Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I don't use OS X. Doesn't Keychain Access prompt you for a password when you try to access it? If this is the case, then if someone's asking to use your computer, just enter it for them but don't give them the password itself. Are passwords that are stored in Keychain actually visible anywhere outside of Keychain Access?

In iOS, I believe it prompts for Touch ID or a passcode when you try to actually access that data in the Settings app, so you shouldn't be giving that away either.

It's not a security issue on Apple's end because it's ultimately the user willingly giving up their passcode or password. What is Apple supposed to do other than to tell people not to share their passcodes or passwords? They've already made a step towards eliminating passwords through Touch ID, but they can't force third party services to use fingerprint authentication everywhere.

And two-factor authentication IS relevant to this. If someone does try to steal someone's login info and then access that account elsewhere, two-factor auth would stop it (unless that person holds onto the device).

What is your alternative other than using a different password manager with a master password (or PIN code if the app, like 1Password, allows) that is different than your iCloud or OS X account password? Writing them all down somewhere? Storing it somewhere which essentially doesn't protect your data any differently either?

Unencrypted, no password protected Excel file FTW!!! :D
 

cynics

macrumors G4
Jan 8, 2012
11,959
2,156
I don't use OS X. Doesn't Keychain Access prompt you for a password when you try to access it? If this is the case, then if someone's asking to use your computer, just enter it for them but don't give them the password itself. Are passwords that are stored in Keychain actually visible anywhere outside of Keychain Access?

In iOS, I believe it prompts for Touch ID or a passcode when you try to actually access that data in the Settings app, so you shouldn't be giving that away either.

It's not a security issue on Apple's end because it's ultimately the user willingly giving up their passcode or password. What is Apple supposed to do other than to tell people not to share their passcodes or passwords? They've already made a step towards eliminating passwords through Touch ID, but they can't force third party services to use fingerprint authentication everywhere.

And two-factor authentication IS relevant to this. If someone does try to steal someone's login info and then access that account elsewhere, two-factor auth would stop it (unless that person holds onto the device).

What is your alternative other than using a different password manager with a master password (or PIN code if the app, like 1Password, allows) that is different than your iCloud or OS X account password? Writing them all down somewhere? Storing it somewhere which essentially doesn't protect your data any differently either?

I think you are missing my point.

You are correct on the way OS X operates. However the point was most people (OP for example) don't think that single password can unlock ALL your passwords, logins, credit card numbers, etc.

You are correct its not a security issue for Apple. Its a security issue for the user, because like you agreed with earlier consolidating all your passwords under a single password is an security risk in general regardless of fault. Also there is a elephant in the room with Keychain Access on OS X, without the password you can still see what websites you have passwords for, banks, credit cards, etc.. Not saying security by anonymity is the best but its something.

Two factor authentication is irrelevant because the topic is access too the passwords not whether there is security measures further down the road. That is like bringing up credit card fraud protection at this point. We all should have it but its preferable to not use it....

Alternatives? Keep in mine I was pointing out the OP's concern. I use a password manager(s). However there was a time I memorized a formula I would apply to something specific to the institution the password was for so I could figure it out with a calculator if I forgot it.

My advice for Apple Keychain is just to know that its completely accessible via iOS and OS X.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.