How secure is keychain?

Discussion in 'macOS' started by Celeron, Jul 20, 2007.

  1. Celeron macrumors 6502a

    Joined:
    Mar 11, 2004
    #1
    Having recently completely completely switched from the PC to the Mac (new mac pro, woot) I've been without a password manager. On the PC I use the open source KeePass program. It isn't flashy or anything like that, but it gets the job done. I've read that one can use OS X's keychain app for similar functionality.

    Has anyone used it for this purpose?

    How secure is keychain?

    Thanks in advance!
     
  2. mad jew Moderator emeritus

    mad jew

    Joined:
    Apr 3, 2004
    Location:
    Adelaide, Australia
    #2
    It's part of the system, so most people will be using it without even realising. I use it and find it to be extremely secure. :)
     
  3. CalBoy macrumors 604

    CalBoy

    Joined:
    May 21, 2007
    #3
    Personally, I find the idea of Keychain to be a bit ironic. Perhaps it's just simple paranoia, but I'd prefer all of my passwords to be stored in only one place: my head. I feel that while it's a bit inconvenient, it is safer overall.
     
  4. XnavxeMiyyep macrumors 65816

    XnavxeMiyyep

    Joined:
    Mar 27, 2003
    Location:
    Washington
    #4
    You will find Keychain Access in /Applications/Utilities.

    With your root password, you can view nearly every saved password on your computer.
     
  5. killerrobot macrumors 68020

    killerrobot

    Joined:
    Jun 7, 2007
    Location:
    127.0.0.1
    #5
    Yeah, I totally agree. And if you are freaked out about security at all, that's the only way to keep it truly safe and out of other people's hands.
     
  6. CalBoy macrumors 604

    CalBoy

    Joined:
    May 21, 2007
    #6
    So this means that with a login password, one can know every bank password, credit card login, etc? Seems my hunch about Keychain was right all along.
     
  7. povman macrumors member

    Joined:
    Jul 4, 2006
    Location:
    Australia
    #7
    What?? Have you actually done that? From the Apple doc:
    That means you can ONLY get to the keychain if you know its password. On the other hand, if you forget the password, you're screwed. By default your login keychain uses the same password as your user account, so it can be unlocked when you login. Otherwise you can turn off 'Synchronise login keychain password' and 'Set login keychain as default'.

    Also, 'nearly every saved password' seems to imply you can see login passwords, but you can't. They're stored as a hash of your real one so it's really, really hard to work out what someone's password is.
     
  8. Shadow macrumors 68000

    Shadow

    Joined:
    Feb 17, 2006
    Location:
    Keele, United Kingdom
  9. XnavxeMiyyep macrumors 65816

    XnavxeMiyyep

    Joined:
    Mar 27, 2003
    Location:
    Washington
    #9
    Right, the root password. I use it to check my AIM and MSN passwords when I forget.

    If you can access Keychain, you probably already know the login password.
     
  10. povman macrumors member

    Joined:
    Jul 4, 2006
    Location:
    Australia
    #10
    You implied that if a user knew the 'root' password, the user would then know everyone's password on the system. Not true.

    a) Mac OS X doesn't even have root enabled by default
    b) If you know someone else's password, and if they haven't set a different password for their keychain (you can do that), then logically you can access their keychain. If someone knows your password, they get your stuff. It's like if someone copied a key to your house. (whoops!)
    c) Even if the root account was enabled, and someone could get in, doesn't mean they can access every other user's keychain. They're encrypted with the users' particular passwords!

    If you want to set a keychain password different to your login, open Keychain Access, Edit->Change Password for Keychain "login". Then when someone finds out your user password, they still won't have access to your keychain.
     
  11. mad jew Moderator emeritus

    mad jew

    Joined:
    Apr 3, 2004
    Location:
    Adelaide, Australia
    #11

    If your bank allows Keychain to remember your login settings then you need to talk to your bank about getting a more secure website. Bank websites should not give you the option to save your login details. Similarly, credit card information would genberally be handled by the specific browser's AutoFill feature rather than Keychain. I can't speak for all browsers, but I know Safari gives me the option not to remember certain aspects of its AutoFill. :)
     
  12. XnavxeMiyyep macrumors 65816

    XnavxeMiyyep

    Joined:
    Mar 27, 2003
    Location:
    Washington
    #12
    Ok. I didn't realize the Keychain password could be changed. Sorry.
     
  13. Ringtail macrumors newbie

    Joined:
    Aug 19, 2014
    #13
    Actually, there are scripts, that if you run with root privileges, can view all usernames, websites, and passwords you have saved through keychain. So, it is possible, that without the actual keychain password, but with a password to an Administrator account, you can recover your passwords.
     

Share This Page