How to make Safari stored passwords more secure???

Discussion in 'Mac Apps and Mac App Store' started by iCore24, Feb 15, 2014.

  1. iCore24, Feb 15, 2014
    Last edited: Feb 16, 2014

    iCore24 macrumors 6502

    iCore24

    Joined:
    Jan 6, 2013
    Location:
    Michigan
    #1
    Ok the problem is I have a simple short password for my administrator account for my laptop because I have to input it like a dozen times a day. The problem is with that simple log-in password, you can access all my stored passwords in Safari! There is no option to add a standalone or Master Password only for Safari.

    But to see my passwords for my iCloud and local accounts in the "Keychain Access" application in Utilities, I can set up a specific hard Keychain Password which I did.

    On my iPhone 5s, I set up that same hard keychain password to lock my phone since I have touch id, so all my passwords are safe on there. But what if a lot of people use a simple 4 digit passcode or have an iPhone 5 and lower? That means if someone knows your 4 digit code (which is really easy to figure out by just starring at them put it), they can see all your stored passwords on your phone in the Safari settings!!! It seems to be one big flaw Apple missed.

    So you have some options.

    On OSX, you can set up a really hard login password so its harder to access saved Safari Passwords, then put auto-login to your laptop so you won't have to put it dozens times a day! But then your files won't be safe :/

    On IOS you can use a more complex password instead of the "simple" password. But you will have to input it every time to use your phone which is VERY annoying...Unless you have touch id :p But that being said, I didn't enable iCloud Keychain on my iPad due to that huge inconvenience.

    So is there a way to make saved passwords in Safari more secure by using a secondary password? I was also thinking why doesn't Safari just use the Keychain Access password, instead of your login password. It seems to be a simple fix Apple can do if they knew?

    Please help guys!:mad:
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    Those passwords you see in Safari are not stored in Safari, they are actually stored in the Keychain and just displayed in Safari. You can have a Keychain password that is different than your login password and I believe accomplish what you are after. Unless I am misunderstanding.
     
  3. iCore24 thread starter macrumors 6502

    iCore24

    Joined:
    Jan 6, 2013
    Location:
    Michigan
    #3
    Well you are right, I set up a keychain password, but that only protects Keychain. In Safari password's that display the keychain passwords, it can be accessed by only your login password. I need to find a way to hide the passwords shown in Safari or somehow incorporate the keychain password with safari.
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    How are you seeing the passwords in Safari. All I see in the Safari pref pane is the placeholder dots like below.

    [​IMG]
     
  5. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #5
    This is a good post. Some comments:

    First I use 1Password on all my computers, which has a secondary password... but that has one annoying problem that iOS sandboxing (or whatever they call it) does not allow interaction between password programs and Safrari... which means that I must use 1Password's built in browser. I deal with it... but wish Apple would provide some type of interface to allow password programs to interact with Safari... or alternately, allow an alternate browser to be specified. Because I use 1P... I disable keychain passwords.

    Regarding the OPs specific Mac problem... I would toughen up the log-in password. I have a complex medium length login password (15 characters) that I can type in with blazing fast speed. My fingers are just trained to do it. It is not a dictionary word... and just appears as a bunch of garbage characters... but it takes me so little time to enter. At first it was a pain in the butt, but my finger's "muscle memory" overcame that problem.

    Regarding OP's iOS devices... My recommendation is to replace your iPad when one is released with finger ID. You will take a small financial hit... but it should be minor.

    /Jim
     
  6. iCore24 thread starter macrumors 6502

    iCore24

    Joined:
    Jan 6, 2013
    Location:
    Michigan
    #6
    Thanks Jim. Yea I might just have to that. I am wishing the iPad Air 2 will have a fingerprint scanner, which it should, and am going to upgrade for sure! Now only if the MacBooks had some form of fingerprint reader???

    But Apple should really fix this. Just make the Keychain Access password work with Safari's listed password and boom, fixed!

    ----------

    Yes Weaselboy, but the problem is anyone can see them by the users login password. So I need a long complicated login password just to keep that safe, but will be a pain to login my laptop every time. But the Keychain Access app has an option to make a specific password only for it.

    Apple has to integrate that Keychain Password to Safari so if you want to see the passwords in Safari, the login password won't work, only the Keychain Access password.
     
  7. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #7
    Use a secure password.

    Using a "simple" password is a problem waiting to happen.
     
  8. iCore24 thread starter macrumors 6502

    iCore24

    Joined:
    Jan 6, 2013
    Location:
    Michigan
    #8
    I guess this problem will just die out after every Apple device has touch id...
     
  9. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #9
    Or doesn't exist if one uses a strong account password. I use letters and numbers for mine and it is longer than 10 characters.
     
  10. appleii.c macrumors 6502

    appleii.c

    Joined:
    Mar 18, 2013
    #10
    This is an issue I found recently as well and have since stopped storing sensitive passwords in my keychain (banking etc). In iOS7 when I go to Settings > Safari > Passwords & AutoFill > Saved Passwords, it seems all my Safari KeyChain passwords are all there in plain text. Unless I'm seeing something different, that was a bit of an eye opener.
     
  11. ApfelKuchen macrumors 68020

    Joined:
    Aug 28, 2012
    Location:
    Between the coasts
    #11
    Do you use a passcode? When I do this, I'm prompted for my passcode before the password is revealed.
     
  12. appleii.c macrumors 6502

    appleii.c

    Joined:
    Mar 18, 2013
    #12
    Ah OK, That helps a bit. It would be nice if I could use a separate password for that. I have a few family members that have my passcode to my phone and iPad since I don't mind them using it, but wouldn't necessarily want them having access to all my passwords. But at least I feel a little better that I can keep them private if I ever misplace my phone. Thanks for the tip.
     
  13. glenthompson macrumors 68000

    glenthompson

    Joined:
    Apr 27, 2011
    Location:
    Virginia
    #13
    I'm surprised that you need to enter your password that often. I don't require a password for some time after my screen saver kicks in so it's rare that I have to enter it. Best is to use a long password that quick and easy to type. Unless you're a very slow typist it can be entered quickly. My 1Password master password is over 15 characters and I can type it on my MBP in just a few seconds. Takes a bit longer on the iPad and much longer on the iPhone.

    In this age, a password manager is an absolute necessity. It's very difficult to stay secure without one. You're either repeating passwords or creating unsafe ones.
     
  14. mg10461 macrumors newbie

    Joined:
    Mar 11, 2015
    #14
    Keychain lock doesn't work for safari



    I realize this is an old post, but Ido need help. I tried to enter a strong master password for keychain so that before logging in to safari sites the passwords wouldn't auto load, someone would have to enter a strong password first. But what a nightmare. Aparently a lot of other apps are constantly using keychain in the background, so I am getting constant messages to enter my keychain password. Additionally, it is not accepting the new password, and I had to reset it and then it froze.

    Is there no other way to have to enter a master password in safari before before getting autofill passwords?
     

Share This Page