iCloud’s new Keychain service remembers more than it can manage

Along with all of the OS X Mavericks 10.9 and iOS 7.0.3 updates that came out earlier this week, iCloud Keychain support was also introduced. Prior to iCloud Keychain, each Apple device would individually give you the opportunity to remember your various account’s user names and passwords. This new iCloud service will allow you to sync all of your user names and passwords across all of your approved iOS and OS X devices. That way when you update or add a new user name and password to one of your devices, all the rest of your devices get the same update.

Here’s how it works

Setting up iCloud Keychain on your device

To start the setup process, you need to turn on the Keychain Service for the iCloud account you use on each device. On iOS this is done from the iCloud section of the Settings app and on OS X this is done from the iCloud section of the Systems Preferences app. The setup process then requires that each of your devices do a sort of hand shake with one another. Each new device you set up needs to be “approved” by one of the other devices that is already sharing access to your Keychain.

iCloud Keychain Approval Process

There are two ways to approve a new device. The first is to send an approval notification request to one of your other devices. Once you receive the notification on the second device, you can approve the new device that sent the request by entering your iCloud account password.

The alternative is to use your iCloud Security Code to approve your new device directly. You will establish your iCloud Security Code the first time you enable iCloud Keychain on the very first device that uses iCloud Keychain. It is basically a four digit PIN that is used to approve new devices. Be careful when using this security code, enter the wrong code too many times and your Keychain will be deleted.

Adding a new user name and password

The process is pretty much the same on both iOS and OS X when using Safari to access a secure site online. Each new secure web site you log on to will prompt you to remember the ID and password for that site. You can elect to remember the user name and password for that site, never remember, or ask at a later time. As soon as your user name and password is set, it is shared with all of the other devices that have been approved to share your iCloud Keychain.

Keychain Password Suggestion

When you create an account on a web site for the first time, you will be given a chance to have Keychain recommend a strong password for you to use. This will certainly help out individuals that up until now have been using simple easy to remember passwords. While this does tend to lead to a set it once and forget it mentality, you can still access the list or user names and passwords that have already been saved.

Accessing existing user names and passwords

On iOS, you can access the web-based user names and passwords used by Safari from within the Settings app. Under the Passwords & AutoFill section of the Safari settings, you will now see a Saved Passwords item. This is where you can review the list of user names and passwords that have been saved to your Keychain. Selecting any one of the accounts will reveal the Website Address, User Name and Password for the account. You can even tap and hold to copy any of the stored information to the clipboard. This is the only way you can access your saved passwords for use in third-party apps that do not already support the Keychain API. For instance, if you want to use your LinkedIn password in the native iOS LinkedIn app.

Accessing Keychain Password Information

On OS X you can also access the same account information from the Passwords tab in Safari’s Preferences. In addition to Safari, you can also review all of the accounts stored in your iCloud Keychain by using the Keychain utility app on OS X.

Not the most user-friendly of OS X apps, the Keychain utility has been around for a long time. With it you can search, import, export and even delete accounts from your Keychain. The thing to keep in mind is that it was originally designed for Keychain maintenance, not user account password management.

More than just user names and passwords

In addition to user names and passwords, Keychain will also remember and sync your credit card information to all of your devices. As a sort of alternate to what one may expect from the Passbook app, you can enter your credit card information for use by Safari when making purchases online.

Keychain Credit Card Information

Another interesting feature of the new iCloud Keychain feature is that it will also remember your Wi-Fi access point security information. This helps keep you connected to your Wi-Fi access points from all of your devices by eliminating the need to re-enter the same access point information over and over again.

More than just websites too

The list of user names and passwords is not restricted to just websites accessed by Safari. Developers can integrate iCloud Keychain support into their apps, which will allow your device to store and share all of your apps user names and passwords. Until such support is more widely adopted, using your iCloud Keychain to manage the user names and passwords for your native apps will be a cumbersome experience. Having to navigate down several levels deep into the Settings app is quite a task. And there is currently no way on iOS to enter new user names and passwords directly.

Lack of management and customization is a feature

The other missing feature that iCloud Keychain lacks when compared to traditional password managers is the ability to customize your account information by entering additional fields. You will also not find any way of categorizing or tagging your accounts to help find them faster. The whole idea is that you should not need to know that you have a user name and password in the first place.

So before I abandon a fully featured password management app like mSevenSoftware’s mSecure or AgileBits’ 1Password, iClloud Keychain will need to create its own app for proper management of my secure information. I like to also keep track of combination locks, bank accounts, and other information that is not necessarily used to log into an online service. iCloud Keychain is not suited for such a task.

However, as this service begins to catch on and is adopted by more and more apps, I may stop managing my online login credentials in my favorite password management app, for that is the one thing that iCloud Keychain does very well indeed.

Featured image courtesy Shutterstock user alexmillos.