Generate Secure Passwords in Safari with iCloud Keychain for Mac OS X
iCloud Keychain is a password management feature that arrived to the Mac with OS X Mavericks, and to the mobile Apple world with iOS 7. Basically it stores encrypted passwords securely within iCloud, which can then be accessed securely through your Mac or iOS device, allowing you to never have to enter a password again. That’s convenient enough, but another great feature is iCloud Keychains ability to randomly generate secure passwords directly in Safari, which are then stored in the keychain service as part of the AutoFill service, then accessible from any of your other Macs or iOS devices.
Many users don’t have this feature turned on by default though, so let’s cover enabling iCloud Keychain, and then using the function to generate a secure password directly in Safari during the familiar ‘new account’ signup process that is ubiquitous throughout the web.
Enable iCloud Keychain Support for OS X
First you’ll want to enable iCloud Keychain, or at least confirm that you have it enabled. This is simple:
- Head to the Apple menu and open System Preferences
- Open the “iCloud” preference panel – if you somehow do not yet have an iCloud account you will need one to access any iCloud features
- Scroll through the list and locate “Keychain” and be sure the box next to it is checked, then exit out of System Preferences
Note that if you haven’t used iCloud Keychain before you will be asked to setup an iCloud Security Code, this is used to authorize other devices to use the iCloud Keychain, and to verify your identity. Do not forget that security code, it’s important.
Generate a Secure Password in Safari & Store in iCloud Keychain
Now that iCloud Keychain support is on, we can use it to generate and, more importantly, store secure passwords. Followers of OSXDaily probably already know that Keychain can generate strong passwords on the Mac, the difference here is storing them in the cloud which provides for easy access. If you had Safari open when you enabled iCloud Keychain, quit and relaunch the app before beginning:
- Open Safari and go to any website signup page, we’ll use Facebook as an example but anything with a “New Password” field works
- Create the account as usual, and when you click or tab into the “New Password” field, note the pop-up surfaces saying “Use Safari suggested password:” – this is the randomly generated password
- Select that password to use it, which then gets encrypted and stored in iCloud, and complete the web signup process as usual
This is so easy, and accessing that secure password is now done as part of AutoFill for all devices that also use iCloud Keychain, regardless of either being on OS X or iOS. The only requirement is that the feature is also enabled on that device, and that the same iCloud account is used. Remember, setting up new devices with iCloud Keychain will require the entry of the iCloud Security Code to be entered as an additional security precaution.
You’ll notice the password suggested is usually a string of gibberish with special characters, which is exactly what you want if you’re looking for a secure password. They are not meant to be easy to remember, or easy to read, because with iCloud Keychain the user is not meant to ever know the password since it’s accessible via iCloud as needed. This is in contrast to asking Siri to generate a random password, which are secure, but you’d obviously have to either try to remember it yourself, or write down.
How Secure are Passwords Stored in iCloud Keychain?
With any online service it’s natural to wonder about security these days, and thankfully Apple is very open about what encryption strength it uses to secure saved password data stored in iCloud Keychain:
[iCloud Keychain] uses 256-bit AES encryption to store and transmit passwords and credit card information. Also uses elliptic curve asymmetric cryptography and key wrapping.
In a short summary, that’s very secure. You can read more on Apple’s iCloud security page. For some additional background, AES is the standard used by the US Government, and AES 256 is used by the NSA, supposedly to protect against (currently theoretical) quantum computing, those interested in the details of these can read more on Wikipedia and on the NSA’s cryptography page.
Overall I’m very comfortable with iCloud Keychain, particularly for the infinite amount of fairly mundane logins out there for seemingly every website in the world. If you’re only half-convinced, perhaps considering using iCloud Keychain in limited situations, for sites that you don’t really care much about anyway. And if you’re a security buff, don’t miss our ongoing security series for iOS and OSX, with tips ranging from simple to complex.