How To

Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works

Posted on November 18th, 2020 by

You use passwords to log into websites and services, and since there are so many of them, it’s hard to remember them. It’s a bad idea to use the same password for different websites, because if one site is compromised, hackers will have an email address and password that they can try on other sites. Because of this, you need to ensure that your passwords are different for every website and app, and that they are hard to crack. (An episode of the Intego Mac Podcast talks about password strategies.)

Your Macs and iOS devices have a "keychain," which is an encrypted file that stores your logins, passwords, and some other information. This file syncs via iCloud, so you can use the same passwords on all your devices. Here’s how Apple’s iCloud keychain works.

The Keychain Access App on macOS

When Apple’s Safari web browser saves a password, it stores it in the keychain.

The Keychain Access app on your Mac lets you manage these passwords and other information, but you may go for years without ever seeing it. You may never need it, in fact, but you can use it if you need to find a password. (You can also view website passwords in Safari; go to Preferences > Passwords.)

The Keychain Access app is located in the Utilities folder in your Applications folder. If you launch it, you’ll see a number of items in the sidebar: different keychains, such as Login, and, if you have the iCloud Keychain active (see below), you’ll see an entry for that. You’ll also see System, which contains some passwords used by the operating system, such as for Wi-Fi networks, and System Roots, which are important certificates that macOS uses.

If you click on one of these, such as the login keychain, you’ll see a number of tabs at the top of the window: All Items, Passwords, Secure Notes, My Certificates, Keys, and Certificates.

  • Passwords include login/password combinations for websites and some apps, Wi-Fi passwords, as well as credit cards stored by Safari.
  • Secure Notes are encrypted files you can create within your keychain with sensitive data. This is a great place to store things like credit card numbers, bank account information, and more. However, you can only access them on your Mac; they don’t sync to iOS devices.
  • Certificates and Keys are data used to ensure encrypted communication with websites and services. You will probably never need to look at these.

The main reason to visit the Keychain Access app is if you’ve forgotten a password. Search for it using the Search field, then double-click your result to view the password. You’ll need to authenticate with the name of your user on the Mac, and its password.

Note that while your login keychain is the default, it is unlocked as soon as you log into your Mac. You can increase security by creating a non-login keychain — all this requires is an additional password when you start up or log into your Mac.

Apple’s iCloud Keychain

Apple added the iCloud Keychain to enable this data to sync, via iCloud, to all your devices. You activate this in the iCloud settings on your Mac or iOS device. This syncs all your passwords to the cloud — where they are encrypted — so when you log into a new website on your iPhone, for example, you’ll be able to automatically use that login and password on your Mac.

It’s easy to use the iCloud keychain. When you visit a website and encounter a login form, Safari (on the Mac or on iOS) will pre-fill the form if it has stored a password for that site. In some cases, you may have multiple passwords — and even login/password combinations — for a site, and you’ll see options for what’s available. And if none of these options are correct, which may happen if a website has changed its domain, for example, click or tap Passwords to search all the saved passwords.

Viewing Passwords on iOS

iOS does not have a Keychain Access app; instead, you can view passwords in the Settings app. Tap Passwords, then you’ll see a long list of websites. Tap one of them to see its user name and password. If you tap either a user name or password, you’ll see a pop-up menu allowing you to copy that item, or to AirDrop it to someone else. If you tap the share button at the top of the screen, you can AirDrop both the user name and password to a friend or family member. This is useful if you’ve changed your Netflix password, for example, or for websites where you share login credentials.

The Passwords setting on iOS includes a security feature that can help ensure that your passwords are secure. In Security Recommendations, you may see an alert if you’re using the same password on multiple websites, or if your user name, email, and password were found in a data breach. Tap it to see a list of logins you should change; tap Change Password on Website to go to the website in question to update the password.

On macOS, you can see a similar feature in Safari. Go to the Passwords preferences. You’ll see an alert icon for "Security recommendations available." If you click those icons next to any login, Safari shows passwords that are reused or "easily guessed," and you can click a link to change them.

The macOS and iOS keychains are great tools that save time and helps keep you secure. Since you don’t need to remember your passwords, you can make them even more secure, so be sure to use Apple’s iCloud keychain to stay safe!


How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

We discussed the iCloud keychain and more in episode 22 of the Intego Mac Podcast.

You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, and YouTube.

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →