The University of Massachusetts Amherst
Categories
Mac OSX Operating System Security Software Windows

Keychain Access and Keepass

Have you ever had that awkward moment when you forgot the password to your bank account and missed your rent payment? Maybe not, but I’m sure you’ve forgotten a password at least once in your life, which is easy to do considering the average person uses about 10 passwords a day. So how can one avoid the inconvenience of forgetting important passwords in today’s fast-paced world? Simple, Keychain Access and Keepass.

Let’s Start with Keychain

Keychain is a password storage and management program which comes pre-installed on Mac computers. Keychain allows users to store all of their passwords in one secure location. With Keychain, Mac users can turn 10 passwords into 1 in the blink of an eye! Magic? Nope, Keychain. Launch Keychain Access, and you’ll see that the window is divided into three panes.

The top-left pane lists Keychain’s accessible to you and below that is the Category pane. Here (the category pane) you can choose to view specific kinds of things stored in the keychain like passwords, secure notes, certificates associated with your account, encryption keys, and certificates used broadly by your Mac. So pretty much everything. The largest pane, to the right, displays the contents of selected category items—for example, all of the items that have a password associated with them. Except in the case of certificates, you can double-click on one of these items to open a window where you can view the item’s attributes—name, kind, associated account, location (a website or network address)—as well as its access control (meaning the applications and services allowed to access the item).

So I can see all of my passwords, cool, but how is Keychain different from a pen and paper? Security. For example, if you’ve forgotten a password and would like to recover it, BOOM! Keychain Access. To learn the identity of a password simply select All Items or Passwords in the Category pane, then find the the item you want the password for and double-click it. In the resulting window, enable the Show Password option at which point you’ll be prompted for the password for the login Keychain. Enter that and click Allow, and the password will be revealed in the Password field.

So What is a Login Keychain and Auto-lock?

Well, when you first set up a user account, the login password used for that account is additionally assigned to the login Keychain, where new passwords are stored by default. So you can simply enter the password you use with your account to uncover a Keychain item’s secrets. Now, if you are still reading this you might be wondering what thieves could do if you left your Mac Book unattended with the Keychain unlocked. Well, if you haven’t enabled the auto-lock function in Keychain the answer is simply; anything they want. However if you have the auto-lock feature enabled, not a whole lot. So what is auto-lock? Glad you asked, auto-lock automatically locks your Keychain after x minutes of inactivity. launch Keychain Access, select your login Keychain, and choose Edit > Change Settings for Keychain “login”.

The sheet that appears shows two options: ‘Lock After X Minutes of Inactivity’ and ‘Lock When Sleeping’. If you choose the first option and configure it to read something like 5 minutes, your Keychain will lock if it hasn’t been accessed in the last five minutes. If an application needs access to your Keychain after that limit has expired, you’ll be prompted for your login Keychain password. Additionally, enable the Lock When Sleeping option, and your Keychain locks when your Mac goes to sleep (when you close your MacBook’s lid, for example). Click Save to implement the selected options.

What if I don’t have a Mac?

What then? Well, you could get KeePass. Like Keychain, KeePass provides a place to store multiple passwords. While KeePass is not as user friendly as Keychain, it offers much more security. For starters, the entire KeePass database is encrypted, not just the field values. It offers a form of multi-factor authentication based on a file saved to a removable device meaning without the usb there is no way for potential thieves to access your passwords (even if they have your passwords themselves). It also offers a windows level of authentication against your current windows user id. This means that if someone had your database, password, and removable device, they still could not login without your windows id/password. The down-side of windows authentication is you cannot unlock your database unless you are on the same computer. The windows authentication is not advisable because if your workstation crashes and you re-install, you will not be able to access the database. To make a long story short, there are way too many things to worry about in life, don’t let your passwords be one of them. Install a password manager (Keychain and KeePass).

Here is a Glimpse of the KeePass Interface:

Main Screen

 context menu

main entry screen

If you continue to the advanced tab of the main entry screen, you will find this tab very helpful for storing license keys for software licenses. You can add as many custom fields as you wish here.

 

Sources:

Keychain

http://www.macworld.com/article/2013756/how-to-manage-passwords-with-keychain-access.html

Keepass
http://www.healthypasswords.com/content.Healthy_Passwords_KeePass_Password_Manager_Review.html
Average Number of Passwords
http://www.telegraph.co.uk/technology/news/8602346/Average-person-uses-10-online-passwords-a-day.html