Keychain - should the login keychain be unlocked?

bulldoze

macrumors regular
Original poster
Mar 15, 2011
220
50
I have google searched this but cannot find an answer. I was looking at the Keychain Access this afternoon and noticed that the login keychain was unlocked. I locked it but then could not view webpages unless I unlocked it again - is this usual behaviour or have I messed up the keychain somehow?

Thanks.
 

casperes1996

macrumors 603
Jan 26, 2014
5,071
2,952
Horsens, Denmark
I have google searched this but cannot find an answer. I was looking at the Keychain Access this afternoon and noticed that the login keychain was unlocked. I locked it but then could not view webpages unless I unlocked it again - is this usual behaviour or have I messed up the keychain somehow?

Thanks.

The login keychain locks itself whenever you log out of your account. Whenever you're logged in, it should be unlocked.

Or at least this is how I believe it works - I've written an extensive paper on iOS security and am inferring how the Mac handles things based on that. It would be the most logical answer however. Unlocked doesn't mean anything can access everything in your keychain. Locked however means nothing can without you entering the admin password.
 

Goatllama

macrumors 6502a
Jun 24, 2015
617
631
Mountaintop Lair
The login keychain locks itself whenever you log out of your account. Whenever you're logged in, it should be unlocked.

Or at least this is how I believe it works - I've written an extensive paper on iOS security and am inferring how the Mac handles things based on that. It would be the most logical answer however. Unlocked doesn't mean anything can access everything in your keychain. Locked however means nothing can without you entering the admin password.
Excellent! I know I'm not the OP, but I've had this question for a while as well, just never cared enough to look too far into it.
 

casperes1996

macrumors 603
Jan 26, 2014
5,071
2,952
Horsens, Denmark
Excellent! I know I'm not the OP, but I've had this question for a while as well, just never cared enough to look too far into it.
Well, glad to help :). For further reading if anyone is interested, I would first recommend looking into what is called private-public key cryptography. It's used almost everywhere today.
Then after that, Apple has a lot of documentation on how their security works explaining their various key levels and whatnot. It's all brillant stuff and sometimes it literally sounds like it's a spy film or something.
 
  • Like
Reactions: Goatllama

KALLT

macrumors 603
Sep 23, 2008
5,136
3,184
The login keychain is indeed unlocked by default and it matches the account password. It is possible to change this behaviour, but not recommended for the reasons given.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.