Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to make Safari stored passwords more secure???

iCore24

iCore24

macrumors 6502
Original poster
Jan 6, 2013
388
52
Michigan
Ok the problem is I have a simple short password for my administrator account for my laptop because I have to input it like a dozen times a day. The problem is with that simple log-in password, you can access all my stored passwords in Safari! There is no option to add a standalone or Master Password only for Safari.

But to see my passwords for my iCloud and local accounts in the "Keychain Access" application in Utilities, I can set up a specific hard Keychain Password which I did.

On my iPhone 5s, I set up that same hard keychain password to lock my phone since I have touch id, so all my passwords are safe on there. But what if a lot of people use a simple 4 digit passcode or have an iPhone 5 and lower? That means if someone knows your 4 digit code (which is really easy to figure out by just starring at them put it), they can see all your stored passwords on your phone in the Safari settings!!! It seems to be one big flaw Apple missed.

So you have some options.

On OSX, you can set up a really hard login password so its harder to access saved Safari Passwords, then put auto-login to your laptop so you won't have to put it dozens times a day! But then your files won't be safe :/

On IOS you can use a more complex password instead of the "simple" password. But you will have to input it every time to use your phone which is VERY annoying...Unless you have touch id :p But that being said, I didn't enable iCloud Keychain on my iPad due to that huge inconvenience.

So is there a way to make saved passwords in Safari more secure by using a secondary password? I was also thinking why doesn't Safari just use the Keychain Access password, instead of your login password. It seems to be a simple fix Apple can do if they knew?

Please help guys!:mad:
 
Last edited:
iCore24 said:
So is there a way to make saved passwords in Safari more secure by using a secondary password? I was also thinking why doesn't Safari get the login information from Keychain Access instead of storing it since Keychain Access is much more secure?

Please help guys!:mad:
Click to expand...

Those passwords you see in Safari are not stored in Safari, they are actually stored in the Keychain and just displayed in Safari. You can have a Keychain password that is different than your login password and I believe accomplish what you are after. Unless I am misunderstanding.
 
Weaselboy said:
Those passwords you see in Safari are not stored in Safari, they are actually stored in the Keychain and just displayed in Safari. You can have a Keychain password that is different than your login password and I believe accomplish what you are after. Unless I am misunderstanding.
Click to expand...

Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.
 
iCore24 said:
Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.
Click to expand...

How are you seeing the passwords in Safari. All I see in the Safari pref pane is the placeholder dots like below.

s4suCa4.png
 
This is a good post. Some comments:

First I use 1Password on all my computers, which has a secondary password... but that has one annoying problem that iOS sandboxing (or whatever they call it) does not allow interaction between password programs and Safrari... which means that I must use 1Password's built in browser. I deal with it... but wish Apple would provide some type of interface to allow password programs to interact with Safari... or alternately, allow an alternate browser to be specified. Because I use 1P... I disable keychain passwords.

Regarding the OPs specific Mac problem... I would toughen up the log-in password. I have a complex medium length login password (15 characters) that I can type in with blazing fast speed. My fingers are just trained to do it. It is not a dictionary word... and just appears as a bunch of garbage characters... but it takes me so little time to enter. At first it was a pain in the butt, but my finger's "muscle memory" overcame that problem.

Regarding OP's iOS devices... My recommendation is to replace your iPad when one is released with finger ID. You will take a small financial hit... but it should be minor.

/Jim
 
flynz4 said:
This is a good post. Some comments:

First I use 1Password on all my computers, which has a secondary password... but that has one annoying problem that iOS sandboxing (or whatever they call it) does not allow interaction between password programs and Safrari... which means that I must use 1Password's built in browser. I deal with it... but wish Apple would provide some type of interface to allow password programs to interact with Safari... or alternately, allow an alternate browser to be specified. Because I use 1P... I disable keychain passwords.

Regarding the OPs specific Mac problem... I would toughen up the log-in password. I have a complex medium length login password (15 characters) that I can type in with blazing fast speed. My fingers are just trained to do it. It is not a dictionary word... and just appears as a bunch of garbage characters... but it takes me so little time to enter. At first it was a pain in the butt, but my finger's "muscle memory" overcame that problem.

Regarding OP's iOS devices... My recommendation is to replace your iPad when one is released with finger ID. You will take a small financial hit... but it should be minor.

/Jim
Click to expand...

Thanks Jim. Yea I might just have to that. I am wishing the iPad Air 2 will have a fingerprint scanner, which it should, and am going to upgrade for sure! Now only if the MacBooks had some form of fingerprint reader???

But Apple should really fix this. Just make the Keychain Access password work with Safari's listed password and boom, fixed!

----------
Weaselboy said:
How are you seeing the passwords in Safari. All I see in the Safari pref pane is the placeholder dots like below.

Image
Click to expand...

Yes Weaselboy, but the problem is anyone can see them by the users login password. So I need a long complicated login password just to keep that safe, but will be a pain to login my laptop every time. But the Keychain Access app has an option to make a specific password only for it.

Apple has to integrate that Keychain Password to Safari so if you want to see the passwords in Safari, the login password won't work, only the Keychain Access password.
 
This is an issue I found recently as well and have since stopped storing sensitive passwords in my keychain (banking etc). In iOS7 when I go to Settings > Safari > Passwords & AutoFill > Saved Passwords, it seems all my Safari KeyChain passwords are all there in plain text. Unless I'm seeing something different, that was a bit of an eye opener.
 
appleii.c said:
This is an issue I found recently as well and have since stopped storing sensitive passwords in my keychain (banking etc). In iOS7 when I go to Settings > Safari > Passwords & AutoFill > Saved Passwords, it seems all my Safari KeyChain passwords are all there in plain text. Unless I'm seeing something different, that was a bit of an eye opener.
Click to expand...

Do you use a passcode? When I do this, I'm prompted for my passcode before the password is revealed.
 
ApfelKuchen said:
Do you use a passcode? When I do this, I'm prompted for my passcode before the password is revealed.
Click to expand...

Ah OK, That helps a bit. It would be nice if I could use a separate password for that. I have a few family members that have my passcode to my phone and iPad since I don't mind them using it, but wouldn't necessarily want them having access to all my passwords. But at least I feel a little better that I can keep them private if I ever misplace my phone. Thanks for the tip.
 
I'm surprised that you need to enter your password that often. I don't require a password for some time after my screen saver kicks in so it's rare that I have to enter it. Best is to use a long password that quick and easy to type. Unless you're a very slow typist it can be entered quickly. My 1Password master password is over 15 characters and I can type it on my MBP in just a few seconds. Takes a bit longer on the iPad and much longer on the iPhone.

In this age, a password manager is an absolute necessity. It's very difficult to stay secure without one. You're either repeating passwords or creating unsafe ones.
 
Keychain lock doesn't work for safari

iCore24 said:
Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.
Click to expand...



I realize this is an old post, but Ido need help. I tried to enter a strong master password for keychain so that before logging in to safari sites the passwords wouldn't auto load, someone would have to enter a strong password first. But what a nightmare. Aparently a lot of other apps are constantly using keychain in the background, so I am getting constant messages to enter my keychain password. Additionally, it is not accepting the new password, and I had to reset it and then it froze.

Is there no other way to have to enter a master password in safari before before getting autofill passwords?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back