What Is iCloud Keychain?

Be honest - unless you have a photographic memory, it’s hard to remember all of the passwords you use to secure your online accounts without a little help. 

Especially if you’re in the habit of creating strong passwords (which you absolutely should be). So, what most people do is reuse the same, easy-to-remember passwords across multiple websites and apps.

While this might feel like the path of least resistance, it’s exactly how you put your online security most at risk - a password breach with one company then means your accounts on all those others sites are now wide open to attack from cybercriminals. Yikes.

Enter iCloud Keychain. When you enter a new password in Safari, you’ve probably seen iCloud Keychain pop up and ask if you’d like it to save it for use across all your devices. As Apple’s inbuilt password manager for macOS and iOS, Keychain is designed to make everyday online tasks, from browsing Safari and connecting to Wi-Fi to making online purchases, far easier.

Keychain stores and automatically fills in passwords and other secure information for you as you browse Safari and use third-party apps. It can also sync and keep your passwords updated across all your devices via iCloud. Keychain makes it a snap for you to create and retrieve complex passwords - meaning no more jotting down passwords in the back of your notebook or on a Post-it note on your desk.

But is Keychain actually a safe place to store your passwords and financial information? Let's take a look at how Keychain works and what security measures it uses.

What does iCloud Keychain do?

Using Keychain helps you save your login details for pretty much any website or app, then easily access them whenever you need to sign back in.

This includes:

• Usernames and passwords for Safari websites and third-party apps
• Credit card details
• Wi-Fi login details

With Keychain, all your credentials are encrypted and stored on iCloud, meaning you can easily sync them across all your Apple devices.

But that’s not all Keychain can do. You can also manage all passwords on your Keychain, including editing passwords and clearing login credentials for accounts once they’re no longer needed.

Keychain can also auto-generate complex passwords for you (that is, a password that’s very difficult for hackers to crack) on any new website or app.

Finally, it has one pretty nifty feature - Secure Notes, which you can use to save snippets of text in your Keychain along with  passwords and credit card information. Secure Notes is a great place to keep your home alarm code, safe combination, Social Security number, driver's license details, embarrassing poetry you wrote during your angsty teenage years... the list is endless.

Just how secure is your information once it’s stored in Keychain?

Do you think there’s a chance your iCloud Keychain can be hacked? It might reassure you to know Apple provides several layers of security to protect the data stored on your Keychain.

For starters, passwords and credit card numbers are encrypted with 256-bit AES (Advanced Encryption Standard), the industry gold standard for data security.

Keychain also uses end-to-end encryption to protect your information. This means any stored data is protected with a unique device key and access code and can only ever be decrypted on your device. In essence, this means you’re the only person who can conceivably access the data stored on your Keychain.

End-to-end encryption is about as secure as it gets, folks; even if Apple themselves went rogue and tried to access your data, they’d still need the unique device key - a key held by you and you alone.

Should I be using iCloud Keychain?

In a nutshell, yes. For one, it’s free. It’s also really simple to use. It does, however, come with its own set of limitations, especially when you stack it up against other third-party password managers:

1. Its weak password detection is, well, weak.

Keychain only registers a password as potentially weak if it’s been used on another website or app. But let’s be real here, there are many forms of weak passwords outside just duplicates.

If you’re still using passwords that include names (your own, your pet or someone close to you), a birthdate or a combination of these, you’re basically every hacker’s dream. But Keychain won’t alert you to this.

Other paid password managers conduct regular security audits and will tip you off to any questionable password hygiene on your end, such as weak, compromised or repeated passwords.

2. Keychain doesn’t support two-factor authentication.

That means you’re left with no recourse but to use more insecure methods of authentication, like SMS or email. However, this is something Apple is said to be rolling out for iOS 14 so stay tuned to the Clario blog for updates.

3. Keychain won’t send you reminders to update your passwords.

Other password managers will automatically flag passwords as “old” and let you know when it’s time to update them.

4. You can’t sync your passwords to any devices outside the Apple ecosystem.

Apple users tend to be a loyal bunch, so this might not apply to you. But if it does, other password managers offer cross-platform functionality outside of MacOS and iOS and might be worth investigating.

5. Keychain won’t alert you to potential security threats to your online accounts.

Other password managers make it easier to limit the damage wrought by your passwords getting leaked in a data breach.

For example, at Clario, we alert our users as soon as their login credentials have been compromised, and advise on whether passwords need to be updated across their accounts.

6. While Keychain is ostensibly free, the additional data stored on it can eat into the free 5GB of iCloud storage Apple provides.

A relatively minor gripe in the grand scheme of things (you can purchase iCloud storage for as little as $1/month) but one worth mentioning nonetheless.

How to use iCloud Keychain

When it comes to setting up iCloud Keychain on your device, your first port of call will be to set up two-step verification. If you’ve already done this, then skip ahead to the next step.

How to enable iCloud Keychain

Step 1: Set up two-step verification by logging into your Apple ID account, scrolling to Manage your Apple ID > Password and Security > Two-Step Verification. Simply follow the instructions from here and you’re good to go!

Step 2 (on Mac):

• Open System Preferences and go to the iCloud app.
• Within the dropdown list, you’ll see Keychain.
• Simply check the box to enable Keychain.

Step 2 (on iPhone/iPad):

• Open Settings on your iPhone or iPad.
• Tap the Apple ID banner.
• Tap iCloud.
• Tap Keychain.
• Toggle the Keychain switch on.
• At this point, you may be asked to enter your Apple ID password.
• After enabling iCloud Keychain, you’ll then be prompted to create a password or verify with another device.

How to access your iCloud passwords

On your Mac, iPhone and iPad, Keychain will automatically make an appearance on any login screen, giving you seamless access to the relevant username and password.

If you’re looking to access all your passwords on Keychain, though, here’s exactly how to go about it.

On Mac:

• Launch Safari on your Mac, either directly from your Dock or within the Applications folder.
• Click Safari in the menu bar displayed along the top of your screen.
• Click Preferences.
• Look for Passwords.

On iPhone/iPad:

• Open Settings.
• Scroll to Passwords & Accounts.
• Tap Website & App Passwords.
• Verify your identity using either Face or Touch ID.

How to add your credit card information to Keychain

On Mac:

• Launch Safari.
• Click Safari.
• Click Preferences.
• Select AutoFill.
• Click on the Edit button next to Credit Cards.
• Click Add.
• Manually type in your credit card details.
• Click Done.

On iPhone/iPad:

• Open Settings.
• Tap Safari.
• Tap AutoFill.
• Tap Saved Credit Cards.
• Use Touch or Face ID if prompted to view your credit cards.
• Tap Add Credit Card.
• Manually enter your credit card information (or use your device’s camera to capture your details).
• Tap Done.

How to generate a password using iCloud Keychain

On Mac:

• Launch Safari.
• Go to the website you’re looking to create a login for.
• Select the password field on the account set-up form.
• Click on the suggested password that iCloud Keychain automatically generates.

On iPhone/iPad:

• Launch Safari.
• Go to the website you’re looking to create a login for.
• Select the password field on the account set-up form.
• Tap Suggest Password displayed above your keyboard.
• At this juncture, Keychain will automatically generate a secure password for you to use.
• Tap Use Suggested Password.

How to approve iCloud Keychain from another device

This one’s easy. When you set up your Keychain on a new device, a notification will automatically be displayed on any Apple devices you own that already have Keychain enabled.

For example, let’s say you want to set up Keychain on your iPhone. On your Mac, you'll see a big Apple ID sign-in alert pop up in the upper-right-hand corner of your screen. All you have to do is click Continue and verify it’s you by entering your Apple ID password and clicking Allow.

Remember, your Keychain is only as secure as your device…

So, don’t forget to keep your iOS updated, download antivirus for Macs, iPhones and iPads and protect yourself from hackers by browsing online using a VPN.