1512 Views 1 Reply Latest reply: Nov 19, 2010 7:58 AM by thomas_r.
Your keychain is an encrypted place that you can store many passwords. However, with the default settings, your keychain is automatically unlocked when you log in. Leaving your computer unattended while logged in with an unlocked keychain is a security risk, yes. If you lock your keychain, however, nobody's getting access to it. Even if someone were to reset your account password, they'd still have to know the keychain password (identical to the old account password by default) to open it. And, note that, although someone can log in to, say, your Facebook account on your machine that has been left unattended, they cannot see the passwords themselves unless they know your password.
If you don't like the way it works, you have two options. One is to refrain from storing passwords in the keychain. You are always asked, usually via a check box in the password request dialog, whether you want to store a password in the keychain, and in Safari, you can simply turn off all Autofill settings.
Alternately, you could change your keychain password so that it is not the same as your account password. This means you will have to unlock it every time the OS wants a password. You can also use Keychain Access to set it to lock automatically after x minutes or when sleeping, and can show the menu icon for an easy way to lock/unlock the keychain manually.
Ultimately, if you're leaving your machine logged in, unattended and with untrusted people, you could have bigger problems than an unlocked keychain.