Mac OS

The Mac OS X Keychain allows users and applications to store and access authentication details in one place. It uses the familiar paradigm of a keychain to store and access private authentication credentials. Users can lock or unlock the keychain with a single password; applications can only access authentication details when the keychain is unlocked. Multiple keychains can be created to group similar authentication credentials. By default, a keychain called “login” is used to store credentials used by most applications. The password for this keychain is the same as the login password and the Keychain is automatically unlocked when a user logs in and is locked again upon logout. The security of the “login” keychain can be further improved by changing its password to something other than the login password.

This will ensure that the keychain has to be explicitly unlocked before any items can be accessed and also prevents keychain items from being accessed if the login credentials are compromised. From the Keychain Access application in Applications -> Utilities, choose Edit -> Change password for Keychain “login”. A keychain should also be locked after a period of inactivity and when the system wakes from sleep. These options are accessed from the Edit -> Change settings for Keychain “login” menu in the Keychain Access application. The Keychain Access application also allows individual access controls to be placed on each key in the Keychain. Where keys grant access to particularly sensitive information, it is recommended that the access control be changed to ‘ Ask for Keychain password’