iCloud Keychain is a brand-new cloud service in OS X Mavericks and iOS 7.0.3 and launched with the new operating systems on October 22nd. iCloud Keychain stores your usernames, passwords, Wi-Fi networks, and credit card information so that you can easily fill in forms or logins whenever you need. This will sync across Safari and with third party apps that support iCloud Keychain. Your information is securely protected using 256-bit AES encryption, preventing unauthorized use of your information. iCloud Keychain also includes a powerful password generator, which will create unique passwords for your online accounts so that you no longer have to come up with secure or hard-to-guess passwords.
This article will teach you how to setup and use iCloud Keychain for iOS and OS X.
To setup iCloud Keychain on an iOS device, go into Settings and tap on iCloud, then scroll down and tap on Keychain.
Tapping on the switch on the next screen enables iCloud Keychain. When you turn on Keychain you will be prompted to create a second passcode to use with iCloud Keychain. You have a couple of different options for this setting. The first option is to use the same passcode you use to unlock the device. The other option is to create a new code, which would be different from the passcode that is used to unlock into the device. I recommend the second option, as that is going to be more secure.
By default, when pressing “Create Different Code,” you will be prompted for a four-digit code. You can make this more secure by pressing “advanced options,” which will allow you to create an alphanumeric passcode. This alphanumeric passcode can be something you create, or it can be a complex code that is automatically generated for you.
After confirming the passcode you will be using with iCloud Keychain, you’ll need to enter your cell phone number. This adds another layer of security: in order to set up iCloud Keychain on other devices, Apple will send a text message containing a verification code to the cell phone you list. You can change this phone number at any point in your iCloud account details on both the iOS device and on the Mac.
Now that iCloud Keychain is set up on the iOS Device, let’s look at how to set it up on the Mac. Open up System Preferences, and click on iCloud.
Next, click on the checkbox next to Keychain to turn it on. If your computer does not require a password to unlock your screen it is recommended that you set one up at this point as an extra security measure. It is still optional to set up, but having one will make your Mac more secure and prevent other people from accessing your login information.
After deciding whether or not to set up a password to wake your Mac you’ll need to enter your Apple ID.
After entering in the Apple ID password, you need to request approval from one of your other devices in order to use iCloud Keychain. Pressing “Use Code” will send an iCloud security code to the cell number you setup earlier. Enter the verification code from the text message. Clicking on “Request Approval” will pop up a message on one of your other devices asking you to approve the new computer.
For example, after setting up iCloud Keychain on an iOS device and your Mac, you might want to set it up with another iOS device. In that case, Notification Center in Mavericks notifies you that another device has been activated on your iCloud Keychain account.
Clicking on “View” opens up the iCloud panel in System Preferences. To finish this process, click on “Details” and then enter in the password for the Apple ID that is used with iCloud.
Now that we have set up iCloud Keychain on both our iOS device and on our Mac, let’s discuss how to use it.
When visiting websites for the first time on the iOS device using iCloud keychain, you will be asked to confirm whether or not you actually want to save the password in iCloud Keychain. This is a nice feature because you are able to decide which information is or is not being stored in iCloud Keychain.
The next time you go to that site, Safari will automatically fill in your login information for you.
Visiting the same site on your Mac will also automatically fill in the login information, even if you have never visited that site on your Mac before.
When going to a website for the first time on the Mac using iCloud Keychain, it confirms whether or not you actually want to save the password in iCloud Keychain just like it did on iOS.
The next time you go to that site, it is already automatically filled in with your information.
As when going from iOS to OS X, any websites you setup on your Mac will automatically be synced to your iOS device and automatically fill in login information where appropriate.
If you entered your credit card information into iCloud Keychain, it is very easy to pay for things online. Clicking inside the “Card Number” box shows which credit cards you have on file. Click on the one you want to use, and the only thing you have to do is enter the card’s security code.
When using iCloud Keychain on the Mac with Safari, there is a featured called Password Generator. When you are creating an account online, the Password Generator generates a string of random characters and numbers. Using this string as your password will help keep your account more secure than using an easy-to-guess password. To use the generated password, just click on it and your Mac will automatically save the account and password information to your iCloud Keychain.
iOS 7.0.3 also supports Password Generator but it is a two step process.
However, not all sites will let the Password Generator create random passwords due to the way they are designed. The Mac lets you know that Safari will not suggest a password and it will not be saved before you login. iOS 7, on the other hand, shows this alert after you have entered and saved your password.
You are able to override sites that do not want the passwords to be saved by making sure “Allow Autofill” is turned on in your Safari settings on both iOS and Mac. Continuing with the Yahoo example, this is how a site will look when you are overriding their preferences on both the Mac and in iOS 7.
Now that we discussed how to use iCloud Keychain, let’s discuss how to see what is actually stored in iCloud Keychain. On the iOS device, your iCloud Keychain data is located under Safari in the Settings app. To view the information, open the Safari settings and tap on “Passwords & AutoFill.”
This is where you will be able to see and edit the information. By turning on “Use Contact Info,” your device can automatically fill out forms online using the information in your own contact card. Tapping on “Saved Passwords” will show you what accounts you have stored in iCloud Keychain. Tapping on the account prompts you for the passcode you use to get into the iOS device. However, if you do not have a passcode set up on the iOS device, your password is easily shown. Tapping on “Edit” in the upper right hand corner only gives you the option to delete passwords. If you have “Always Allow” turned on, it will override the website’s preference of not storing your password, but doing this does require the iOS device to have a passcode enabled.
Scrolling down a little bit in the settings page gives you the option to store your credit card information. Tapping on “Saved Credit Cards” allows you to view any credit cards you have stored. To add more credit cards press the “Add Credit Card” button and fill out the form.
On the Mac, your iCloud Keychain data is located in the Safari preferences.To get to Safari Preferences, click on “Safari” in the upper left hand corner when the app is running, and then click “Preferences,” or press command and the comma key at the same time.
Next, click the “Autofill” button at the top of the preferences window.
Enabling “Using info from my Contacts card” will automatically fill out forms online using your information in your contact card. Clicking on “Edit” opens up Contacts, selects your card, and enables editing. Clicking on “Edit” next to usernames and passwords shows you a list of what accounts that you have stored in iCloud Keychain.
Enabling “Show passwords for selected websites” in the lower left hand corner prompts for your computer password. If you do not have a password for logging into the computer press just press the “OK” button and it will show you the password. To delete passwords, you can select them and press the delete key on the keyboard, or press the “Remove” button in the lower right hand corner. If you want iCloud Keychain to store passwords for websites that do not allow their passwords to be stored, you can force the feature to work by enabling “Allow AutoFill even for websites that request passwords not to be saved,” in the lower left hand corner.
You are able to add credit cards by pressing “Edit” next to “Credit Cards,” and then hitting the “Add” button.
That’s iCloud Keychain, a great and easy way to manage and sync your credit card information and passwords across your Apple devices.
FTC: We use income earning auto affiliate links. More.
As I remember, at WWDC, Apple said that Mavericks could receive notifications that received by iOS 7 devices. I still cannot find this functions on both iOS 7.0.3 and OS X Mavericks. May I ask how to enable it?
Wow. Incredibly complex and confusing process, but well explained here. I don’t see why anyone wants to use this, given the complexity and the very limited upside to having it enabled.
Something the article doesn’t go into that I’d like to know, is whether or not this actually uses the similarly named “keychain manager” in OS X. This is another incredibly complex, obtuse piece of software that only the most advanced users will ever be able to figure out or manage properly, so I’m assuming this is an extension of that.
I also think it’s good advice to not even think about using iCloud keychain unless you have a fingerprint sensor on the phone as you are basically storing everything a criminal needs in one place and the authentication and access all comes down to your phone.
It’s actually not complex or confusing at all. It take a few seconds to enable and use.
Already used it but not entirely happy with the kind of access it allows us, especially to passwords it generates in iOS.
If I hadn’t read that article, I’d never had known that I can somehow see whatever password Safari generates for me, so that I can copy and store it in another keychain.
Reblogged this on PureTruculence.com by Queer1.
thanks a lot for this clear explanation, I wouldn’t be able to figure it out on my own
I have this enabled on my iMac and iPhone, but when I go to, say, Amazon, nothing pops up when I sign in. At some point in the past, I’m sure I clicked “never for this website” when Safari prompted me to save the info, so, how would I override or reset that? I already reset Safari, and still no luck.
Preferences – Passwords – find the amazon website (notice it says “never saved” on the right) remove its data and then go to the website and enter your credentials again. This time it should ask :)
What I really want is to be able to see the other information I’ve stored in my iCloud Keychain on OS X. Is that ever going to be available in iOS?
This article states that iCloud Keychain passwords can be viewed on the Mac using Safari. This isn’t entirely true. That’s only a subset of the passwords, specifically web passwords. To see all the contents of the iCloud Keychain, one must open /Applications/Utilities/Keychain Access and view the iCloud keychain. Unfortunately, it seems that certain applications, namely Mail, Calendar and Contacts INSIST on storing their passwords there, which I view as a fatal flaw. I don’t mind syncing my throwaway website passwords in the iCloud keychain, but I don’t want other passwords stored there. If I REMOVE the Mail, Contacts and Calendar keys from that keychain using Keychain Access, as in move them to a different keychain, Mail, Contacts and Calendars prompts me for my password again, INSISTING on storing it in the iCloud keychain. This is a TERRIBLE implementation IMO.
Could have been smart, but I don’t understand why Apple doesn’t require to enter the iCloud security code when entering automatically a password, a-la 1password? Without it, you can’t lend your iPhone, iPad and let someone touch your Mac without being suspicious. Gonna definitely keep using 1password instead.
On your Mac, turn on the guest account, let someone use it, then disable the guest account. Why would you hand anyone your Mac while logged into your personal account? Why would you let someone you don’t trust use your iPad or iPhone?
I Hope everyone is Award That NSA has backbord to directly Access all your keychain passwords. Why not send an email with all your password directly to the NSA? How stupid can a user be?
Have anyone figured out if Wi-Fi passwords also are synced?If not, that’s a missing feature, as that’s more important when buying a new device IMO.
I only think it saves login credentials in safari for connecting to wifi hotspots , and actual wifi pass phrases. misleading.
Yes, it does. This can be easily seen if you look inside the iCloud Keychain from /Applications/Utilities/Keychain Access
Great article. Very helpful. I saved a copy for future reference.
I have a question (may sound a bit dumb) – When entering a verification number (phone number) as part of the keychain security, do you leave the 0 off the number (mobile phone number) because it adds the country code or do you input the full number.
I am in Australia, and I had to leave off the 0.
Is there a way to code-protect the automatic keychain authorisation of website access? That way you would at least have a minimum of protection. Like a four digit code to authorize keychain to go ahead?
Same for ipad and iphone: i don’t want to unlock the ipad/iphone every time i want to use it, but I do want to use a code to grant safari the permission to go on and fill in a password.
There is a way using a NON-iCloud Keychain. In Keychain Access, you can set a Keychain to lock at sleep/idle, so you are asked after the idle timeout, and/or you can configure individual keys to prompt you every time: http://d.pr/i/N9Kg
Unfortunately, it seems the iCloud keychain uses a completely new format (not surprising, considering it can sync), and doesn’t have this level of access control.
My theory is the iCloud keychain it the first keychain in this new format and the older style keychain format will eventually be deprecated. Let’s hope Keychain 2.0 can catch up in features before that happens, because feature-wise, the current implementation is woeful.
“i don’t want to unlock the ipad/iphone every time i want to use it, but I do want to use a code to grant safari the permission to go on and fill in a password.”
It’s too much trouble to enter a passcode once to unlock a phone but it’s easy to enter a passcode for each web site you log into? What?
Is that really so hard to comprehend? You unlock your phone tens of times a day while you hardly ever need to (re-)enter a password in safari. If you even decide to use safari because most frequented sites you log in to have an iOS app anyways. So maybe once a week for me…
I actually have a passcode set on my iPhone but plenty of those 4 digit codes have been cracked by just looking for fingerprints on the device and then they would be able to not only use but even see my passwords unencrypted… That’s seriously stupid. Coming from someone who loves using most of Apple hard- and software by the way.
This was a great step-by-step – thank you! One of my concerns is that if you use the Password Generator, you have no way to know a given site’s password if you happen to be stuck somewhere without your iPhone or iPad and have to use someone else’s computer. Unless I missed something?
There’s an error in the article – entering the phone number is not an *additional* layer of security. It’s a method of last resort to gain access to your existing keychain should you happen to lose all your Apple devices. To me, any additional method of access is an additional security *hole*, so I disabled it. i’m ok creating a new keychain if I happen to lose my Mac Pro, Macbook Pro, iPad AND iPhone :p
@ Vicki
If you don’t have your device and need a password while on another computer, most sites have a forgot password feature that will email it to you. Use that and login to your email from the browser.
@daemondavid
I just bought a iPad Air and when at work I noticed it was using the wifi. I never set it up it was just working, how awesome is that?