Apple is "dumbing down" on (keychain) security

[Westside guy]

Apple's encrypted Keychain has always been a useful tool where I've kept my passwords, certificates, and especially notes. And for added security, users (like me) have always had the option to use a keychain password which is different than their login password.

Apparently that's changing.

In response to a bug report I submitted against Sierra's keychain (where it opens multiple concurrent "please enter your keychain password" modal windows), I received the following message - along with the ticket being closed as "won't fix":

"There are no plans to address this based on the following: When the login and keychain passwords are out of sync this is expected behavior and we’ve been fixing issues where this out-of-syncness happens by accident. We no longer explicitly support the model of using a different password for the keychain and are continuing to remove this functionality. Customers should make their passwords be in sync. We are now closing this report. If you have questions about the resolution, or if this is still a critical issue for you, then please update your bug report with that information. Please be sure to regularly check new Apple releases for any updates that might affect this issue."

I realize not everyone uses a keychain password that's different than their login password, but it's a useful feature. Rather than doubling down on security, this seems like dumbing down.

 

[Brookzy]

To clarify, you have previously been successfully able have different passwords for your user account and for your login keychain?

 

[Westside guy]

To clarify, you have previously been successfully able have different passwords for your user account and for your login keychain?

Oh, yeah - my keychain has had its own password for about as long as Apple has offered a keychain. And it's always worked splendidly, until Sierra came around.

 

[fisherking]

and one good password is a problem because? if you have a secure password for your mac (and/or are using your icloud password), what exactly is wrong with using it in 2 places?

 

[Westside guy]

Then why not use that "one good password" on all of your various website accounts as well?

It's the old tradeoff of security versus convenience. If I have two passwords protecting my information, and you have one - a bad guy who gets hold of one of each of our respective passwords has access to more of your stuff than mine.

But, in any case, the point is that Apple is removing a feature which it's offered for many years. You don't have to take advantage of it if you don't want to... but some of us do.

 

[fisherking]

am not suggesting we use one password everywhere, just not sure why you need 2 on your mac. but, either way... if that's no longer an option, it's no longer an option. so i understand your disappointment, but... so it goes. apple giveth, and apple taketh away (or something like that).

 

[BarracksSi]

On the plus side, typing it in more frequently helps you remember it easier.

 

[zone23]

Then why not use that "one good password" on all of your various website accounts as well?

I get what your saying but to answer this question: So when say Best Buy gets hacked I don't have to change 25 different passwords.

 

[KALLT]

You can still use a separate keychain. Nowadays the login keychain is so interwoven with the normal operation of the system that I can understand why Apple would want to align it with the account authentication. As long as you do not reuse your account password anywhere else, you should be fine.

 

[Brookzy]

Looking longer term, the requirement for the login keychain and the user account to have the same password ties may be in preparation for a tighter integration with Touch ID (and potentially iCloud) for authentication on Macs in the future. The authentication hierarchies are evolving each year, with the user account password being superseded each time.

 

[johannnn]

I guess they're pushing people to authenticate with either Apple Watch or Touch ID. Authenticating with a separate password is Not the future.

 

[dyn]

Or they are removing something because it doesn't add any security at all All the stuff that is going into the login keychain requires that keychain to be unlocked when you login. The only thing a separate password for that keychain does is make things more difficult, it will NOT add any additional security at all. So what Apple is doing here is removing a feature that doesn't add any security at all, that only increases complexity and is causing a lot of issues.

The word "login" pretty much says it: it is meant for items that have to be accessible when you login with your account. Any other kind of item should NOT be stored in this keychain and the login keychain should NOT have any other password than that of the account (it doesn't add security, makes things more complex and causes too many issues).

In other words, you are using the wrong keychain. Store it in a different one and give it whatever password you want. You may want to look into other solutions entirely because keychain isn't as flexible as those other solutions.

If you really want to have proper security then you'd not only look at putting a password on something but also on the length of the password, permissions, encryption of the filesystem and 2FA solutions such as a Yubikey (you'd need to enter your username, password and have the Yubikey inserted as well).