Change the login keychain's password
When you first set up a user account, the account's login password is also assigned to the login keychain, where new passwords are stored by default. So you can simply enter the password you use with your account to uncover a keychain item's secrets.
If there's a flaw in the Keychain Access security setup, this is it. Anyone who knows your account's password can access the items in this keychain and then discover your other passwords. If you're concerned about that vulnerability, you can easily change the password for the login keychain.
In Keychain Access, select the login keychain and choose Edit > Change Password For Keychain 'login'. You'll be prompted to enter your current password (the one you now use for your user account) and then enter and verify a new password. To do this, log out of your account and then back in; when the Mac needs to use one of the passwords stored in the login keychain, you'll be prompted to enter it.
Auto-lock the keychain
By default, once you've logged in, your keychain will be unlocked, which isn't terribly secure if others can access your Mac when you're not around. You can add a level of security that auto-locks your keychain. To do that, launch Keychain Access, select your login keychain and choose Edit > Change Settings for Keychain login.
The sheet that appears shows two options: 'Lock After X Minutes of Inactivity' and 'Lock When Sleeping'. If you choose the first option and configure it to read something like five minutes, your keychain will automatically lock if it hasn't been accessed in the previous five minutes.
If an application needs access to your keychain after that time limit has expired, you'll be prompted for your login keychain password. If you enable the 'Lock When Sleeping' option, your keychain will lock when your Mac goes to sleep. Click Save to implement the options you selected.
If you forget
You've changed the login keychain's password and forgotten the new password. Is there any hope? Regrettably, no. Apple uses the Triple Digital Encryption Security standard, or 3DES, to secure the keychain. You'll just have to start over.
Remove the old login keychain from Keychain Access and create a new one: in the Finder, select Go > Go to Folder, and enter youruserfolder/ Library/Keychains. A Keychains folder containing your personal keychains will open. Find the login.keychain file, and drag it to a safe place on your Mac.
Sign up for CIO Asia eNewsletters.