brian on 2007.03.11
at 07:29 pm
Hey, if you have a Mac, especially with 10.4 (Tiger) you’re really missing out if you’re not using Keychain Access.
Boring it sounds, I’m sure, but it’s terribly useful, and I’ve been using it since Tiger came out. There are a number of websites for which you would want to store your (many) usernames and (many) passwords but you don’t want these passwords stored in your browser’s autofill, and there are some situations where the web browser won’t recognize what you’re typing as a username and password and autofill isn’t even an option. For you there is Keychain Access.
- Launch Keychain Access (KA) from your Utilities folder.
- If your keychain is currently locked, (not the padlock in the top right corner, open, or closed? click it to change its status) make sure it is unlocked for this exercise.
- Click File > New Password item…
- Fill in the fields: Item name = website, account name, password. Also, if you’re interested in creating an ultra-secure password, click the key icon next to the password field for assistance: it will craft one for you, or rate the quality of yours.
- Click add.
You retrieve your passwords here, as well, in the iTunes-inspired interface. Find them easily by typing a couple letters from the item name into the search box… you can even look up passwords your applications have stored, because they live here too, in human readable form. So if Safari already knows your Yahoo! password, you can manually look it up here.
Admittedly, that’s not the most exciting thing in the world, but we’re just beginning.
Next under the File menu is “New Secure Note Item.” The work flow is almost identical to the above. This allows you to save any text in full, government grade 128 bit AES encryption. I use this for many things, but the most common thing is I store my software licenses in this format. I’m not too worried about my license numbers encrypted, but since I have other data that is sensitive encrypted in other secure notes, I back my keychain up religiously. Thus, I should never loose my license numbers. Some people go so far as to store their credit card info in here, so they can cut and paste for e-commece transactions. If you store that stuff in a plain text file and you loose the machine, it’s stolen, your hard drive breaks and it gets replaced, someone could easily retrieve your data. I hope no one is doing that with their credit card number, but I know from my experience in tech support that many, many people keep all their names and passwords for websites in a plain text file… so what’s the difference if you loose your bank’s login info, and not your credit card info? Not a lot. Perhaps you’d like to keep a copy of someone’s social security number? Or your license number, or bank or brokerage account numbers, tax ID numbers? Loss of these would be devastating. Instant identity theft.
But Apple has given us an excellent tool for storing this information, sitting quietly in the background. Go check it out. I force the application to ask me for a keychain password for accessing any password, but you can opt to open your keychain once when you log in, and have access to anything in your Keychain without entering a password. If you do this, you’ll want to enable the Keychain menu bar item, (enable in the Keychain Access Preferences) which allows you to instantly lock your screen and keychains when you walk away (so you can use the facilities, for instance). This will also have the side effect of launching your default screen saver. To pull your machine from screen saver, the login password will be required. If you’re using a laptop and the power drains, the machine will not wake from sleep without the password.
I keep Keychain Access in my dock and use the Keychain menu bar item as well.
We’ve only touched on a few things that most people could use from Keychain Access, but that’s all we have time for today. A tangentially related tip will follow about the use of Encrypted Disk Images for storage of other sensitive data that’s not easily shoehorned into the Keychain.
Comments have been automatically disabled to curtail spam.