Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are your passwords safe?

Joe Kissell | May 3, 2013
How to keep your accounts as secure as possible

Change the login keychain's password

When you first set up a user account, the account's login password is also assigned to the login keychain, where new passwords are stored by default. So you can simply enter the password you use with your account to uncover a keychain item's secrets.


Password Attributes. Double-click an item in Keychain Access, and you'll get a window that shows its attributes.

If there's a flaw in the Keychain Access security setup, this is it. Anyone who knows your account's password can access the items in this keychain and then discover your other passwords. If you're concerned about that vulnerability, you can easily change the password for the login keychain.

In Keychain Access, select the login keychain and choose Edit > Change Password For Keychain 'login'. You'll be prompted to enter your current password (the one you now use for your user account) and then enter and verify a new password. To do this, log out of your account and then back in; when the Mac needs to use one of the passwords stored in the login keychain, you'll be prompted to enter it.

Auto-lock the keychain

By default, once you've logged in, your keychain will be unlocked, which isn't terribly secure if others can access your Mac when you're not around. You can add a level of security that auto-locks your keychain. To do that, launch Keychain Access, select your login keychain and choose Edit > Change Settings for Keychain login.

The sheet that appears shows two options: 'Lock After X Minutes of Inactivity' and 'Lock When Sleeping'. If you choose the first option and configure it to read something like five minutes, your keychain will automatically lock if it hasn't been accessed in the previous five minutes.

If an application needs access to your keychain after that time limit has expired, you'll be prompted for your login keychain password. If you enable the 'Lock When Sleeping' option, your keychain will lock when your Mac goes to sleep. Click Save to implement the options you selected.


Starting over. If you forget your login keychain's password, you must delete the old keychain and create a new one.

If you forget

You've changed the login keychain's password and forgotten the new password. Is there any hope? Regrettably, no. Apple uses the Triple Digital Encryption Security standard, or 3DES, to secure the keychain. You'll just have to start over.

Remove the old login keychain from Keychain Access and create a new one: in the Finder, select Go > Go to Folder, and enter youruserfolder/ Library/Keychains. A Keychains folder containing your personal keychains will open. Find the login.keychain file, and drag it to a safe place on your Mac.

 

Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for CIO Asia eNewsletters.