7 Replies Latest reply: Feb 14, 2007 2:51 PM by Charles Clark
Poo Bear Level 1 Level 1 (0 points)
I don't remember my keychain password (the one you use to unlock the keychain and stuff). I've tried a bunch of different passwords that I use...like my admin. password but it doesn't work...how can I reset it or recover it? thanks

iMac G5   Mac OS X (10.4.8)  
  • Allan Sampson Level 10 Level 10 (123,370 points)
    You can't reset or recover it. You can reset your login/admin password with an install disc but this does not change the login keychain password (for security purposes) since this keychain usually contains some very sensitive and important information

    Unless you changed it on purpose, your login keychain password should be the same as your login/admin password.
  • Poo Bear Level 1 Level 1 (0 points)
    soo, could I maybe erase keychain from my computer and reinstall it?
  • Allan Sampson Level 10 Level 10 (123,370 points)
    Delete the Keychain application and if so, what for?

    Check Keychain Access Help for deleting and creating a keychain making a new keychain your default/login keychain. Probably best to make the password for your login keychain the same as your login password for computer login account.

    I believe there is a selection to remove a keychain but not delete it in case you remember the keychain's password later.
  • IanB Level 4 Level 4 (1,370 points)
    Hi Allan

    I've been considering the relative merits of keychains and an encrypted disk image for some time and discussed it briefly with Ferd II here. I was interested to note your comment about being unable to reset the login keychain password after resetting the admin password on a computer with the install disk. This seems to contradict Ferd's opinion.

    I think that Ferd's recommendation of the encrypted disk image for sensitive data is more flexible than keychains because you can store anything in one.

    On the other hand, I really like it that my login keychain remembers all my logins for me and would prefer to use it to store sensitive information if I was taking an acceptable risk using it. I don't fully understand the risks. Maybe you could answer the following?

    1. If I remained logged into my computer but with the screen lock on, how would someone get at the contents of my keychain?
    2. If I remained logged into my computer but put it to sleep, how would someone get at the contents of my keychain?
    3. If my computer was shut down, how would someone get at the contents of my keychain?
    4. Encrypted disk images use AES and keychains use 3DES. Does this really matter?
  • Allan Sampson Level 10 Level 10 (123,370 points)
    > I was interested to note your comment about being unable to reset the login keychain password after resetting the admin password on a computer with the install disk.

    Resetting your login password with the install disc does not reset the login keychain password. When creating a login account and password, the password for the account's login keychain is the same as the login account password. If you want the login keychain password to be different, you must change it via Keychain Access. Changing the login account's password via an install disc does not change the login keychain password for the login account. I believe this is for security reasons. Although a thief can gain access to a person's login account and home folder/directory by using an install disc to manually change the login password for the account, this does not change the login keychain password also so sensitive data stored in a person's keychain cannot be accessed without knowing the original login account password that matches the original login keychain password.

    1. If you require password to wake this computer from sleep or screen saver, someone can't. To have your keychain extra secure, you can also make your login keychain password different from your login password but if your login password is not the same as your default keychain password, you'll be asked for the password whenever an application needs access to your keychain and your keychain is locked - but this would be more trouble than it is worth IMO.

    2. Same as the answer to 1.

    3. Someone can't if you disable automatic login for your login account which is highly recommended. Even though I currently live alone, I have automatic login disabled for my login account. If someone steals my PB and has access to an install disc to manually change the password for my login account, they can gain access to all my data in my home folder/directory but not gain access to sensitive data stored in my login keychain which is not automatically changed when manually changing the login password with an install disc.

    This is also where utilizing an encrypted disk image comes into play to store sensitive data but to be extra secure, you should not store the password for an encrypted disk image in your keychain. My encrypted disk images require that I manually enter the password to mount the encrypted disk images but the downside when doing so is if you forget the password for the encrypted disk image, all data stored within the disk will be lost with no way to recover it.

    Overall it is probably best to store the password for an encrypted disk image in your keychain but if you give someone else access to your Mac when logged in to your account, any encrypted disk image will mount automatically when selected which is also why it is best not to allow anyone else to access your Mac via your login account.
  • IanB Level 4 Level 4 (1,370 points)
    Thanks Allan.
  • Charles Clark Level 2 Level 2 (375 points)
    snip

    I believe there is a selection to remove a keychain
    but not delete it in case you remember the keychain's
    password later.


    Keychain Access>>Preferences>>General click 'Reset My Keychain'