I’ve been using OS X for several years now. I started with Tiger (older versions if you count college lab computers) and I’ve followed through the various upgrades up to Snow Leopard. I’ll probably upgrade to Lion when it’s available.
I try to learn as much as I can (and remember) about the various systems that I use. However, much of what I learn is from going “down the rabbit hole” in the sense that the majority of my knowledge is based on what my goals were and then exploring a little more than necessary.
For example, I don’t have advanced knowledge of MS Excel or Unix. I can use either to a limited degree but to complete advanced tasks I must research additional topics. It’s not necessarily a weakness – I’ve learned much by not being afraid to learn and I think I’m good at figuring out how to do something that I’ve never done before. But I don’t have a strong drive to learn skills that I think I’ll never use. That doesn’t really mean that I never learn anything outside of what I’m already using. It’s just a simplification to explain why I don’t always delve into every aspect of applications or operating systems.
Only this year did I become aware of, and understand, OS X’s Keychain Access. Sure, I’ve seen the option to save a password a million times but I rarely use it. Instead, I prefer to know the password or store it in a third-party, encrypted password database.
My most recent exposure to Keychain Access was during an attempt to help a family member with a wireless connectivity problem. Only this week did I fully understand the potential security risk that Keychain Access poses to Mac users.
Keychain Access serves as a built-in password database for OS X. It’s really more than that but for most users that may be the best description. Every time you connect to a network share, open an encrypted disk image, or connect to a secure wireless network you have the option to save the credentials. When they’re saved they are stored in Keychain Access.
OS X isn’t the only OS to store passwords. It’s probably not even the only one to store them in this manner. But what concerns me is how easy it is to get to the information with the user’s system account.
I suppose I’m a bit old fashioned in this respect. I’m accustomed to thinking of passwords as being stored in different ways by individual programs, something that was much more common in previous versions of Windows (I don’t know enough about Windows 7 to state how it stores credentials).
I could go on and on but here’s where I think Keychain Access is flawed. The user can access any credential that was stored under that account. For example, if your technology department doesn’t share the wireless password and they enter it for you, then you have the ability to go into Keychain Access and view the password unmasked, using your own credentials.
This is valid for more than just wifi passwords. The same holds true for anyone else that might gain access to the computer with the correct user credentials.
My only suggestion is perhaps for Apple to add another checkbox to have certain credentials stored in a manner that makes them unrecoverable. The system could remember and use the passwords but the user, even an administrator user, could never view the unmasked password. Obviously, the passwords would still be stored in some format on disk and could potentially be read from active RAM, but those carry considerably less risk of exposure than the current method.
Perhaps there’s a method to better secure these entries, but I haven’t come across it yet.
Apple did do something very good here. According to support documentation resetting the user account password from the install disc will not reset Keychain Access. This means that someone changing the account password from disc would still need the previous password to access the existing Keychain Access records.