Security

Apple's iCloud Keychain: The smart person's guide

This is a comprehensive guide to iCloud Keychain, Apple's cloud-based version of its iOS and macOS password, private key, and certificate management software.

icloudkeychainhero.jpg
Icon via Apple Inc.

There's a lot of password management software available for the Mac and iOS, but none quite compares to iCloud Keychain, Apple's built-in implementation. iCloud Keychain has been around since the very beginning of iOS, and it made its debut on the Mac with Mac OS 8.6.

The Keychain, as it's commonly referred to in the Apple ecosystem, is Apple's password manager, but it does so much more, and not just for website passwords, either. It stores passwords from across macOS (FTP servers, SSH accounts, wireless network passwords, encrypted disk passwords); it stores private keys used to access various services or sign apps for Apple's developer programs; and it handles storing certificates, secure notes, and even saved credit cards in Safari's form filler. The Keychain does all of this while maintaining the security of the information stored in its database.

Third-party apps can also store information in the Keychain. This is really where the power comes in, because developers that don't know much about security can protect their users' privacy by using Apple's APIs for Keychain.

You may frequently interface with the Keychain when entering passwords in Safari. If you get a prompt to save the password, this will store the password safely in Keychain; when AutoFill is turned on, it will resurface your password when you visit the site in the future, giving you one-click login ability.

iCloud Keychain is Apple's attempt to make the Keychain sync and be available across all of your devices, and they've done an excellent job of integrating this feature into the system and making it secure. The one downside to the Keychain is that it's only stored locally on each of your devices.

Be sure to check our iCloud Keychain guide for the latest information about the Keychain.

SEE: Check out all of TechRepublic's smart person's guides.

Executive summary

  • What it is: iCloud Keychain is a way to store your usernames, passwords, and app sign-on information and sync it between your devices using Apple's iCloud services.
  • Why it matters: Typing passwords into websites in Safari and in apps can be time-consuming. Plus, with iCloud Keychain, you can use more secure passwords because you no longer have to type them manually.
  • Who this affects: Apple customers who have an iOS or macOS device and iCloud account can take advantage of this feature.
  • When it was released: Apple iCloud entered service October 12, 2011 after being announced at the 2011 Apple Worldwide Developer's Conference (WWDC). iCloud Keychain has been available since WWDC 2013 and was originally introduced for iOS 7 and Mac OS X Mavericks.
  • How to get it: An iCloud setup assistant is built into iPhones, iPads, and Macs. Apple offers directions for setting up iCloud on iOS and Macs. A free iCloud account can take advantage of this iCloud Keychain syncing feature.

SEE: Password Management Policy (Tech Pro Research)

What is iCloud Keychain?

iCloud Keychain stores your usernames, passwords, and app sign-on information and syncs it between your devices using Apple's iCloud services. The Keychain keeps your information secured using a two-factor authentication mechanism: First, you need to be signed into your iCloud account on the device, and then another trusted device must be used to approve the newly connected device to be used with iCloud Keychain. This is separate from the iCloud two-factor authentication, which is also recommended.

When you enable iCloud Keychain, all of these features are included for free with your free iCloud account—there's nothing to purchase additionally:

  • it syncs Safari usernames, passwords, and credit card information across devices;
  • it syncs Wi-Fi network information and keeps it up to date on all devices;
  • it syncs service logins like Facebook, Twitter, and LinkedIn across all devices when signed in through the Settings app; and
  • it keeps Mail, Contacts, Calendar, and Messages accounts in sync with usernames and passwords for servers across all devices.

iCloud Keychain works with iOS devices that are running iOS 7.0.3 or later, and Macs running macOS 10.9 or later.

Additional resources:

Why iCloud Keychain matters

Keeping Safari AutoFill information, Wi-Fi networks, email accounts, and more in sync is a task, and until iCloud Keychain, you needed to do all of this manually. Fortunately, iCloud Keychain makes this a lot easier, and does so without any hit to security and privacy.

The tight system integration that Apple can provide with iCloud Keychain is unmatched by any third-party service or app, because Apple can integrate it with all of the built-in apps, including Mail, Safari, and Calendar. Also, third-party apps can securely store usernames, passwords, and secure data inside the Keychain.

Additional resources:

Who iCloud Keychain affects

Keychain has been around for a long time, originating on Mac OS 8.6, but it has evolved a lot over the years to include additional support for sensitive information.

To use iCloud Keychain, you must have an iCloud account set up, and use a compatible operating system. iCloud Keychain is compatible with iOS 7.0.3 and later and macOS 10.9 (Mavericks) and later.

Additional resources:

Alternatives to iCloud Keychain

How to enable iCloud Keychain

It's super simple to enable iCloud Keychain compared to many password management services. To enable the Keychain, you first need to make sure you're signed in with iCloud.

For iOS, follow these steps:

  1. Open the Settings app.
  2. Select iCloud | Keychain.
  3. Enable the Switch for Keychain.
  4. Follow the on-screen instructions for creating an encryption password and recovery details.

On macOS, follow these steps:

  1. Open System Preferences.
  2. Select the iCloud preference pane.
  3. Select Keychain.
  4. Enter your Apple ID and password, and then follow the on-screen setup instructions.

If you previously enabled iCloud Keychain, you'll need to activate iCloud Keychain on your new devices by having another registered iCloud Keychain device to approve the new device for use with iCloud Keychain. This provides another layer of security on top of your iCloud username and password, and/or two-factor authentication on your iCloud account.

For more information, visit the Apple support website on how to set up iCloud Keychain.

Additional resources:

About Cory Bohon

Cory Bohon is an indie developer specializing in iOS and OS X development. He runs a software company called Cocoa App and is also a developer at MartianCraft. He was introduced to technology at an early age and has been writing about his favorite te...

Editor's Picks

Free Newsletters, In your Inbox