O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

5.1. How Keychains Work

The keychain that you carry in your pocket or purse probably contains keys to your home, car, mailbox, and any other lock you need to open frequently. If you get a new key — to your office, filing cabinet, or whatever — most likely you'll put it on the same keychain. No matter what you need to unlock, you only have to worry about one object. As long as you have your keychain, you can open anything you need to access. The keychain itself isn't important, but it gains utility by keeping all your keys together.

A keychain on your Mac serves a similar purpose; it lets you get at all your passwords in the same way. Unlike a physical keychain, though, your digital keychain can hold hundreds or thousands of items without becoming more cumbersome to use. Even if someone steals your keychain from your Mac, they can't use any of its keys without knowing your password, so it's safer too. And instead of fumbling for just the right key among many that look alike, you can depend on Mac OS X to automatically and instantly locate the right key at any given time.

By default, every user has a keychain called login, in which you can store passwords for any resources you need to access (and other confidential data). User keychains are stored in ~/Library/Keychains. In addition, each Mac has a keychain called System (stored in /Library/Keychains) that holds passwords needed by the operating system even when no user is logged in, such as the password to your wireless network. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required