4 Things You Probably Didn’t Know about Apple’s iCloud Keychain Feature
Note: This page refers to older versions of Keychain. We have an updated (2021) article about iCloud Keychain features.
Even if you don’t use it, you probably already know that the basic purpose of your Mac’s Keychain software is password management. iCloud Keychain is meant to make browsing the web, connecting to Wi-Fi networks, making credit card payments online, and other day-to-day internet tasks easier, by remembering all of your usernames, passwords, credit card numbers, Wi-Fi network codes, and more across all OS X computers and iOS devices. So long as you have iOS 7.0.3 or later installed on your iPhone or iPad, and OS X Mavericks 10.9 or later installed on your computer, you can use keychain to make your life easier.
But what about the things you don’t already know about iCloud Keychain? We’ve come up with four of the feature’s less-discussed talking points below.
It’s protected by 256-bit AES encryption
When you use Keychain on your Mac computers or iOS devices, you are taking advantage of arguably the most secure part of Apple’s entire iCloud system. Keychain passwords and credit card numbers are encrypted with 256-bit AES (Advanced Encryption Standard). In comparison, other types of data on iCloud (including photos, calendars, and even the “Find My iPhone” function) are only encrypted with a minimum of 128-bit AES. In addition, Apple says that Keychain information is secured with “elliptic curve asymmetric cryptography and key wrapping.” Bottom line, Apple takes the protection of your Keychain very seriously—in case you needed peace of mind that the feature was safe to use.
It can also suggest and create passwords for you
In addition to protecting your passwords, iCloud Keychain is actually able to suggest passwords for you to use to protect your computer and accounts. When you set up accounts online, Keychain will sometimes suggest passwords that are borderline impossible for anyone else to guess. These passwords are then stored directly in your Keychain, so that you can access them and use them automatically when you need to access the site in question. With passwords as strong as the ones Keychain suggests, the only way anyone would really be able to get into your accounts would be to hack your entire Keychain—which, thanks to the encryption and security that Apple uses for the feature, is unlikely to happen.
You can use it to store secure notes
Are there pieces of information, other than passwords, usernames, or credit card information that you want to keep secure and hidden from prying eyes? With Keychain, you can keep just about any information secure—be it a software license key or a to-do list for planning a spouse’s surprise birthday party. The software has a “secure notes” feature that can be used to safe small bits of text in your Keychain, alongside passwords and credit card information.
To create a secure note, just open up Keychain Access on your Mac! You’ll find it by opening the Utilities folder, which you can find in the Applications folder. Once you’ve launched Keychain Access, just select the “Secure Notes” category from the sidebar and click the “+” button at the bottom of the application window. From there, you can name the note, type in the text, and click “Add.” Just like that, there’s a secure note hidden away in your Keychain that can only be accessed with a password. It’s a better way of stowing sensitive information than putting it in a Word Document, and something that will be easier to find later than a piece of paper you file physically.
You can lock your Keychain or change the password at any time
By default your Keychain is open and the password for accessing it is the same as the password to login to your Mac account. Both of these things can be changed at any time. To lock your Keychain, just launch the Keychain Access utility—as described above—and click the lock icon at the upper left-hand corner of the window. This action will keep Keychain from using automatic login information for websites, bank accounts, email accounts, etc., and will make sure that your credit card numbers aren’t auto-filling. Shutting off the login Keychain is a good idea if you are letting a guest use your computer. You can turn the Keychain back on by opening Keychain Access, clicking the lock again, and entering you Keychain password.
Speaking of your Keychain password, by default, it will be set up to match the password you use to access your account at startup. To do this, just open Keychain Access, select the “Edit” tab from the dropdown menu bar at the top of the screen, and click “Change Password for Keychain…” You’ll need to provide your current password and type the new once twice to verify. Keychain will tell you how strong or weak your new password is.