Apple Keychains: On/Off/Needed?

Options
Jimmydreams
Jimmydreams
Community Member
in Mac

Before I installed 1Password, I used Apple's built-in keychain on my iMac to store my passwords. Now that I am generating and storing much stronger passwords through 1Password, I keep getting "update this password?" questions from my Apple keychain.

1) Is the Apple keychain really necessary anymore? If not, how do I turn it off? Or is it simply personal preference/backup to 1Password?
2) Is the Apple keychain a security risk compared to 1Passwords keychain?

Thanks in advance!

Jim

Comments

  • danco
    danco
    Volunteer Moderator
    Options

    Apple keychain is used in wider situations than 1PW. For instance, I recently decided to encrypt my external drives, and the password is kept in my Apple keychain so I do not need to enter it when I mount a drive. And the password for a wifi network will be in that keychain.

    What you do want to do in make sure that in Safari (and other browsers) are set not to save passwords, but to let 1PW do it.

    The 1PW data may (your choice) exist in the cloud, and there is a risk of the data being stolen, though decrypting it is almost impossible. The Apple keychain never leaves your computer (except for backups), so if no-one has access to your machine then the keychain data is secure.

  • Jimmydreams
    Jimmydreams
    Community Member
    Options

    Thanks, Danco. I'll make sure to turn off PW saving in Safari. I'll just continue to let the Apple keychain update as necessary.

    Jim

  • sjk
    sjk
    1Password Alumni
    edited April 2014
    Options

    Thanks for asking about this, Jim @Jimmydreams.

    1Password and Apple/iCloud Keychain can be used together, as many of us do. :)

    One minor addendum to @danco's helpful information:

    The Apple keychain never leaves your computer (except for backups), so if no-one has access to your machine then the keychain data is secure.

    It you're using iCloud Keychain then certain data from the local Apple Keychain might also be stored remotely in the iCloud cloud.

  • danco
    danco
    Volunteer Moderator
    Options

    Sorry for the incorrect information. I don't use iCloud, so this hadn't occurred to me.

  • sjk
    sjk
    1Password Alumni
    edited April 2014
    Options

    Hi @danco,

    Your information wasn't incorrect if your Apple Keychain never leaves your local filesystem, which mine doesn't either. :)

  • Jasper
    Jasper
    Options

    I hope all the information provided here was helpful, @Jimmydreams! Please let us know if you have any other questions. We're always here to help! :)

  • UKenGB
    UKenGB
    Community Member
    Options

    This is a subject that has had me pondering for quite some time. How does iPassword co-exist with Apple's built-in equivalent?

    When registering a username/password with a new website, I am asked to save it by both OSX/Safari AND by 1Password. That's clear enough since they are both monitoring the same parameters and will want to save the new data. But what happens when returning to that website and both will want to fill in the relevant fields? Which one takes precedence?

    If the data is the same I guess it's a moot point, but I would still like to know exactly what is happening here.

    Also, Apple's built-in system will honour websites that ask it to NOT save password data. How does iPassword deal with that? It is a constant source of irritation that a remote website can control how my computer behaves. AFAIC it is of no importance to me what a remote site might request, I want that data retained and used to auto fill the filed(s) when I return. That's the whole point of having such a system. But how does 1Password deal with that situation? Does it save the password anyway and then use it again as appropriate even when the built-in system is not doing so?

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @UKenGB‌

    Thanks for the questions!

    But what happens when returning to that website and both will want to fill in the relevant fields? Which one takes precedence?

    To avoid complications here, try using the 1Password Mini to open the website and fill in the details for you:

    • Click the key in the menu bar
    • Unlock if necessary
    • Start typing the name of the site you wish to visit (or find it in the list)
    • Hit Enter when it is selected
    • 1Password will open the webpage and fill your details - no conflicts necessary. :)

    Also, Apple's built-in system will honour websites that ask it to NOT save password data. How does iPassword deal with that?

    1Password will honour your wishes. If you want data saved on a site, 1Password will save it for you. :)

  • OlMike
    OlMike
    Community Member
    Options

    This thread is of interest to me as there are instances when my device(s) may need repair. Even a simple battery replacement or memory upgrade will give someone access to the data on the device. I have set my MacBooks to have a maintenance user with administrative privileges. Of course, this requires the use to use the password I have selected for them.

    I have had an instance in the past (with a device using Microsoft OS) where the maintenance people used the device to download porn while it was having a repair done. I realize this is not the same as having access to passwords.

    My question has to do with basic security using 1P4. Specifically, does a user with admin privileges have access to 1P4?

  • sjk
    sjk
    1Password Alumni
    Options

    Hi @OlMike,

    Specifically, does a user with admin privileges have access to 1P4?

    By default, an admin user can escalate permissions to root (e.g. using the sudo command) and have access to any data on the system. But no one can unlock encrypted 1Password data without having Master Passwords for it.

    Have a look at @JasperP's reply (post #3) for some additional information about 1Password data security. :)

This discussion has been closed.