Exclusive LG phones only from AT&T
Getting to know your Mac: Keychain Access
Passwords
The greatest attribute to Keychain Access is the storage of passwords. As mentioned earlier, Keychain Access stores passwords for many of your most important processes. If you forget a network password or can't seem to recall a password for a mounted volume, Keychain Access will have it stored for you.
1. Open Keychain Access, which is located in Applications > Utilities.Occasionally users may experience issues with passwords in applications. Network settings and Mail settings can get confused when passwords are changed or deleted in the program and Keychain Access does not get updated. You may find that you have two passwords listed for the same account (like a Mail account for instance). In this case, delete the older passwords and this should resolve your issues in Mail. If you see passwords to programs, networks, or Web forms that you no longer access, you should delete these passwords to avoid similar confusion.
2. From the "Keychains" list, select a Keychain to search. The defaults are "log-in," "System," and "System Roots." Most of the information you are likely to need will be in either "log-in" or "System."
3. From the "Category" list, click on Passwords. If you have a lot of passwords, you can use the drill down triangle to select a password type (AppleShare, Application, or Internet).
4. Once you find the password you need, double-click the item and select the "Show password" check box near the bottom of the Attributes tab. Enter your administrator password and select "Allow."
5. Your password will appear, and you're ready to go.
6. From this window you may also select the Access Control tab. This will allow you to choose which applications (or all applications) have access to this password. You may also select to confirm before allowing access and require the Keychain password.
Certificates
If you are having issues with certificates (typically an error message saying that the certificate isn't accepted because the certificate authority's root certificate isn't trusted by your computer or your certificate is expired or invalid to use), you can use Keychain Access to properly distribute access settings.
1. Obtain the root certificate from the certificate authority. Safari will display the root certificate as part of an error message. You can drag the root certificate icon to the desktop.
2. Double-click the certificate icon to open Keychain Access. Choose a Keychain from the pop-up menu and click OK. You may have to provide an administrator's username and password.
3. Double-click the certificate and click the drill down triangle for "Trust" settings.
4. To override any of the settings, select a new option from the drop-down menus.
Applications asking for access to your Keychain
When you activate any item that is protected by a password (a network connection or mail server) the application will attempt to retrieve the password from your Keychain. Keychain requests your permission to provide the password to the application. There are three options that Keychain Access will prompt you with:
1. Allow Once. Selecting this will do exactly what it says. The application will have permission to access this password one time and must ask again if it would like to access it again.Secure Notes
2. Always Allow. Selecting this option will forgo the need to continually type in your password for applications that constantly require access to a particular password, such as Mail.
3. Deny. Selecting this will prevent the application from retrieving your password. In order to complete this process, you must enter your password manually.
Keychain Access provides a handy and secure place to keep important notes, right inside the program. Simply select "Secure Notes" from the "Category" list and click the ( ) button at the bottom of the window. Enter a name for the note and the contents and click Add.
Keychain First Aid
If you are having issues with your Keychain passwords, you can run a built-in First Aid to verify and repair the problems. From the Keychain Access menu, select Keychain First Aid. Enter your password and click the radio button to Verify or Repair and click start.
Notes of caution
Changing passwords and settings can cause security risks in your computer, especially if you are using a shared machine. If you are encountering password-related issues and do not feel comfortable using Keychain Access to solve them, call someone who might. Apple's phone technical support is some of the best in the business and several local technicians are very adept at solving issues with Keychains.
Keychain Access Scenarios
There may be times when you've accessed network resources, or logged into other systems with different credentials than those stored in your keychain. For kerberos single sign-on events such as logging into an AFP share, this can be frustrating since every time you access the resource it will use the supplied password and not the one from your keychain. Granted in some instances you can log out of the service, but for some others this might not be as easy. One thing Keychain Access provides is a kerberos ticket manager (in the "Keychain Access" menu), which you can use to cancel the single sign-on event and be prompted for a password the next time you access a resource that requires your password. If at any time you log in with the wrong credentials and cannot log out or find some way to re-authenticate, check the kerberos ticket viewer to see if a kerberos ticket is active. Canceling it should allow you to re-authenticate without having to restart the system.
Managing Logins
You can also use Keychain Access to manage and limit logins for specific applications. There are three options for how a password can be accessed. The first is to always allow all applications to access the password, prompt for confirmation before giving access to the password, and further protecting the second option by requiring you to enter your keychain password each time you want to confirm an application's access. These can be set up by double-clicking a keychain entry and using the "Access Control" tab. With this, you can provide different levels of security for various applications, and prevent some that you might have automatically launch from accessing a password without you knowing about it. Requiring the entry of the keychain password (login password) will prevent unauthorized users at your workstation from just clicking "allow" and letting the application access the password.
Organizing Keychain Access
One final thing you can do is organize your passwords (which can be useful if you use Keychain Access a lot). By default when you have an application store passwords in the keychain, a new entry will be made with the name of that application, which can result in a keychain entry for every application (or other uniquely named resource). If you use the same login and password for various applications, you can create an "application password" entry and have it be shared among several applications, instead of having each one create a password entry. This can also be coupled to access-control settings to have the applications bound to the specific password be able to freely access it, but have other applications require prompting for access to their password.
A word of note, keychains are accessed by applications in alphabetical order. As such, if you store user "abc" in a keychain and bind it to a program, and then do the same for user "bcd" and bind it to the same program, when the program is opened only user "abc's" credentials will be supplied to the program. This limitation of having only one login/password is usually not a problem, but if you've got different credentials for logging into the same server (ie: one set for accessing a web folder, and another set for accessing a backup folder), then this can be a limitation of Keychain Access since it will only provide one for that server.
Experiencing problems? Have feedback? Let us know!
Resources
You state "... several local technicians are very adept at solving issues with Keychains." Local? Local to what?
Yesterday I had a strange problem on a MacPro, not long after updating to 10,5,6.
After creating a new mail account successfully at the next start up of the Mac and Mail I was asked to enter my "login keychain pass word" !
Having never had a pass word on the Mac I was a little puzzled.
Tried repair in key chain access unsuccessfully.
Deleted "login keychain", created a new one and restarted the Mac.
Then there where two "login keychains" !
Then I was able to apply a new password to the "login keychain" and Mail stopped asking me for the "login keychain pass word.
However there are still two keychain logins and I can't get rid of one. When I try both of them dissapear from my library and I have to create another and there I have two again? rather puzzling. I've tried authorization repairs and restarts, creating an account pass word? all to no avail.
More strange, today I have the same trouble on my MacBook and have done no changes there for a while. I wonder if there is not some bug doing this as I have never seen this happen before and I follow more than 100 Macs !
Anyone else having this problem lately ? I would appreciate any advice.
Unless we were reading different posts, I think the entire first half of the article was the overview of Keychain Access that you so desperately crave. I felt as though it was a very clear look at that little app and defined the basic processes very nicely.
I would think that the mention of local service providers would mean local to you (the reader) as it does in any other article anywhere it is written.
If you need hand-holding, perhaps using the Dictionary App on your Mac would help - unless you would need me to define that and give you an overview?
define "kerberos ticket"
Kerberos is a single sign-on technology that's widely used. OS X uses it all the time, and the way it works is to issue you an authentication "ticket" when you first provide login credentials for a service. This ticket is stored for about 10 minutes before it expires, and in the mean time you can access the service without having to keep providing your password, or otherwise have your password "stored". The combination of the password keychain and "ticket" allow you to rather seamlessly use your mac without having to remember a bunch of passwords. Services that use kerberos include the file sharing protocols (AFP, SMB) that you use to log into other systems in order to access files.
You can google "kerberos" and "kerberos ticket" to read more about them.
I have been having a keychain issue regarding my Skype account. The password for it is stored in keychain access however, when I try to access it to see what it is, the "show password" box will not allow me to put the check mark in it. I see the checkmark only for as long as a I click on the box but it won't stay or proceed further.
It's the only application in my keychain that behaves this way - I can access passwords for all other items. I have tried using the keychain repair utility to no avail and attempts to recover the password from Skype have not been successful as it appears they don't have my email address on record. So there's no option other than to set up a new account which I'd prefer not to do as I can still sign on at my main computer but can't use Skype on others.
Try moving the com.apple.keychainaccess.plist to your Desktop. Reboot, and see if that clears things up. It can be found here...
/Users/Home/Library/Preferences/com.apple.keychainaccess.plist
Cheers!
Thank you much for the advice but, unfortunately, it did not work.
I still get the same result when trying to see the password. Any other suggestions?
1- Keychain Password
Your keychain password is typically your Mac OSX login password. If you change your login password however I believe the keychain password remains the original one unless you change it in Keychain Access. (This at least used to be the behavior. This may have changed to automatically change the keychain password too, but I am not sure.) I think it's a good idea to have your keychain password different from the login. I made the keychain particularly easy to type since it gets used so much more.
2-
Secure notes is a great place to keep personal info. I have a list of all bank accounts & credit cards and all the associated pins. Also family social security numbers, etc. It is pretty darned secure.
3- If you have a MobileMe account you can have your keychain automatically synced on all your computers. This also acts as a backup.
4- Finally, for utmost security, the most sensitive passwords - my main bank and stock accounts - I do not save in the keychain, and each are unique.
- by jazam419 January 26, 2010 6:44 PM PST
- OK
- Like this Reply to this comment
-
(11 Comments)