Set Up iCloud Keychain on Your Mac

iCloud Keychain is a cloud-based password storage service first introduced with OS X Mavericks. iCloud Keychain builds on the popular keychain service that has been part of OS X since the dawn of the millennium.

Since the keychain app was introduced, it's been providing a convenient way to store passwords and use them to automatically access password-secured services, such as email accounts and networks. Apple has taken reasonable measures to ensure the security of the keychain information that is sent to and stored in the cloud and then used to sync to your other Macs or iOS devices.

01
of 07

What Is iCloud Keychain?

iCloud Preference Pane
iCloud Keychain is turned off by default, so before you can use the service, you must turn it on. But before we enable iCloud Keychain, a word or two about security. Screen shot courtesy of Coyote Moon, Inc.

Since the keychain app was introduced, it's been providing a convenient way to store passwords and use them to automatically access password-secured services, such as email accounts and networks.

iCloud Keychain allows you to sync your Mac's saved usernames, passwords, and credit card data across multiple Macs and iOS devices. The advantages are tremendous. You can sit down at your iMac, sign up for a new website service, and then have the account login information automatically sync to your MacBook Air or your iPad. The next time you travel and want to use that web service, you won't have to try to remember your login info; it's already stored on your Air or iPad and will be entered automatically when you bring up the website.

Of course, this works for more than just website logins. iCloud Keychain can handle just about any type of account information, including email accounts, banking accounts, credit card accounts, and network logins.

iCloud Keychain is turned off by default, so before you can use the service, you must turn it on. But before we enable iCloud Keychain, a word or two about security.

 

02
of 07

iCloud Keychain Security

Apple uses 256-bit AES encryption for transmitting and storing the keychain information. That makes the raw data pretty secure; you're well protected against any type of brute-force attempt to discover the encryption key.

But iCloud Keychain has a weakness that could allow any semi-competent programmer to gain access to your keychain data. That weakness is in the default settings for generating an iCloud Keychain security code.

The default security code is a 4-digit code that you create. This code authorizes each selected Mac or iOS device to use the data you store in the iCloud Keychain.

A 4-digit security code may be easy to remember, but that is its only advantage. Its weakness is that there are only 1,000 possible combinations. Almost anyone could write an app to run through all the possible combinations for four digits, find your security code, and gain access to your iCloud Keychain data.

Luckily, you're not stuck with the default 4-digit security code. You can create a longer, and thus much more difficult to crack, security code. It will be more difficult to remember this code when you want to allow a Mac or iOS device to access your iCloud Keychain data, but the extra security makes it a good tradeoff.

This guide will show you how to set up iCloud Keychain on your Mac, using a more robust security code than the default method.

What You Need

  • An iCloud account. If you don't have an iCloud account, you can create one by following the instructions in Setting Up an iCloud Account on Your Mac.
  • As part of the iCloud Keychain system, Apple sends a verification request whenever you set up a new Mac or iOS device to share your keychain. You can either use a mobile phone that can receive SMS text messages, or have the request sent via the Notification Center to the Mac you used to set up the iCloud Keychain service.

 

03
of 07

Protect Your Mac From Casual Access When Using iCloud Keychain

Use the drop-down menu to set a time for how soon a password is required after waking from sleep or after the screen saver starts up. Five seconds or one minute are reasonable choices. Screen shot courtesy of Coyote Moon, Inc.

The first step in setting up iCloud Keychain on your Mac is to add a bit of security to prevent casual use. Remember, iCloud Keychain has the potential to not only store email and website logins, but also credit card, banking, and other sensitive personal information. If you permit casual access to your Mac, someone could login to a web service and purchase items using your account information.

To prevent this type of access, I recommend configuring your Mac to require a login at startup and a password to wake from sleep.

Configure Login Password

  1. Launch System Preferences by clicking its icon in the Dock, or selecting System Preferences from the Apple menu.
  2. Select the Users & Groups preference pane.
  3. Click the lock icon, located in the bottom left-hand corner of the Users & Groups preference pane window.
  4. Supply your administrator password, and click Unlock.
  5. Click the Login Options text at the bottom of the left-hand sidebar.
  6. Using the drop-down menu, set the Automatic login to Off.
  7. The rest of the login options can be configured as you wish.
  8. When you finish making your selections, click the lock icon to prevent further changes from being made.
  9. Click the Show All button near the top left of the Users & Groups preference pane.

Configure Sleep and Screen Saver Password

  1. In the System Preferences window, select the Security & Privacy preference pane.
  2. Click the General tab.
  3. Place a check mark in the "Require password" box.
  4. Use the drop-down menu to set a time for how soon a password is required after waking from sleep or after the screen saver starts up. Five seconds or one minute are reasonable choices. You don't want to choose "immediately" because there will be times when your Mac goes to sleep or your screen saver starts up when you're still sitting at your Mac, perhaps reading an article on the web. By selecting five seconds or one minute, you have time to wiggle the mouse or press a key to wake your Mac, without having to enter a password. If you select a longer time period, you risk allowing someone to access your Mac when you walk away for a few minutes.
  5. Once you select your preferred setting, you can quit System Preferences.

Now we're ready to begin the process of enabling iCloud Keychain.

04
of 07

Use iCloud Keychain Advanced Security Code Options

There are three options for creating an advance security code. Screen shot courtesy of Coyote Moon, Inc.

iCloud Keychain is part of the iCloud service, so setup and management are handled via the iCloud preference pane.

This guide assumes that you already have an Apple ID and that you've already turned on the iCloud service. If not, take a look at Setting Up an iCloud Account on Your Mac to get started.

Set Up iCloud Keychain

  1. Launch System Preferences by clicking its icon in the Dock, or selecting System Preferences from the Apple menu.
  2. Select the iCloud preference pane.
  3. A list of available iCloud services will display. Scroll through the list until you find the Keychain item.
  4. Place a check mark next to the Keychain item.
  5. In the sheet that drops down, enter your Apple ID password, and click OK.
  6. After a short amount of time, a new sheet will drop down, asking you to enter a four-digit security code. You'll use this code whenever you want to add a Mac or iOS device to the list of devices that can access your iCloud Keychain. In my opinion, a four-digit security code is too weak (see page 1); you'll be better served by creating a longer security code.
  7. Click the Advanced button.

There are three options for creating a security code:

  • Use a complex security code: This option allows you to create your own security code using up to 32 characters. The characters can include lower and uppercase letters, numbers, and punctuation (no spaces).
  • Get a random security code: Your Mac will randomly generate a security code for you.
  • Don't create a security code: When you select this option, you'll have to grant approval from the Mac you used to set up the iCloud Keychain service for each additional device you want to allow to access the service.

The first two options will require you to enter the security code when you set up iCloud Keychain access for subsequent Macs or iOS devices. In addition to the security code, you may be asked to enter an additional code sent to you via SMS text message.

The last option requires you to use your iCloud password and wait for one-time approval from the device that you first set up iCloud Keychain on before you can grant access to another device.

Make your selection, and click the Next button.

05
of 07

Use a Complex iCloud Security Code

You'll be asked to enter the number of a phone that can receive SMS text messages. Screen shot courtesy of Coyote Moon, Inc.

After you click the Advanced button in the Create an iCloud Security Code dialog box and click the "Use a complex security code" radio button, it's time to actually come up with one.

The code needs to be something you can remember without too much trouble, but it should be at least 10 characters, to ensure that it's a strong password. It should contain both upper and lowercase letters, and at least one punctuation symbol or number. In other words, it shouldn't be a word or phrase that would be found in a dictionary.

  1. In the Create an iCloud Security Code sheet, enter the code you wish to use. Apple can't recover the security code if you forget it, so be sure to write the code down and store it in a safe place. Click the Next button when you're ready.
  2. You'll be asked to re-enter the security code. Enter the code again and click Next.
  3. You'll be asked to enter the number of a phone that can receive SMS text messages. Apple uses this number to send a verification code when you set up additional Mac and iOS devices to use your iCloud Keychain. Enter the telephone number and click Done.
  4. iCloud Keychain will finish the setup process. When the process is complete, the Keychain item in the iCloud preference pane will have a check mark next to it.
  5. You can close the iCloud preference pane.

Be sure to check out our Setting Up Additional Macs to Use Your iCloud Keychain guide.

06
of 07

Use a Randomly Generated Security Code for iCloud

Your Mac will randomly generate a security code for you. Screen shot courtesy of Coyote Moon, Inc.

If you decide to use the Advanced security option in iCloud Keychain to have your Mac generate a random security code, then you won’t need to think one up. Instead, the Mac will create a 29-character code for you.

  1. Be sure to write this code down, because it's long and probably very difficult (if not impossible) to remember. If you forget or lose the security code, Apple can't recover it for you. You'll need this security code whenever you wish to set up another Mac or iOS device to access your iCloud Keychain.​
  2. Once you have the security code safely stored away somewhere, you can click the Next button on the drop-down sheet.​
  3. A new drop-down sheet will ask you to confirm your security code by re-entering it. After you finish entering the information, click the Next button.​
  4. Enter the number for a phone that is able to receive SMS text messages. Apple will send a verification code to this number when you set up additional Mac and iOS devices to use your iCloud Keychain. Enter the number and click Done.​
  5. The iCloud Keychain setup process is complete. You will see a check mark next to the Keychain item in the iCloud preference pane.​
  6. You can close the iCloud preference pane.

You're now ready to use our Setting Up Additional Macs to Use Your iCloud Keychain guide.

07
of 07

You Don't Have to Create an iCloud Security Code

If you don't create a security code, you must pre-authorize each and every Mac or iOS device you plan to use with iCloud Keychain. Screen shot courtesy of Coyote Moon, Inc.

iCloud Keychain supports multiple methods of verifying that subsequent Mac and iOS devices are authorized to use your keychain. This last method doesn't actually create any type of security code; instead, it uses your iCloud account login data. It also sends a notification back to the device that you used to set up the iCloud Keychain service, requesting that you grant access.

The advantage of this method is that you don't have to remember a complex security code to gain access. The disadvantage is that you must pre-authorize each and every Mac or iOS device you plan to use with iCloud Keychain.

This setup guide continues from page 3 after you selected the "Don't create security code" option.

  1. A new sheet will appear, asking if you're sure that you don’t want to create a security code. Click the Skip Code button to continue, or the Go Back button if you've changed your mind.​
  2. iCloud Keychain will complete the setup process.​
  3. Once the setup process is complete, the Keychain item in the iCloud preference pane will have a check mark next to its name, signifying that the service is running.​
  4. You can close the iCloud preference pane.

To allow other Macs to access your keychain, see our Setting Up Additional Macs to Use Your iCloud Keychain guide.