Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Alejandro_64
Alejandro_64 Author
User level: Level 1
43 points

How safe is storing Safari passwords in the device?

Hello!


I have a MacBook running Mountain Lion.

I have a lot of strictly confidential data stored in Dropbox. The most innocent of it, for example, is all my cards data.


How safe would it be to save a Dropbox web login and password in Safari? Are they stored encrypted on the device?


Out of security reasons my password for Dropbox is long and complicated - i dont like to enter this password every time i need access to Dbox. But I dont dare to save password because don't know if someone can access this data if I I lose the device or it is being stolen,


My iMac account has a strong password, too. Would someone be able to retreive my password and logins if my MacBook lost o stolen?

MacBook

Posted on May 16, 2013 9:29 PM

Reply
Question marked as Best reply
User profile for user: Topher Kessler
Topher Kessler
User level: Level 6
9,905 points

Posted on May 19, 2013 8:07 PM

The keychain is only readable if you supply your password (and thereby unlock it). The file itself is encrypted. You can copy it to another machine, but if you try to open it then it will prompt you for a password. Without this, you can try reading through the file's contents, but you will get garbled information.

View in context
14 replies
Question marked as Best reply
User profile for user: Topher Kessler
Topher Kessler
User level: Level 6
9,905 points

May 19, 2013 8:07 PM in response to Alejandro_64

The keychain is only readable if you supply your password (and thereby unlock it). The file itself is encrypted. You can copy it to another machine, but if you try to open it then it will prompt you for a password. Without this, you can try reading through the file's contents, but you will get garbled information.

Reply
User profile for user: Topher Kessler
Topher Kessler
User level: Level 6
9,905 points

May 16, 2013 10:11 PM in response to Alejandro_64

Passwords are stored in your keychain, which is an encrypted storage platform for secured notes and passwords. These can be managed through Apple's Keychain Access utility in your Applications > Utilities folder. This means that they will be very difficult to crack by anyone who steals your system or otherwise tries to crack your password, but the security of this system is only as good as the password you use, so be sure to use a strong and unique password.

Reply
User profile for user: Topher Kessler
Topher Kessler
User level: Level 6
9,905 points

May 17, 2013 7:39 AM in response to Alejandro_64

The keychain file is encrypted with a Triple DES algorithm that should make brute-force attacks (guessing) nearly impossible to do. While someone with administrative access to your system can run programs to pull keychain information from memory, this ability is limited to those with admin access. Therefore, the security of the system is limited to who you grant access and the strength of the passwords you use. If I were to guess at how long it would take a system to brute-force attack the keychain and guess the password, provided a good password is used it would take well over a million years.

Reply
User profile for user: Topher Kessler
Topher Kessler
User level: Level 6
9,905 points

May 19, 2013 12:42 PM in response to Alejandro_64

Exactly. The keychain will require its master password in order to unlock all of its contained password.


If you are worried about someone doing this and getting any of your data, then in addition you can enable FileVault in the Security system preferences, which will result in all files being encrypted. Therefore if anyone takes out your drive and puts it in another system they will see nothing but garbled data.

Reply

How safe is storing Safari passwords in the device?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up