An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#5124 - 10/19/09 06:17 AM Keychain - Do I want to?
Gregg Offline


Registered: 08/04/09
Loc: Milwaukee, WI (USA)
I've never used it, so that makes this a (potential) New Users topic. Being a late adopter of OSX, when I made the switch nearly two years ago, Keychain was old news. I've been getting MacWorld since then, but they've long since moved on to other things.

The primary reason I haven't used Keychain is that I don't know how to. Even my "Dummies" book doesn't help much: "...choose yes to add the password to the keychain." Yeah, right. I've never seen that prompt.

Maybe I have to just create a keychain following the steps in Mac Help and go from there, if it's worth it. It's not like I'm having trouble managing passwords, or afraid of password theft. But, I just read an article in Newsweek about new security measures in development, and got to wondering...

Top
#5129 - 10/19/09 09:06 AM Re: Keychain - Do I want to? [Re: Gregg]
dkmarsh Offline

Moderator

Registered: 08/04/09

Actually, you have used it. For proof, open Keychain Access (in /Applications/Utilities) and peruse the login keychain, all items category.
_________________________

dkmarsh • member, FineTunedMac Co-op Board of Directors

Top
#5130 - 10/19/09 09:18 AM Re: Keychain - Do I want to? [Re: Gregg]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
You already have two keychains, whether you know it or not. The "System" keychain is located in /Library/Keychains and has a file name System.keychain. Your personal login keychain is found in your home folder ~/Library/Keychains and has the name Login.keychain. By default your keychain password is the same as your logon account password and it is automatically unlocked each time you logon.

When you setup your email account in Mail the login passwords for your email accounts were stored in the Login keychain. In Safari > Preferences > Autofill if you have User Names and Passwords checked each time you enter a userid and/or password for a particular web site or enter a new userid and/or password for a site, you should be prompted you will be prompted to save the userid/password. If on the other hand the information is automatically filled in on the form that means the userid/password is already stored in your keychain.

If you would like to see the contents of your keychains, launch /Applications/Utilities/Keychain Access and you can see the stored information.

Through keychain access you can use the "notes" feature of Keychain to store information you wish to keep secure
_________________________
joemikeb • moderator

Top
#5133 - 10/19/09 10:17 AM Re: Keychain - Do I want to? [Re: joemikeb]
Gregg Offline


Registered: 08/04/09
Loc: Milwaukee, WI (USA)
Originally Posted By: joemikeb
When you setup your email account in Mail ...


Never did that either. Don't use Mail. Will try looking to see what's in Keychain. Next step: making use of it. (??)

Top
#5154 - 10/19/09 07:48 PM Re: Keychain - Do I want to? [Re: Gregg]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: Gregg
Originally Posted By: joemikeb
When you setup your email account in Mail ...
Don't use Mail.
Next step: making use of it. (??)

Entourage too offers to store account passwords in the keychain. This also happens with passwords for LAN (including Airport) and encrypted disk image (Disk Util) access, as with iTunes' Store account passwords and those for web page access. And all this is triggered by you entering your account password to access your Mac.

The whole thing about keychain use is that it's transparent: you never actually have to open the utility. All you see of it is the occasional dialog box asking if you want to store a password, and the utility takes care of the rest: safe storage and autofilling the appropriate password box when presented with it later.
_________________________
alternaut moderator

Top
#5156 - 10/20/09 12:32 AM Re: Keychain - Do I want to? [Re: Gregg]
artie505 Online


Registered: 08/04/09
Quote:
joemikeb: By default your keychain password is the same as your logon account password and it is automatically unlocked each time you logon.

Keychain Access also has a security feature that enables you to use a different password to unlock your keychain, so its contents don't necessarily have to be "public info."
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#5159 - 10/20/09 06:13 AM Re: Keychain - Do I want to? [Re: alternaut]
Gregg Offline


Registered: 08/04/09
Loc: Milwaukee, WI (USA)
Don't use Entourage either.

Sometimes I encounter web pages asking for a password. Does that mean it's not compatible with Keychain? When you are prompted to save a password, is there some identifying logo that tells you Keychain is in operation?

I noticed some duplicate lines in the list. I figure it can't hurt to delete one of them.

Top
#5161 - 10/20/09 06:17 AM Re: Keychain - Do I want to? [Re: Gregg]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
It probably means there is a NOFILL tag on the password field which Safari and keychain will honor. It is a security measure taken by the site.
_________________________
joemikeb • moderator

Top
#5163 - 10/20/09 06:27 AM Re: Keychain - Do I want to? [Re: Gregg]
alternaut Offline

Moderator

Registered: 08/04/09
- When you see web pages asking for a password every time you visit, joemikeb's reply applies. If it happens only on the first visit you see a normal action involving Keychain.
- There is no Keychain logo in dialog boxes requesting information to be stored in Keychain. Such dialogs may differ in detail depending on the application you're using.
- The fact that you find entries in Keychain Access at all (duplicate or not) demonstrates your previous (transparent) use of the utility.
_________________________
alternaut moderator

Top
#5165 - 10/20/09 10:19 AM Re: Keychain - Do I want to? [Re: alternaut]
Gregg Offline


Registered: 08/04/09
Loc: Milwaukee, WI (USA)
Indeed, it does. It just works (when allowed) on its own. No wonder I've never seen anything on how to use it.

Are there other reasons (besides eliminating duplicates) to open the Keychain list?

One of my duplicates appeared to have a space before the user name (I think). That could explain the double entry.

Top
#5169 - 10/20/09 12:21 PM Re: Keychain - Do I want to? [Re: Gregg]
artie505 Online


Registered: 08/04/09
> Are there other reasons (besides eliminating duplicates) to open the Keychain list?

I periodically check what's in my keychain to make certain I haven't hit the wrong radio button and allowed something I meant to disallow.

(In conjunction with looking at your keychain, Gregg, you ought to also take a look in Safari>Prefs>AutoFill to see what's enabled there.)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#5170 - 10/20/09 01:16 PM Re: Keychain - Do I want to? [Re: Gregg]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Some of the apparent double entries in a keychain may represent entering a particular site through a different login portal, sometimes it is because the site login itself has changed while still others, as you indicate, may the result of a typo at some point.

Keychains may become corrupted requiring running Keychain Access > Keychain Repair and in worst case scenarios deleting and recreating the keychain, but that seems to occur much less frequently as OS X has matured. cool
_________________________
joemikeb • moderator

Top
#5179 - 10/21/09 06:10 AM Re: Keychain - Do I want to? [Re: artie505]
Gregg Offline


Registered: 08/04/09
Loc: Milwaukee, WI (USA)
Everything in Autofill is checked. I think that must be the default, as I wouldn't have had any reason to change it.

(thanks for that info, joemikeb)

Top
#5192 - 10/21/09 05:39 PM Re: Keychain - Do I want to? [Re: Gregg]
artie505 Online


Registered: 08/04/09
Sorry for not being specific...

Next to each of those checked items is an "Edit" radio button; click on each one and make sure you're happy with what you see.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#5202 - 10/22/09 05:56 AM Re: Keychain - Do I want to? [Re: artie505]
Gregg Offline


Registered: 08/04/09
Loc: Milwaukee, WI (USA)
Well, the "User Names and Passwords" list only shows Websites and User Names. As in Keychain, some are duplicated. I don't recognize many of the websites. So, I'll pretend I didn't do that, and don't know there is anything I might want to fix.

Top
#5214 - 10/22/09 02:14 PM Re: Keychain - Do I want to? [Re: Gregg]
artie505 Online


Registered: 08/04/09
Originally Posted By: Gregg
Well, the "User Names and Passwords" list only shows Websites and User Names. As in Keychain, some are duplicated. I don't recognize many of the websites. So, I'll pretend I didn't do that, and don't know there is anything I might want to fix.


I'll suggest that you trash the dupes and any entries you don't recognize, unless, of course, somebody else uses your Mac and may be responsible for/using them. (As a matter of fact, though, if a website is listed in AutoFill your Mac has visited it at some point.)

Note that AutoFill stores passwords unless the entry next to a website's address says "Passwords Never Saved."
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#5233 - 10/23/09 06:14 AM Re: Keychain - Do I want to? [Re: artie505]
Gregg Offline


Registered: 08/04/09
Loc: Milwaukee, WI (USA)
Yes, I figured as much. And after all, the purpose is to make it so that you don't have to memorize the password! Only one of mine has that disclaimer noted.

There are two users, one User Account. I have the websites right there in front of me. I don't think I want to visit the ones I don't recognize just to see if I want to trim the list down. It's not hurting anything.

Top

Moderator:  alternaut, dianne, dkmarsh