There's a lot of password management software available for the Mac and iOS, but none quite compares to iCloud Keychain, Apple's built-in implementation. iCloud Keychain has been around since the very beginning of iOS, and it made its debut on the Mac with Mac OS 8.6.
The Keychain, as it's commonly referred to in the Apple ecosystem, is Apple's password manager, but it does so much more, and not just for website passwords, either. It stores passwords from across macOS (FTP servers, SSH accounts, wireless network passwords, encrypted disk passwords); it stores private keys used to access various services or sign apps for Apple's developer programs; and it handles storing certificates, secure notes, and even saved credit cards in Safari's form filler. The Keychain does all of this while maintaining the security of the information stored in its database.
Third-party apps can also store information in the Keychain. This is really where the power comes in, because developers that don't know much about security can protect their users' privacy by using Apple's APIs for Keychain.
You may frequently interface with the Keychain when entering passwords in Safari. If you get a prompt to save the password, this will store the password safely in Keychain; when AutoFill is turned on, it will resurface your password when you visit the site in the future, giving you one-click login ability.
iCloud Keychain is Apple's attempt to make the Keychain sync and be available across all of your devices, and they've done an excellent job of integrating this feature into the system and making it secure. The one downside to the Keychain is that it's only stored locally on each of your devices.
Be sure to check our iCloud Keychain guide for the latest information about the Keychain.
- What it is: iCloud Keychain is a way to store your usernames, passwords, and app sign-on information and sync it between your devices using Apple's iCloud services.
- Why it matters: Typing passwords into websites in Safari and in apps can be time-consuming. Plus, with iCloud Keychain, you can use more secure passwords because you no longer have to type them manually.
- Who this affects: Apple customers who have an iOS or macOS device and iCloud account can take advantage of this feature.
- When it was released: Apple iCloud entered service October 12, 2011 after being announced at the 2011 Apple Worldwide Developer's Conference (WWDC). iCloud Keychain has been available since WWDC 2013 and was originally introduced for iOS 7 and Mac OS X Mavericks.
- How to get it: An iCloud setup assistant is built into iPhones, iPads, and Macs. Apple offers directions for setting up iCloud on iOS and Macs. A free iCloud account can take advantage of this iCloud Keychain syncing feature.
SEE: Password Management Policy (Tech Pro Research)
What is iCloud Keychain?
iCloud Keychain stores your usernames, passwords, and app sign-on information and syncs it between your devices using Apple's iCloud services. The Keychain keeps your information secured using a two-factor authentication mechanism: First, you need to be signed into your iCloud account on the device, and then another trusted device must be used to approve the newly connected device to be used with iCloud Keychain. This is separate from the iCloud two-factor authentication, which is also recommended.
When you enable iCloud Keychain, all of these features are included for free with your free iCloud account—there's nothing to purchase additionally:
- it syncs Safari usernames, passwords, and credit card information across devices;
- it syncs Wi-Fi network information and keeps it up to date on all devices;
- it syncs service logins like Facebook, Twitter, and LinkedIn across all devices when signed in through the Settings app; and
- it keeps Mail, Contacts, Calendar, and Messages accounts in sync with usernames and passwords for servers across all devices.
iCloud Keychain works with iOS devices that are running iOS 7.0.3 or later, and Macs running macOS 10.9 or later.
- iCloud Keychain FAQ (Apple)
- iCloud Keychain availability by country (Apple)
- iCloud Security and Privacy Overview (Apple)
- Apple iCloud: The smart person's guide (TechRepublic)
- How to store and manage web passwords in mobile Safari (TechRepublic)
- Apple's Keychain: The solution and the problem with password managers (ZDNet)
Why iCloud Keychain matters
Keeping Safari AutoFill information, Wi-Fi networks, email accounts, and more in sync is a task, and until iCloud Keychain, you needed to do all of this manually. Fortunately, iCloud Keychain makes this a lot easier, and does so without any hit to security and privacy.
The tight system integration that Apple can provide with iCloud Keychain is unmatched by any third-party service or app, because Apple can integrate it with all of the built-in apps, including Mail, Safari, and Calendar. Also, third-party apps can securely store usernames, passwords, and secure data inside the Keychain.
- The end of passwords? Not in the near future (TechRepublic)
- Worried about identity theft? Then you should avoid these password pitfalls (TechRepublic)
- The real reason companies don't take security seriously: Their money isn't on the line (TechRepublic)
- Police can force you to give up your iPhone password, Florida court rules (TechRepublic)
- Beyond passwords: Tech companies seek next generation of security (CBS News)
- The guide to password security (and why you should care) (CNET)
- BYOD Policy (Tech Pro Research)
Who iCloud Keychain affects
Keychain has been around for a long time, originating on Mac OS 8.6, but it has evolved a lot over the years to include additional support for sensitive information.
To use iCloud Keychain, you must have an iCloud account set up, and use a compatible operating system. iCloud Keychain is compatible with iOS 7.0.3 and later and macOS 10.9 (Mavericks) and later.
- Executive's guide to Apple in the enterprise (free ebook) (TechRepublic)
- 4 of the best password management tools for iOS (TechRepublic)
- Five password management apps that will work on all your devices (TechRepublic)
- Firms that force you to change your password are clueless says cyber security chief (TechRepublic)
- Changing your password regularly is a terrible idea, and here's why (ZDNet)
- Home usage of company-owned equipment policy (Tech Pro Research)
Alternatives to iCloud Keychain
How to enable iCloud Keychain
It's super simple to enable iCloud Keychain compared to many password management services. To enable the Keychain, you first need to make sure you're signed in with iCloud.
For iOS, follow these steps:
- Open the Settings app.
- Select iCloud | Keychain.
- Enable the Switch for Keychain.
- Follow the on-screen instructions for creating an encryption password and recovery details.
On macOS, follow these steps:
- Open System Preferences.
- Select the iCloud preference pane.
- Select Keychain.
- Enter your Apple ID and password, and then follow the on-screen setup instructions.
If you previously enabled iCloud Keychain, you'll need to activate iCloud Keychain on your new devices by having another registered iCloud Keychain device to approve the new device for use with iCloud Keychain. This provides another layer of security on top of your iCloud username and password, and/or two-factor authentication on your iCloud account.
For more information, visit the Apple support website on how to set up iCloud Keychain.
- Make use of the iCloud Keychain (CNET)
- How to retrieve iCloud Keychain passwords on iOS (CNET)
- 5 ways to secure OS X (TechRepublic)
- 5 more ways to secure OS X (TechRepublic)
- How to set up Activation Lock on iOS devices (TechRepublic)
- Apple to iPhone users: We want your iCloud photos, emails, contacts to improve Siri, AI (ZDNet)
Cory Bohon is an indie developer, creating both iOS and OS X applications at Cocoa App (his own company), MartianCraft, and for various other clients. As a part of full disclosure, he does not write about any software that he has created or has helped to create through these outlets.
Cory Bohon is an indie developer specializing in iOS and OS X development. He runs a software company called Cocoa App and is also a developer at MartianCraft. He was introduced to technology at an early age and has been writing about his favorite technology part-time since 2007. He runs a development blog named ObjDev when he isn’t writing about consumer tech.