Michael9009
Level 1
(40 points)
Q: How Safe Are Keychain and iCloud Keychain?
I have been saving my login passwords the old way: with pen on paper. But the list is getting too long and is cumbersome to use. Rather than using third-party solutions like 1Password or LastPass, I have been thinking to use Apple's solution: Keychain. I would assume that the local Keychain on my Mac is secure because I use FileVault. But how safe is iCloud Keychain? Is it encrypted? Would Apple or other parties (e.g. government, hackers) be able to get easy access to the passwords stored in iCloud? Would it not be better to entrust Apple with our passwords, rather than third party app developers?
Also, if safe and secure, how would I turn on iCloud Keychain? Once turned on, would it work across OS X and iOS platforms?
Thanks.
MacBook Pro with Retina display, OS X El Capitan (10.11.5), i7 2.6GHz, 16GB, 1TB SSD
dianeoforegon
Level 5
(5,432 points)
There are certain items that must be in the Keychain app like email account passwords or you would have to enter every time your account connects. For sites where you log in with your browser, you can select to use the iCloud Keychain, but this only works in Safari and not other browsers.
The iCloud Keychain is an ideal choice for certain tasks, but there’s no reason you can’t use it alongside a third-party tool like 1Password.
This article talks about other password managers too. FlippedBITS: 1Password Versus iCloud Keychain
Note: If the iCloud Keychain is disabled, the iCloud keychain is replaced with a “Local Items” keychain that has the same contents as the iCloud keychain. Any items added to the Local Items keychain will be pushed out to other devices when iCloud Keychain is re-enabled.
You might find these FAQs helpful
Frequently asked questions about iCloud Keychain - Apple Support
