Look up any stored password, and then some

We need to connect a PC laptop to our wireless router.  The computer can find the network, but I don’t know the password. Where should I look?

Your Mac does a very cool thing with passwords: It stores them in a single file called the “keychain,” which is locked with the password that you use to log into your Mac.

Here’s that paragraph in slightly more geeky terms: The keychain is locked with military-grade encryption, typically with the password assigned to your user account. Each user gets their own keychain, and the default keychain name is “login,” though you can rename it or create multiple keychains. Whenever you see a checkbox option for “Remember password in keychain,” or when Safari asks whether you want it to remember a particular password, that login will get stored in the keychain. (If Safari never presents you with that option, go to Safari > Preferences > AutoFill, and turn on “User names and passwords.”)

You can find passwords in your keychain using the Keychain Access utility, which you can find, along with everything else on your Mac, through Spotlight, or by going to Macintosh HD/Applications/Utilities.

Here’s a good tutorial with screenshots on using Keychain Access. And here are Apple’s instructions:

To display your passwords in Keychain Access:

  1. Open Keychain Access, located in the Utilities folder in the Applications folder.
  2. Select a keychain.
  3. Click Passwords in the category list.
  4. Use the Passwords category disclosure triangle to reveal the types of passwords, and then choose a password type.
  5. Double-click a keychain item.
  6. Select the “Show password” checkbox.
  7. Enter your keychain password.
  8. To display your password, click Allow. [Editor’s note: don’t choose Always Allow, or Keychain Access will always diplay that password without entering your master password.]

It’s worth mentioning here that sometimes we encounter problems with the keychain, usually having some application keep asking for the password. This post on the Apple Discussion boards runs through some techniques to address those issues, but the first step is to go to the Keychain Access menu (top left, up by the Apple), and click on Keychain First Aid. Enter your keychain password, and click Repair. If it finds any errors, click Repair one more time. If the errors are intractable, refer to the post on Apple Discussions.

For Your Eyes Only

Now, one feature of Keychain Access that’s frequently overlooked is Secure Notes. Too often, we’ll run into someone who has put private information someplace way too public, say the address book, or in Stickies. I try not to let abject horror that I’m feeling show on my face, but I pretty quickly move into a discussion of how to protect your computer and phone from unwanted eyes — turning off automatic login, and setting a passcode lock on the iPhone, at the very least.

Of course, I prefer to keep such data digitally, and passcode-protected, rather than have someone scrawl their passwords on a piece of paper. That’s where Secure Notes comes in. Apple’s instructions:

  1. Open Keychain Access, located in /Applications/Utilities.
  2. Click Show Keychains if the Keychains list is not open, then select the keychain you want to use (if your keychain is locked, click the lock icon then enter your keychain password to unlock it).
  3. Choose File > New Secure Note Item.
  4. Type a name for the note that will help you remember what it is.
  5. Type the information you want to preserve in the Note box, or paste text you’ve copied or cut from another document.
  6. Click Add.

Is there another way?

You bet. I recently started using the awesome app 1Password — $39.95 from Agile Web Solutions — and I’m thoroughly impressed with it. These are the distinctions Agile makes between their program and the Mac keychain scheme:

  • Store and provide easy access to more than one account for any website.
  • Correctly handle financial websites which often disable storing passwords in Safari’s AutoFill.
  • Integrate with multiple browsers, including Safari, Fluid, Firefox, DEVONagent, OmniWeb, NetNewsWire, Flock, Netscape Navigator, and Camino.
  • Eliminate the need to synchronize your data between browsers.
  • Support multiple identities, such as personal and business identities. You can even create fake identities for websites you do not trust.
  • Fill credit card information with one click.
  • Import information from a multitude of sources.
  • Integrate a strong password generator directly into the browser for quick and painless generation of super strong passwords.
  • Sync your information to the iPhone/iPod touch, as well as Palm devices.

That iPhone sync is great, because I use a different password for almost every service, so in the unlikely event someone tried to torture my passwords out of me, they’ll never get them all. Bwaaa-ha-ha-[cough-cough]!

The sync with Firefox is also stellar. I kinda like that Firefox has its own password-storage system, just because it maintains their cross-platform paradigm, but I definitely do not like that they don’t have it protected with a master password by default, unless you turn it on: Firefox > Preferences > Security > “Use a master password”:

1Password installs useful plug-ins all over the place. You get a button in the Firefox toolbar, several menu items in Safari’s Edit menu and Firefox’s View menu, and a contextual menu item in Safari and Firefox (and others, I’m sure). I just entered my credit cards as “Wallet Items,” so my browsers can fill in that info quickly without my dragging leather outta my pocket. (Did that come out wrong?)

Check out this short video for more info.

One more option: I’ve heard a lot of good things about LastPass, which does many of the same things as 1Password, and it’s free, although there is a Premium version. The only thing about LastPass that makes me a little nervous is that it synchronizes your data via the LastPass web site. Now, I sync my 1Password database via Dropbox, but I use different passwords for Dropbox and 1Password, so if someone hacks my Dropbox account (heaven forfend!), they won’t be able to get at my other passwords. As we’ve seen, no site is forever secure, and I want to be at least doubly sure my password database is tight.

Author: jjmarcus

Apple Specialist, Mac Whisperer, Cloud Wrangler - Your Remote CTO

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: