What is iCloud Keychain, and Is It a Good Password Manager?
iCloud Keychain is Apple's password management system. It is designed to securely store and automatically fill in passwords, credit card and shipping information, and other sensitive data across all of a user's Apple devices.
It can also generate strong, unique passwords when creating new online accounts. It's a native feature of iOS and MacOS, meaning you do not need to download an app.
What's the catch?
If you use a browser other than Safari on your Apple device, or you use multiple operating systems and jump between browsers, then you'll want a different password management solution. Keychain can be used in Chrome, but only on devices that support iCloud for Windows. So not Macs, iPhones, or Android smartphones.
When using the Safari browser, iCloud Keychain will prompt you to save passwords for easy access down the road. Keychain also remembers your "autofill" shipping and credit card information, and your Wi-Fi password.
Note: Always update your device to the latest software. Vulnerabilities are regularly found and patched.
TeamPassword is a secure, affordable, and modern password manager for businesses. Try TeamPassword free for 14 days!
Table of Contents
How to set up iCloud Keychain
When you buy a new Apple product, it will prompt you to set up iCloud Keychain on your device. If you already have an account, it will prompt you to log in to your iCloud Keychain. If you do not yet have an iCloud Keychain, then the process takes longer.
If you skipped the setup process when you first opened your iPhone, then you can set up iCloud Keychain by going to:
- Settings > [your name] > iCloud, then tap Passwords and Keychain.
Image credit: Apple
From there, turn on iCloud Keychain. You may be asked for your Apple ID password or passcode.
iCloud Keychain requires you to create an iCloud Security Code. This is to help you add additional devices to your account or verify your identity when performing other iCloud Keychain actions such as recovering your iCloud Keychain if you lose all of your authorized devices.
Set up iCloud Keychain on an additional device
When you go to set up iCloud Keychain on an additional device, you should have a currently authorized device nearby. When you turn on iCloud Keychain on an additional device, your other devices using iCloud Keychain receive a notification that requests you to approve the additional device.
Tap Allow.
If you do not have a currently approved device nearby, then you can use your iCloud security code and follow the onscreen instructions.
How to turn on iCloud Keychain
Whenever you purchase a new Apple device or update a current device where iCloud Keychain has not yet been set up, the setup assistant will ask you to set up iCloud Keychain. You can then either decline or follow the onscreen steps to set up iCloud Keychain.
The following steps could be followed to set up iCloud Keychain on different devices if you chose not to do so when you first used your device.
Turn on iCloud Keychain on your iPhone, iPad, or iPod touch.
- Tap Settings, and then your name.
- Choose iCloud.
- Tap Keychain.
- Toggle the switch to turn on iCloud Keychain. You might be asked for your passcode or Apple ID password.
Turn on iCloud Keychain on your Mac.
- Go to the Apple menu and then System Preferences.
- Click Apple ID and then iCloud on the sidebar. For macOS Mojave or earlier, click iCloud.
- Select Keychain.
- If you choose to "Approve Later" when signing into your Apple ID, then you need to approve your Mac with an old passcode or on another device when prompted. If you're unable to approve, then you will need to reset your end-to-end encrypted data when prompted.
Note that, on your iPhone, iPad, or iPod touch with iOS 13 or later, as well as on your Mac with macOS Catalina or later, two-factor authentication (2FA) is required to turn on iCloud Keychain. If you have not yet set up 2FA, then you will be prompted to update to 2FA now.
If you were unable to turn on iCloud Keychain following these steps, then it is possible that your device does not meet the minimum system requirements for iCloud Keychain.
Make your passwords available on all your devices with iPhone and iCloud Keychain
iCloud Keychain allows you to share usernames and passwords, credit card information, Wi-Fi passwords, and other account information across all of your Apple devices. That way, it is always up to date.
In addition, iCloud Keychain can keep the accounts you use in Mail, Contacts, Calendar, and Messages up to date across all of your Apple devices.
Generate a password with iCloud Keychain on your iPhone and iPad
Modern computing can require hundreds of passwords to gain access to all of the apps and websites you need to get work accomplished. All of these passwords need to be unique, complex, and long to keep you safe from brute force or dictionary attacks.
However, this is impractical in reality, and users often reuse passwords, which puts your entire network at risk. Password managers, including iCloud Keychain, can suggest pseudo-random passwords every time you need to create a new login or update a current one.
How to manually add your personal and credit card information to iCloud Keychain
You can also add your credit card information—name, expiry date, and number—to your iCloud Keychain. That way, when it comes time to make a purchase, you only need to remember the three-digit verification number on the back. Keychain will offer to auto-fill it when it recognizes a form asking for a credit card.
How to access and view your iCloud Keychain passwords
iCloud Keychain makes it easy to share your passwords across Apple devices. However, most of us use other devices as well. Unlike TeamPassword, which lets you easily and securely share passwords across all of your devices and browsers, you may need to manually find your passwords in iCloud Keychain to use them on other devices.
You can find them in Settings > Passwords on your Apple devices and then copy and paste your username and password to wherever else you need them.
If the added convenience and security of a dedicated password manager sounds useful, then you can also disable iCloud Keychain as well.
How to disable iCloud Keychain on iPhone and iPad
Once you've decided to use a dedicated password manager, you can disable iCloud Keychain to stop it from storing or suggesting new passwords in the future. To do so, use the following steps:
- Open the Settings app on your iPhone or iPad.
- Tap your name.
- Tap iCloud.
- Scroll down to Keychain.
- Toggle the iCloud Keychain switch off.
- When asked whether you want to turn off Safari AutoFill, you can choose whether to delete the currently stored information from your iPhone or to keep it on both your iPhone and in iCloud.
- Enter your Apple ID password if prompted.
Apple iCloud Keychain FAQs
How Secure is Apple Password Storage?
Apple’s password storage, primarily through iCloud Keychain, is generally considered secure due to its robust encryption and integration with Apple’s ecosystem. Here’s a breakdown of its security measures and potential vulnerabilities:
Key Security Features of Apple Password Storage
-
Strong Encryption
- iCloud Keychain uses 256-bit AES encryption, a gold standard in data security. This ensures that your passwords and other sensitive information are scrambled and unreadable without the correct decryption keys.
- End-to-end encryption is applied, meaning only devices signed into your iCloud account can access the data.
-
Biometric and Passcode Protection
- Access to stored passwords is protected by device-level security features, such as Face ID, Touch ID, or a passcode. This adds an extra layer of authentication before anyone can view your passwords.
-
Two-Factor Authentication (2FA)
- To enable iCloud Keychain, Apple requires 2FA to ensure that only you can access your iCloud account, even if someone else knows your Apple ID password.
-
Proactive Security Alerts
- iCloud Keychain flags weak or reused passwords and alerts users if any of their stored credentials have been exposed in a data breach.
-
Limited Accessibility
- iCloud Keychain is tightly integrated into Apple’s ecosystem. This limits exposure to potential threats but also restricts cross-platform flexibility.
Potential Vulnerabilities
-
Device Passcode Risks
- If someone gains access to your device’s passcode, they could potentially view all stored passwords without requiring further authentication. This underscores the importance of setting a strong and unique passcode.
-
Dependency on Apple Ecosystem
- iCloud Keychain’s security is contingent on the overall security of Apple’s ecosystem. While Apple has a strong track record, no system is entirely immune to vulnerabilities.
-
Limited Sharing Features
- Secure sharing is restricted to Apple users, and even then, it’s done on a case-by-case basis. Sharing passwords outside Apple’s ecosystem may require less secure methods, such as emails or spreadsheets.
-
Recovery Key Risks
- If you lose all your trusted devices and forget your recovery key, you could lose access to your iCloud Keychain data. Alternatively, if someone gains access to your recovery key, they could compromise your account.
How Does iCloud Keychain Work?
iCloud Keychain is Apple's built-in password manager that securely stores and syncs your passwords, credit card information, Wi-Fi passwords, and other secure data across your Apple devices. Here's a breakdown of how it functions:
Storing Your Information:
- iCloud Keychain uses strong encryption (256-bit AES) to scramble your data, making it unreadable by anyone, including Apple itself.
- This encrypted data is then stored in your iCloud account.
Keeping it Updated Across Devices:
- Any changes you make to your passwords or other information on one device are automatically synced to all your other approved Apple devices (iPhones, iPads, and Macs) using the same iCloud account.
Filling in the Blanks:
- When you log in to a website or app on your Apple device, iCloud Keychain can automatically fill in your username and password if it's stored for that site.
- This saves you the hassle of remembering and typing them in every time.
Security Measures:
- iCloud Keychain relies on your device passcode or Touch ID/Face ID for an extra layer of security.
- It also offers security features like:
- Identifying weak or reused passwords.
- Alerting you to potential security breaches related to your stored passwords.
Additional Features:
- You can share passwords securely with other Apple users through iCloud Keychain.
- It can also store secure notes and Wi-Fi network information.
What Happens if I Turn Off Apple Keychain?
From Apple's documentation:
When you turn off iCloud Keychain, password, passkey, and credit card information is stored locally on your device. If you sign out of iCloud on that device while Keychain is turned on, you're asked to keep or delete that information.
- If you choose to keep the information, it isn't deleted or updated when you make changes on other devices.
- If you don't keep the information on at least one device, your Keychain data is also deleted from the iCloud servers.
iCloud Keychain vs a Dedicated Password Manager
Keychain is convenient once you get it set up - assuming you're all in on Apple's ecosystem and you never need to share passwords with others.
However, Keychain is not comparable to a dedicated password manager. It is meant for the personal convenience of an Apple user. It lacks robust sharing, organization, and advanced sign-in and security features.
Security
If someone is able to get the passcode you use to unlock your device, they can use that same code to access Passwords in settings and see all your saved passwords! However, biometric identification is standard on new Apple devices, so this is becoming less of an issue.
You can securely share passwords from Keychain with other Apple users. However, you can only do this one at a time, and only if they have an Apple device. If you want to share outside those parameters, you'll have to send passwords over text or email or share a spreadsheet - huge liabilities all. Please don't do it.
Third-party password managers require you to create a master password to access your vault. This key is encrypted locally on your device; if you lose it, you'll have to remake your account. Depending on the plan, password managers support SSO (singe sign-on). TeamPassword supports Google SSO on all of its plans, meaning you can use your Google account to sign into your password vault.
Password managers let you add other users to your vault to securely share passwords without leaving an encrypted environment.
Additionally, managers such as TeamPassword have a built-in reminder feature for updating your password, helping you to practice proper password hygiene.
Organization and Sharing
Keychain organizes your logins alphabetically and allows you to search them. You cannot create folders to organize them another way.
Dedicated password managers let you divide passwords into folders or groups. This keeps things organized for projects and makes it easy to give people access to only those logins relevant to their work.
If you need to share passwords, you'll definitely want a dedicated password manager for teams. TeamPassword is particularly good at sharing. Passwords are divided among an unlimited number of custom Groups. You can then add and remove team members from these Groups at will. TeamPassword has extensions for all major browsers and apps for iOS and Android.
Should I use Keychain?
If you exclusively use Apple products and do not work in an environment where you may need to share passwords, then keep using Keychain. It's secure and convenient.
If you use a variety of devices and browsers, you're going to want a dedicated password manager. There are a lot of options out there.
If you collaborate with a team, your best bet is TeamPassword. It's been regularly voted one of the easiest to use password managers for teams, with the fastest onboarding.
TeamPassword is right in your browser and looks like this:
TeamPassword is the BEST password manager for teams.
- AES 256-bit end-to-end encryption
- Unlimited custom password groups for organization, and PoLP sharing
- Budget-friendly pricing
- Apps for iOS and Android and works with all browsers
- Integrated TOTP authenticator
- Enforceable 2FA
Sign up for a 14-day free trial to test TeamPassword with your company today!