Apple + Recommended + Security & Privacy

Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works

Posted on January 12th, 2018 by

Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works

Your need passwords to log into websites and services, and it's hard to remember them. Since it's a bad idea to use the same password for each different website — because if one site is compromised, hackers will have an email address and password that they can try on other sites — you need to ensure that your passwords are different, and hard to crack. (A recent episode of the Intego Mac Podcast talks about password strategies.)

Your Macs and iOS devices have a "keychain," which is an encrypted file that stores your passwords and some other information. This file syncs via iCloud, so you can use the same passwords on all your devices. Here's how Apple's iCloud keychain works.

The Keychain Access App on macOS

When Apple's Safari web browser saves a password, it stores it in the keychain.

iCloud Keychain save password screen

The Keychain Access app on your Mac lets you manage these passwords and other information, but you may go for years without ever seeing it. You may never need it, in fact, but if you need to find a password, it's where you go. (You can also view website passwords in Safari; go to Preferences > Passwords.)

The Keychain Access app is located in the Utilities folder in your Applications folder. If you launch it, you'll see a number of items in the sidebar: different keychains, such as Login, and, if you have the iCloud Keychain active (see below), you'll see an entry for that. You'll also see System, which contains some passwords used by the operating system, such as for Wi-Fi networks, and System Roots, which are important certificates that the operating system uses.

Keychain Access in the System Roots keychain

If you click on one of these, such as the login keychain, you'll see a number of categories: All Items, Passwords, Secure Notes, My Certificates, Keys, and Certificates.

  • Passwords include login/password combinations for websites and some apps, Wi-Fi passwords, as well as credit cards stored by Safari.
  • Secure Notes are encrypted files you can create within your keychain with sensitive data. This is a great place to store things like credit card numbers, bank account information, and more. However, you can only access them on your Mac; they don't sync to iOS devices.
  • Certificates and Keys are data used to ensure encrypted communication with websites and services. You will probably never need to look at these.

The main reason to visit the Keychain Access app is if you've forgotten a password. Search for it using the Search field, then double-click your result to view the password. You'll need to authenticate with the name of your user on the Mac, and its password.

Note that while your login keychain is the default, it is unlocked as soon as you log into your Mac. You can increase security by creating a non-login keychain — all this requires is an additional password when you start up or log into your Mac.

Apple's iCloud Keychain

One of the recent enhancements to the Apple ecosystem is the iCloud Keychain. You activate this in the iCloud settings on your Mac or iOS device. This syncs all your passwords to the cloud — where they are encrypted — so when you log into a new website on your iPhone, for example, you'll be able to automatically use that login and password on your Mac.

When you set up a new device, you'll need to approve the use of the iCloud Keychain from another device by entering your iCloud password.

It's easy to use the iCloud keychain. When you visit a website and encounter a login form, Safari (on the Mac or on iOS) will pre-fill the form if it has stored a password for that site. In some cases, you may have multiple passwords — and even login/password combinations — for a site, and you'll see options for what's available. And if none of these options are correct, which may happen if a website has changed its domain, for example, click or tap Passwords to search all the saved passwords.

The macOS and iOS keychain is a great tool that saves time and helps keep you secure. Since you don't need to remember your passwords, you can make them even more secure — so be sure to use Apple's iCloud keychain to stay safe!


New to Mac? Discover more helpful tips at Intego's New Mac User Center!

Want to get the most out of your new MacBook, iMac or other Apple computer? Whether this is your first laptop or you’ve just switched from Windows, there are a few things you should know about your new Mac, like basic keyboard shortcuts or how to use the various features macOS has to offer. Learn more about what your Mac computer can do for you at the Intego New Mac User Center: Get started now!

About Kirk McElhearn

Kirk McElhearn writes about Macs, iPods, iTunes, books, music and more on his blog Kirkville. He is co-host of The Committed: A Weekly Tech Podcast, and a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than twenty books, including Take Control books about iTunes, LaunchBar, and Scrivener. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →