Apple stores passwords and other secrets on a keychain on your device–but is it THE Keychain? The difference has confused some readers. In general, it works like this:
- macOS: The operating system maintains several keychains, which you can view through Applications > Tools > Keychain access. This tool can handle some low-level encryption details, such as certificates, and will display at least one System and login (small) keychain. Your login keychain contains items used for your account, including Wi-Fi network passwords, network volume passwords, website passwords, and other items.
- iOS/iPadOS: Keychain management is hidden. iOS and iPadOS reveal passwords for websites and some apps in Settings > Passwords. The fact that the password for an app is not clear as Apple lists passwords by website address. Apps use an address for validation, and that’s what you see. For example, for Netflix, I see an entry for
signup.netflix.comandwww.netflix.com. But when I log into Netflix using iOS, iPadOS, or tvOS, the same password entry appears. Apple also keeps entries for Wi-Fi networks visible Settings > Wi-Fi. - iCloud Keychain: You can enable end-to-end encrypted key sync across all your devices logged into the same iCloud account to share all types of keys. Since this happens without any involvement on your part after enabling it, it means that Wi-Fi passwords, website passwords, and Mac-specific secure entries are synced with the appropriate devices.
If you have disabled iCloud Keychain in Settings> Account Name > iCloud > Passwords and Keychains (iOS 16/iPadOS 16) or iCloud Keychain in previous iOS/iPadOS releases, your iPhone or iPad will still store passwords at your request for apps and other purposes, just like a Mac. These passwords are never synced across devices.
iCloud Keychain data usage does not count toward iCloud or iCloud+ storage. And the end-to-end encryption used by Apple means that the encryption keys that protect your secrets are stored only on your devices—someone has to access a device and unlock it to get and access to passwords. Even if they open it, they need to authenticate again to see or see the passwords on any iPhone or iPad as well as the default macOS setups. (You will need to make several changes to disable authentication on a Mac for using passwords completion the Mac is unlocked.)
This Mac 911 article is in response to a question submitted by Macworld reader Steve.
Ask for Mac 911
We’ve compiled a list of questions we get asked frequently, along with answers and links to the columns: read our super FAQ to see if your question is covered. Otherwise, we’re always looking for new problems to solve! Email yours to mac911@macworld.com, including screen captures if appropriate and if you want to use your full name. Not all questions can be answered, we don’t respond to email, and we can’t provide direct troubleshooting advice.