How to use iCloud Keychain

Using iCloud Keychain

Passwords, bank card numbers, email account settings… living in the modern world requires us to memorise more obscure information than ever before. No wonder so many of us pick a single, easy-to-remember password and use it across every service, from webmail to stores to online banks.

While that might make life easier for us, it certainly doesn't make it secure, as a breach of any one of those systems leaves every site you ever sign in to – as well as your Mac – potentially vulnerable.

Fortunately, iCloud Keychain can help. This feature, which is built in to OS X and iOS, syncs your account credentials between each of your Apple devices, so you can set obscure, less memorable passwords that are unique to every website you use, and then forget about having to remember them yourself.

Safari is even able to fill in the details on your behalf. iCloud Keychain can even store your bank card details and the credentials for your email accounts and Wi-Fi networks, making those available on all your devices, too. Turning it on automatically moves details you've already saved to your Mac or iOS device to iCloud, and any new additions or amendments you make are added to the online keychain over time.

All in sync

Your details are encrypted before being passed through Apple's data centre on their journey between your devices, so even if they're intercepted in transit they should be uncrackable. How can we be so sure?

Because Apple's opted for the strongest variant of the same cypher used by the US government for secure communications (called 256-bit AES encryption), and further scrambles the data in transit using a complex piece of algebra, based not on numbers but on imaginary points located on a theoretical shape – an elliptic curve – drawn within an infinite space!

As a final level of protection, iCloud only shares your synced keychain with Apple devices that you've explicitly authorised to access the keychain's contents – so-called trusted devices – and it doesn't store the security code from the back of your bank card, effectively building in a firebreak against anyone making unauthorised purchases.

Once you've set up iCloud Keychain, you can largely forget about it, provided you keep three essential elements secure: your password, your trusted devices, and the Recovery Key for your iCloud account.

The latter of these is used to reset your account's password if you forget it after setting up two-step verification, in which Apple will send a passcode to your iPhone that you'll need to enter at the Apple ID website to prove that you have that particular trusted device.

Losing any two of these three parts of the system at once will lock you out of your account – perhaps permanently! If you can't memorise your password and Recovery Key, consider storing them in a fireproof safe along with any important legal documents, passports and so on, that you need to protect.

1. Turn on iCloud Keychain

OS X will have asked if you want to set up iCloud Keychain during initial setup of your Mac. If you said no, open the iCloud pane in System Preferences and select Keychain.

Enter your Apple ID's password when you're prompted for it.

2. Add a security code

You'll be asked to set a security code, which is used to authorise other devices to access the information in your iCloud Keychain.

Entering it wrong too many times will wipe your keychain from Apple's servers, so be wary of that!

3. Where's your data?

Your existing data (site accounts, Wi-Fi networks, and internet accounts) is copied to iCloud and, from there, to other devices using the same iCloud account.

Manage it in the Keychain Access app, or under Passwords in Safari's preferences.

4. Keep Keychain local

If you opt not to set a security code, data you add to your keychain is stored on your device, and it's updated on your other devices, but it isn't stored in iCloud.

Beware that this prevents Apple helping you recover the keychain's contents.

5. Add bank card details

Safari offers to save credit and debit card numbers when they're entered into online forms. They're then stored in your iCloud Keychain, too.

To add others, open Safari's preferences, click AutoFill, then Edit beside Credit Cards, and then Add.

6. Set up Keychain on iOS

Go to Settings > iCloud > Keychain and tap the switch to turn it on. Enter your Apple ID password when prompted, then opt to authorise from another device (so, your authorised Mac), or tap Approve with Security Code.

7. Permit the new device

If you opted to authorise from another device, notifications will pop up on those you've already authorised – click or tap one.

Next, click Continue and enter your Apple ID's password to grant the iOS device access to your keychain.

8. Maintain security code

If you opted to use a security code, confirm the phone number Apple has on its records of you, then watch for a text message containing a six-digit code.

Enter this code into the dialog on the iOS device to complete the process.

9. Remove your Keychain

To clear your keychain data from iCloud, go to System Preferences' iCloud pane, click Options next to Keychain, then clear the box next to 'Allow approving with security code'.

Finally, on each of your devices, turn off iCloud Keychain.

• Enjoyed this article? Get more tutorials, guides, and tips on how to get the most from your Apple devices inside MacFormat. Take advantage of an exclusive offer in our sampler today.