Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: auroranm
auroranm Author
User level: Level 1
4 points

Keychain Access security concerns

On High Sierra 10.13.6


I'm not quite sure how to even phrase this. Basically, I'm concerned about security of my Keychain Access app. I was originally under the impression that keychain only stored stuff if you told it to, if you set it up and either added things directly or gave confirmation when prompted. Is this not the case?


Unfortunately, I can't remember exactly what prompted me to even look (I think I was looking at Activity Monitor and it led me to this), but I recently opened Keychain Access and noticed that there are quite a lot of items in there (under the login and local items keychains) that I never 'approved'. Some of what is in there, I suppose I can understand it being added automatically, if it's necessary to sync with the cloud, but others I am not so sure.


I have never wanted to use Keychain, I never opened it prior to this, I did not and do not have it enabled under system preferences for iCloud on either desktop or mobile, anytime something asks me if I wanted to save a password I decline (with the exception of maybe wifi network credentials).


But there's a whole lot of stuff in there and what's more troubling is that I had the hard drive replaced around 05/09-05/13. I got it back on 05/14. I did not restore from a backup, I basically started over from a clean install. However, there are items that show modification dates from 05/09 and 03/30.


Also, I have never used or 'set up' Back to My Mac or Find My Friends and I have not used Facetime or Find My iPhone on this machine since getting it back from having the hard drive replaced. I don't have any of those set up or enabled on my desktop or mobile. But these all have application passwords stored in Keychain and they update frequently. That is, the modification dates on these update very frequently despite me never opening or accessing these apps. It seems to happen any time I open system preferences, not sure if it does otherwise.


To start, I'd like to know what items can be safely deleted from Keychain Access without setting off a cascade of other problems. What items are 'default' and necessary for basic functionality? I've seen some posts about people deleting things or resetting and then having major headaches.







iMac 21.5", macOS 10.13

Posted on Jun 29, 2019 3:48 PM

Reply

Similar questions

8 replies
User profile for user: BDAqua
BDAqua
User level: Level 10
245,177 points

Jun 30, 2019 8:32 AM in response to auroranm

While installing the certificates, only a portion of the certificates in the certificate trust chain is installed. The Root Certificate is not installed and hence the certificates in the certificate trust chain show up in the Keychain & Certificate Store with the following messages:

  • Windows: Windows does not have enough information to verify this certificate
  • macOS: Certificate is not trusted

It is not a cause for concern, as the certificates are used by Adobe Applications only for licensing purposes. Removing a certificates has no adverse effect, since the certificates are reinstalled in the Keychain or Certificate Store during periodic iterations to obtain the Signed Application Profiles.

Resolution

The self-signed root certificate is available as a separate (optional) installable profile from Adobe. A concerned user can install the profile, which prompts for permission to install the self-signed root certificate system-wide and mark it as trusted. Once the self-signed root certificate is installed and marked as trusted, no more error messages are displayed for the Certificates installed.

https://helpx.adobe.com/download-install/kb/certificates-installed-in-keychain-certificate-store-not-trusted.html

Reply
User profile for user: auroranm
auroranm Author
User level: Level 1
4 points

Jun 29, 2019 9:15 PM in response to BDAqua

Hi, BDAqua, thanks for your response.


I just would have expected that I wouldn't see anything dated prior to the new HD. Unless it's possible for an item here to show a modification date that precedes the date it was created on that machine? If that makes sense.


Yes, I have Adobe CC installed and use it's apps frequently, so I'm not concerned about that. I was not aware that it would store anything in keychain, but I guess it might be because of cloud syncing/the subscription model. However, I did find that all of the certificates it has stored say they're not trusted, like this:



So, I'm not sure what's up with that. It's a legit license, up to date and everything.

Aside from Adobe CC I don't have a ton of other stuff installed.


Reply
User profile for user: BDAqua
BDAqua
User level: Level 10
245,177 points

Jun 29, 2019 7:21 PM in response to auroranm

It's quite often that a Reinstall or an Update/Upgrade will change basic settings, contrary to the way it used to be.


I wouldn't worry about all the com.apple ones, I use likely fewer Apple services & Apps than anyone else, but still get dozens of changed Apple ones everyday.


I assume you used Adobe something lately... or they're over protective of their SW.

Reply
User profile for user: auroranm
auroranm Author
User level: Level 1
4 points

Jun 29, 2019 9:21 PM in response to BDAqua

And I'm wondering why it would be frequently updating the modification date on apps I never use or even open, yet I don't see any of those 'tokens' or application passwords listed for things I do use a lot and do have enabled for icloud, like calendar, notes, messages etc. This is why it seems very odd and suspect to me.

Reply
User profile for user: BDAqua
BDAqua
User level: Level 10
245,177 points

Jun 29, 2019 9:29 PM in response to auroranm

Do any of the other Adobe Certs say they're trusted?


I just would have expected that I wouldn't see anything dated prior to the new HD. Unless it's possible for an item here to show a modification date that precedes the date it was created on that machine? If that makes sense.


Yes, I understand, I believe I've seen that on immutable files issued by some server, like my Tri-Backup 9.DMG says last modified 06-19-2019, but the App it installs says last modified 02-07-2019.

Reply

Keychain Access security concerns

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up