Generate Secure Passwords in Safari with iCloud Keychain for Mac OS X

Dec 17, 2013 - 6 Comments

iCloud Keychain iCloud Keychain is a password management feature that arrived to the Mac with OS X Mavericks, and to the mobile Apple world with iOS 7. Basically it stores encrypted passwords securely within iCloud, which can then be accessed securely through your Mac or iOS device, allowing you to never have to enter a password again. That’s convenient enough, but another great feature is iCloud Keychains ability to randomly generate secure passwords directly in Safari, which are then stored in the keychain service as part of the AutoFill service, then accessible from any of your other Macs or iOS devices.

Many users don’t have this feature turned on by default though, so let’s cover enabling iCloud Keychain, and then using the function to generate a secure password directly in Safari during the familiar ‘new account’ signup process that is ubiquitous throughout the web.

Enable iCloud Keychain Support for OS X

First you’ll want to enable iCloud Keychain, or at least confirm that you have it enabled. This is simple:

  1. Head to the  Apple menu and open System Preferences
  2. Open the “iCloud” preference panel – if you somehow do not yet have an iCloud account you will need one to access any iCloud features
  3. Scroll through the list and locate “Keychain” and be sure the box next to it is checked, then exit out of System Preferences

Enable iCloud Keychain in Mac OS X

Note that if you haven’t used iCloud Keychain before you will be asked to setup an iCloud Security Code, this is used to authorize other devices to use the iCloud Keychain, and to verify your identity. Do not forget that security code, it’s important.

Generate a Secure Password in Safari & Store in iCloud Keychain

Now that iCloud Keychain support is on, we can use it to generate and, more importantly, store secure passwords. Followers of OSXDaily probably already know that Keychain can generate strong passwords on the Mac, the difference here is storing them in the cloud which provides for easy access. If you had Safari open when you enabled iCloud Keychain, quit and relaunch the app before beginning:

  1. Open Safari and go to any website signup page, we’ll use Facebook as an example but anything with a “New Password” field works
  2. Create the account as usual, and when you click or tab into the “New Password” field, note the pop-up surfaces saying “Use Safari suggested password:” – this is the randomly generated password
  3. Select that password to use it, which then gets encrypted and stored in iCloud, and complete the web signup process as usual

Safari generated password for iCloud Keychain

This is so easy, and accessing that secure password is now done as part of AutoFill for all devices that also use iCloud Keychain, regardless of either being on OS X or iOS. The only requirement is that the feature is also enabled on that device, and that the same iCloud account is used. Remember, setting up new devices with iCloud Keychain will require the entry of the iCloud Security Code to be entered as an additional security precaution.

You’ll notice the password suggested is usually a string of gibberish with special characters, which is exactly what you want if you’re looking for a secure password. They are not meant to be easy to remember, or easy to read, because with iCloud Keychain the user is not meant to ever know the password since it’s accessible via iCloud as needed. This is in contrast to asking Siri to generate a random password, which are secure, but you’d obviously have to either try to remember it yourself, or write down.

How Secure are Passwords Stored in iCloud Keychain?

With any online service it’s natural to wonder about security these days, and thankfully Apple is very open about what encryption strength it uses to secure saved password data stored in iCloud Keychain:

[iCloud Keychain] uses 256-bit AES encryption to store and transmit passwords and credit card information. Also uses elliptic curve asymmetric cryptography and key wrapping.

In a short summary, that’s very secure. You can read more on Apple’s iCloud security page. For some additional background, AES is the standard used by the US Government, and AES 256 is used by the NSA, supposedly to protect against (currently theoretical) quantum computing, those interested in the details of these can read more on Wikipedia and on the NSA’s cryptography page.

Overall I’m very comfortable with iCloud Keychain, particularly for the infinite amount of fairly mundane logins out there for seemingly every website in the world. If you’re only half-convinced, perhaps considering using iCloud Keychain in limited situations, for sites that you don’t really care much about anyway. And if you’re a security buff, don’t miss our ongoing security series for iOS and OSX, with tips ranging from simple to complex.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: Paul Horowitz in Mac OS X, Security, Tips & Tricks

6 Comments

» Comments RSS Feed

  1. Toby says:

    I’m curious. I’d like to use something like this or 1Password, but what if I’m away from my iDevice or iMac and need to log into my bank account while at a work computer or friend’s house? How would I call up the super-strong password? Thx.

  2. Vitaliy says:

    How Secure are these Passwords?
    Not enough actually! They are 72bit passwords only:
    12 characters * 6 bit each = 72 bit total.

  3. Paul-Henri says:

    Don’t trust what NSA says about strong encryption: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

    If it’s online, better assume it can be decrypted. So don’t store anything confidential online, or use open source software (like TrueCrypt http://www.truecrypt.org ) to store your confidential files in an encrypted container, and hope nothing else leaks when you access what you want to protect.

    It’s certainly less user-friendly than iCloud keychains. Using one or the other depends on how much you value the information you want to protect.

  4. Maduranga says:

    I believe this can be very helpful for most of the people. But I have one question in mind, can I maintain a local backup of the iCloud Keychain? Specially when a unique password is being created for each website and the passwords are becoming hard to memorize, I think its better to keep passwords stored at more than one place just in case of they become unavailable.

  5. Caio says:

    Is it possible to use these “generated password” in IOS Apps ?
    I mean, if I use iCloud Keychain to generate a password for Facebook, can I use this password in the Facebook App? Or would I have to remember the password?

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates