What is iCloud Keychain?
iCloud Keychain is Apple's password management system. It is designed to securely store and automatically fill in passwords, credit card and shipping information, and other sensitive data across all of a user's Apple devices.
It can also generate strong, unique passwords when creating new online accounts. It's a native feature of iOS and MacOS, meaning you do not need to download an app.
What's the catch?
If you use a browser other than Safari on your Apple device, or you use multiple operating systems and jump between browsers, then you'll want a different password management solution. Keychain can be used in Chrome, but only on devices that support iCloud for Windows. So not Macs, iPhones, or Android smartphones.
When using the Safari browser, iCloud Keychain will prompt you to save passwords for easy access down the road. Keychain also remembers your "autofill" shipping and credit card information, and your Wi-Fi password.
Note: Always update your device to the latest software. Vulnerabilities are regularly found and patched.
[Table of contents]
- What is iCloud Keychain?
- How to set up iCloud Keychain
- How to turn on iCloud Keychain
- How to access and view your iCloud Keychain passwords
- How to disable iCloud Keychain on iPhone and iPad
- Should I use Keychain?
How to set up iCloud Keychain
When you buy a new Apple product, it will prompt you to set up iCloud Keychain on your device. If you already have an account, it will prompt you to log in to your iCloud Keychain. If you do not yet have an iCloud Keychain, then the process takes longer.
If you skipped the setup process when you first opened your iPhone, then you can set up iCloud Keychain by going to:
- Settings > [your name] > iCloud, then tap Passwords and Keychain.
Image credit: Apple
From there, turn on iCloud Keychain. You may be asked for your Apple ID password or passcode.
iCloud Keychain requires you to create an iCloud Security Code. This is to help you add additional devices to your account or verify your identity when performing other iCloud Keychain actions such as recovering your iCloud Keychain if you lose all of your authorized devices.
Set up iCloud Keychain on an additional device
When you go to set up iCloud Keychain on an additional device, you should have a currently authorized device nearby. When you turn on iCloud Keychain on an additional device, your other devices using iCloud Keychain receive a notification that requests you to approve the additional device.
If you do not have a currently approved device nearby, then you can use your iCloud security code and follow the onscreen instructions.
How to turn on iCloud Keychain
Whenever you purchase a new Apple device or update a current device where iCloud Keychain has not yet been set up, the setup assistant will ask you to set up iCloud Keychain. You can then either decline or follow the onscreen steps to set up iCloud Keychain.
The following steps could be followed to set up iCloud Keychain on different devices if you chose not to do so when you first used your device.
Turn on iCloud Keychain on your iPhone, iPad, or iPod touch.
- Tap Settings, and then your name.
- Choose iCloud.
- Tap Keychain.
- Toggle the switch to turn on iCloud Keychain. You might be asked for your passcode or Apple ID password.
Turn on iCloud Keychain on your Mac.
- Go to the Apple menu and then System Preferences.
- Click Apple ID and then iCloud on the sidebar. For macOS Mojave or earlier, click iCloud.
- Select Keychain.
- If you choose to "Approve Later" when signing into your Apple ID, then you need to approve your Mac with an old passcode or on another device when prompted. If you're unable to approve, then you will need to reset your end-to-end encrypted data when prompted.
Note that, on your iPhone, iPad, or iPod touch with iOS 13 or later, as well as on your Mac with macOS Catalina or later, two-factor authentication (2FA) is required to turn on iCloud Keychain. If you have not yet set up 2FA, then you will be prompted to update to 2FA now.
If you were unable to turn on iCloud Keychain following these steps, then it is possible that your device does not meet the minimum system requirements for iCloud Keychain.
Make your passwords available on all your devices with iPhone and iCloud Keychain
iCloud Keychain allows you to share usernames and passwords, credit card information, Wi-Fi passwords, and other account information across all of your Apple devices. That way, it is always up to date.
In addition, iCloud Keychain can keep the accounts you use in Mail, Contacts, Calendar, and Messages up to date across all of your Apple devices.
Generate a password with iCloud Keychain on your iPhone and iPad
Modern computing can require hundreds of passwords to gain access to all of the apps and websites you need to get work accomplished. All of these passwords need to be unique, complex, and long to keep you safe from brute force or dictionary attacks.
However, this is impractical in reality, and users often reuse passwords, which puts your entire network at risk. Password managers, including iCloud Keychain, can suggest pseudo-random passwords every time you need to create a new login or update a current one.
How to manually add your personal and credit card information to iCloud Keychain
You can also add your credit card information—name, expiry date, and number—to your iCloud Keychain. That way, when it comes time to make a purchase, you only need to remember the three-digit verification number on the back. Keychain will offer to auto-fill it when it recognizes a form asking for a credit card.
How to access and view your iCloud Keychain passwords
iCloud Keychain makes it easy to share your passwords across Apple devices. However, most of us use other devices as well. Unlike TeamPassword, which lets you easily and securely share passwords across all of your devices and browsers, you may need to manually find your passwords in iCloud Keychain to use them on other devices.
You can find them in Settings > Passwords on your Apple devices and then copy and paste your username and password to wherever else you need them.
If the added convenience and security of a dedicated password manager sounds useful, then you can also disable iCloud Keychain as well.
How to disable iCloud Keychain on iPhone and iPad
Once you've decided to use a dedicated password manager, you can disable iCloud Keychain to stop it from storing or suggesting new passwords in the future. To do so, use the following steps:
- Open the Settings app on your iPhone or iPad.
- Tap your name.
- Tap iCloud.
- Scroll down to Keychain.
- Toggle the iCloud Keychain switch off.
- When asked whether you want to turn off Safari AutoFill, you can choose whether to delete the currently stored information from your iPhone or to keep it on both your iPhone and in iCloud.
- Enter your Apple ID password if prompted.
What Happens if I Turn Off Apple Keychain?
From Apple's documentation:
When you turn off iCloud Keychain, password, passkey, and credit card information is stored locally on your device. If you sign out of iCloud on that device while Keychain is turned on, you're asked to keep or delete that information.
- If you choose to keep the information, it isn't deleted or updated when you make changes on other devices.
- If you don't keep the information on at least one device, your Keychain data is also deleted from the iCloud servers.
iCloud Keychain vs a Dedicated Password Manager
Keychain is convenient once you get it set up - assuming you're all in on Apple's ecosystem and you never need to share passwords with others.
If someone is able to get the passcode you use to unlock your device, they can use that same code to access Passwords in settings and see all your saved passwords! However, biometric identification is standard on new Apple devices, so this is becoming less of an issue.
You can securely share passwords from Keychain with other Apple users. However, you can only do this one at a time, and only if they have an Apple device. If you want to share outside those parameters, you'll have to send passwords over text or email or share a spreadsheet - huge liabilities all. Please don't do it.
Third party password managers require you to create a master password to access your vault. This key is encrypted locally on your device; if you lose it, you'll have to remake your account. Depending on the plan, password managers support SSO (singe sign-on). TeamPassword supports Google SSO on all of its plans, meaning you can use your Google account to sign into your password vault.
Password managers let you add other users to your vault to securely share passwords without leaving an encrypted environment.
Additionally, managers such as TeamPassword have a built-in reminder feature for updating your password, helping you to practice proper password hygiene.
Organization and Sharing
Keychain organizes your logins alphabetically and allows you to search them. You cannot create folders to organize them another way.
Dedicated password managers let you divide passwords into folders or groups. This keeps things organized for projects and makes it easy to give people access to only those logins relevant to their work.
If you need to share passwords, you'll definitely want a dedicated password solution. TeamPassword is particularly good at sharing. Passwords are divided among an unlimited number of custom Groups. You can then add and remove team members from these Groups at will. TeamPassword has extensions for all major browsers and apps for iOS and Android.
In summary: Keychain is not comparable to a dedicated password manager. It is meant for the personal convenience of an Apple user. It lacks robust sharing, organization, and advanced sign-in and security features.
Should I use Keychain?
If you exclusively use Apple products and do not work in an environment where you may need to share passwords, then keep using Keychain. It's secure and convenient.
If you use a variety of devices and browsers, you're going to want a dedicated password manager. There are a lot of options out there. If you collaborate with a team, we believe your best bet is TeamPassword. It's been regularly voted one of the easiest to use password managers for teams, with the fastest onboarding.
TeamPassword is right in your browser and looks like this:
Sign up for a 14-day free trial to test TeamPassword with your team members today.