If you’re following good password hygiene—making complex passwords that you don’t reuse—you’re going to rather quickly run up against the limitations of human memory. Fortunately, OS X provides a solution for not only remembering your passwords but for keeping them all in sync across your various devices: iCloud Keychain.
The Keychain itself dates back to the classic Mac OS, but it’s a staple of OS X. It’s a secure database for storing all of your passwords for various accounts, Web sites, and so on, all of which can be accessed by typing a single master keychain password—usually the same as your OS X account password.
Starting in iOS 7 and OS X Mavericks, Apple rolled out iCloud Keychain, which lets you sync those passwords—as well as Wi-Fi networks, some credit card information, and other information such as mail, contacts, and calendar accounts—across your Macs and iOS devices, ensuring that the right data is always there when you need it.
If you haven’t yet set up iCloud Keychain, you can do so on either your Mac or an iOS device.
On OS X, go to System Preferences, select the iCloud pane, and then scroll down in the list of services until you find Keychain. Click the checkbox next to it to enable the service (4.14).
4.14 iCloud preferences on OS X
On your iOS device, go to Settings > iCloud, and tap Keychain. Then tap the switch to enable iCoud Keychain (4.15).
4.15 Enabling iCloud Keychain on iOS
In both cases, you’ll be prompted for your Apple ID password, and then asked to create an iCloud Security Code.
By default, this code is a four-digit number, much like the passcode you might use for your iOS device. Using the Advanced options, you can also choose to get a random passcode or use a complex alphanumeric code. You can also opt to not create a security code at all: If you do so, Apple won’t back your iCloud Keychain up to its server, which also means the company can’t help you recover your keychain if it’s damaged or otherwise becomes inaccessible. (Keep in mind that your keychain is stored on Apple’s servers in encrypted form—the company never has access to your passwords, so it cannot retrieve them for you; the best it can do is help you restore your encrypted data.) However, iCloud Keychain information will continue to sync between devices that you’ve approved.
- Enter an SMS-capable phone number at which you can receive verification codes via text. If you need to change this number later, you can do so on OS X via the Options button in the iCloud system preference pane, or on iOS via Settings > iCloud > Keychain > Advanced.
Once you’ve set up iCloud Keychain on one device, adding other devices is fairly straightforward. Follow the same steps to get to the iCloud settings of System Preferences (OS X) or Settings (iOS) and enable iCloud Keychain. You’re then asked to approve the new device from an existing device that’s already set up on iCloud Keychain (4.16). A dialog appears on other devices already associated with iCloud Keychain, notifying you that a new device is seeking approval, along with a prompt to enter your iCloud password (4.17).
4.16 Approving iCloud Keychain setup
4.17 Approval occurs on a separate device.
In those cases, you also have the option to approve a new device by entering the iCloud security code that you created, along with a verification code sent via SMS (4.18). While this might seem like a lot of steps to jump through, it’s not unwarranted, given the amount of access it provides.
4.18 iCloud security code
Using iCloud Keychain
The primary place you’ll likely encounter iCloud Keychain is Safari, though third-party apps can also connect with it. On OS X, you can also interact with it via the Keychain Access utility. Mostly, that interaction involves filling in usernames and passwords, but your iCloud Keychain can also store and recall credit card information.
Usernames and passwords in iCloud Keychain
On either platform, when you encounter a username and password field in Safari and enter your credentials, a dialog asks if you want to save that password to your keychain (4.19). Doing so makes that information available on any other device using iCloud Keychain.
4.19 Saving a site password to iCloud Keychain
To fill in those passwords later, enable AutoFill. On OS X, go to the Safari menu and choose Preferences. Click AutoFill and click the box next to “user names and passwords.” (4.20) (You can also go to the Passwords section and select the checkbox next to AutoFill User Names and Passwords.)
4.20 Choosing AutoFill sources from iCloud Keychain
On iOS, go to Settings > Safari > Passwords & AutoFill and activate the slider next to Names and Passwords if it isn’t already enabled (4.21).
4.21 Enabling AutoFill in Safari for iOS
You can view or remove existing passwords from these locations, though it may require your passcode on iOS, and your username and password on OS X.
When Safari on iOS or OS X detects a site for which you’ve stored a username and password in your keychain, Safari automatically populates that information in the fields provided, which are highlighted in yellow. (If your keychain contains more than one username for that site, it provides a dropdown letting you pick which is the correct one (4.22).) In most cases, you can simply log in without any further intervention.
4.22 Multiple options for filling in username and password fields
Sometimes, however, you may need to manually trigger AutoFill if Safari can’t detect the field in question. On iOS, select a field and tap the Auto-Fill button that appears above the keyboard (4.23). On OS X, you may need to click the field—sometimes Safari will then display an AutoFill dropdown.
4.23 AutoFill fields in OS X
Credit cards in iCloud Keychain
To enable AutoFill for credit cards on OS X, go to the AutoFill section of Safari’s Preferences and click the box next to credit cards (4.24, on the next page); on iOS, you’ll find the option available in the Passwords & AutoFill section of Safari’s settings. You can view or remove existing cards as well as add new cards here; to do any of those things on iOS, you’ll have to enter your passcode—on OS X, you’ll need to enter your username and password only to view an existing card’s details.
4.24 Adding credit cards to AutoFill
For security reasons, Safari doesn’t automatically populate credit card payments fields, even if you’ve stored a credit card in your keychain. You can tap the AutoFill button on iOS or click the field in OS X to enter that information, or choose from multiple cards if you have more than one.
Removing a Device
Removing one of your devices from iCloud Keychain is as easy as revisiting System Preferences or Settings and deselecting or disabling iCloud Keychain. You’re asked whether you’d like to keep the information currently stored on your device (4.25). If you retain that data, you can still use it, but it ceases updating between that device and your other devices.
4.25 Choosing what to do with stored data after turning off iCloud Keychain
If at any time you want to bring that device back into the iCloud Keychain fold, simply re-enable it following the steps mentioned earlier. To delete your iCloud Keychain data from Apple’s servers, delete your iCloud Security Code and remove all your devices from iCloud Keychain.