some comments:

First I use 1Password on all my computers, which has a secondary password... but that has one annoying problem that iOS sandboxing (or whatever they call it) does not allow interaction between password programs and Safrari... which means that I must use 1Password's built in browser. I deal with it... but wish Apple would provide some type of interface to allow password programs to interact with Safari... or alternately, allow an alternate browser to be specified. Because I use 1P... I disable keychain passwords.

Regarding the OPs specific Mac problem... I would toughen up the log-in password. I have a complex medium length login password (15 characters) that I can type in with blazing fast speed. My fingers are just trained to do it. It is not a dictionary word... and just appears as a bunch of garbage characters... but it takes me so little time to enter. At first it was a pain in the butt, but my finger's "muscle memory" overcame that problem.

Regarding OP's iOS devices... My recommendation is to replace your iPad when one is released with finger ID. You will take a small financial hit... but it should be minor.

/Jim
flynz4 is offline   1 Reply With Quote
Old Feb 16, 2014, 02:35 PM   #6
iCore24
Thread Starter
macrumors regular
 
Join Date: Jan 2013
Location: Michigan
Quote:
Originally Posted by flynz4 View Post
This is a good post. Some comments:

First I use 1Password on all my computers, which has a secondary password... but that has one annoying problem that iOS sandboxing (or whatever they call it) does not allow interaction between password programs and Safrari... which means that I must use 1Password's built in browser. I deal with it... but wish Apple would provide some type of interface to allow password programs to interact with Safari... or alternately, allow an alternate browser to be specified. Because I use 1P... I disable keychain passwords.

Regarding the OPs specific Mac problem... I would toughen up the log-in password. I have a complex medium length login password (15 characters) that I can type in with blazing fast speed. My fingers are just trained to do it. It is not a dictionary word... and just appears as a bunch of garbage characters... but it takes me so little time to enter. At first it was a pain in the butt, but my finger's "muscle memory" overcame that problem.

Regarding OP's iOS devices... My recommendation is to replace your iPad when one is released with finger ID. You will take a small financial hit... but it should be minor.

/Jim
Thanks Jim. Yea I might just have to that. I am wishing the iPad Air 2 will have a fingerprint scanner, which it should, and am going to upgrade for sure! Now only if the MacBooks had some form of fingerprint reader???

But Apple should really fix this. Just make the Keychain Access password work with Safari's listed password and boom, fixed!

----------

Quote:
Originally Posted by Weaselboy View Post
How are you seeing the passwords in Safari. All I see in the Safari pref pane is the placeholder dots like below.

Image
Yes Weaselboy, but the problem is anyone can see them by the users login password. So I need a long complicated login password just to keep that safe, but will be a pain to login my laptop every time. But the Keychain Access app has an option to make a specific password only for it.

Apple has to integrate that Keychain Password to Safari so if you want to see the passwords in Safari, the login password won't work, only the Keychain Access password.
iCore24 is offline   0 Reply With Quote
Old Feb 16, 2014, 04:39 PM   #7
Consultant
macrumors G5
 
Consultant's Avatar
 
Join Date: Jun 2007
Use a secure password.

Using a "simple" password is a problem waiting to happen.
Consultant is offline   0 Reply With Quote
Old Aug 18, 2014, 01:47 PM   #8
iCore24
Thread Starter
macrumors regular
 
Join Date: Jan 2013
Location: Michigan
I guess this problem will just die out after every Apple device has touch id...
iCore24 is offline   0 Reply With Quote
Old Aug 18, 2014, 01:52 PM   #9
simsaladimbamba
Guest
 
Join Date: Nov 2010
Location: located
Quote:
Originally Posted by iCore24 View Post
I guess this problem will just die out after every Apple device has touch id...
Or doesn't exist if one uses a strong account password. I use letters and numbers for mine and it is longer than 10 characters.
simsaladimbamba is offline   0 Reply With Quote
Old Aug 18, 2014, 02:53 PM   #10
appleii.c
macrumors regular
 
Join Date: Mar 2013
This is an issue I found recently as well and have since stopped storing sensitive passwords in my keychain (banking etc). In iOS7 when I go to Settings > Safari > Passwords & AutoFill > Saved Passwords, it seems all my Safari KeyChain passwords are all there in plain text. Unless I'm seeing something different, that was a bit of an eye opener.
appleii.c is offline   0 Reply With Quote
Old Aug 18, 2014, 03:48 PM   #11
ApfelKuchen
macrumors 6502a
 
Join Date: Aug 2012
Location: Between the coasts
Quote:
Originally Posted by appleii.c View Post
This is an issue I found recently as well and have since stopped storing sensitive passwords in my keychain (banking etc). In iOS7 when I go to Settings > Safari > Passwords & AutoFill > Saved Passwords, it seems all my Safari KeyChain passwords are all there in plain text. Unless I'm seeing something different, that was a bit of an eye opener.
Do you use a passcode? When I do this, I'm prompted for my passcode before the password is revealed.
ApfelKuchen is offline   0 Reply With Quote
Old Aug 18, 2014, 04:04 PM   #12
appleii.c
macrumors regular
 
Join Date: Mar 2013
Quote:
Originally Posted by ApfelKuchen View Post
Do you use a passcode? When I do this, I'm prompted for my passcode before the password is revealed.
Ah OK, That helps a bit. It would be nice if I could use a separate password for that. I have a few family members that have my passcode to my phone and iPad since I don't mind them using it, but wouldn't necessarily want them having access to all my passwords. But at least I feel a little better that I can keep them private if I ever misplace my phone. Thanks for the tip.
appleii.c is offline   0 Reply With Quote
Old Aug 18, 2014, 04:45 PM   #13
glenthompson
macrumors Demi-God
 
glenthompson's Avatar
 
Join Date: Apr 2011
Location: Virginia
I'm surprised that you need to enter your password that often. I don't require a password for some time after my screen saver kicks in so it's rare that I have to enter it. Best is to use a long password that quick and easy to type. Unless you're a very slow typist it can be entered quickly. My 1Password master password is over 15 characters and I can type it on my MBP in just a few seconds. Takes a bit longer on the iPad and much longer on the iPhone.

In this age, a password manager is an absolute necessity. It's very difficult to stay secure without one. You're either repeating passwords or creating unsafe ones.
__________________
15" MBP (late 2011), iPhone 5
iPad Air, ATV3
glenthompson is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Safari Passwords hakjak iCloud and Apple Services 1 Feb 28, 2014 11:14 AM
Safari passwords!! Tobias Funke Mac Applications and Mac App Store 11 Jan 15, 2014 09:44 AM
Is Internet History/Forms/Passwords stored on HDD or RAM? OllieDS Mac Basics and Help 3 Sep 2, 2013 11:02 AM
General: Is there a tweak to make passwords not show the first letter? Redjericho Jailbreaks and iOS Hacks 0 Feb 5, 2013 02:23 PM
where is stored safari s cache? Buck1 Mac Applications and Mac App Store 0 Jun 15, 2012 03:13 PM

Forum Jump

All times are GMT -5. The time now is 11:15 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC