Publishers of technology books, eBooks, and videos for creative people

Home > Articles

  • Print
  • + Share This
From the author of

From the author of

Is the Keychain Safe?

Generally, yes. The main password used to unlock a keychain is not stored on disk and is never available to any other application, ever.

However, if there is any part of the keychain that warrants concern, it is the handing off of passwords to other applications. After an application takes possession of a passphrase, the keychain no longer has any control over the security of that passphrase. An application can compromise the security provided by the keychain by storing the passphrase unencrypted on disk, sending it across a network in the clear, or allowing it to be paged to disk by the virtual memory manager. Obviously, there is a need for trust on behalf of the applications that make use of any keychain(s).

As a user, don't assume that because an application makes use of a keychain that any involved passwords are automatically safe. Also, periodically audit the access lists of each item in your keychain file to be sure that only the necessary applications are allowed access.

  • + Share This
  • 🔖 Save To Your Account