Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Not true! | 8 comments | Create New Account
Click here to return to the 'Not true!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Not true!
Authored by: mingking on Mar 20, '03 01:26:38PM

It is NOT true that once you open your Keychain Access application you then automatically can see all your passwords. Each entry has an Access Control setting that says which applications can access the password. By default, the Keychain Access application itself does not have access to the passwords. If you select 'show passphrase' it will normally then ask you for the password at that time and ask you what policy you want to assign for the Keychain Access application. If you choose 'Allow Always' that means the Keychain Access application Always has access to that password without prompting. That is where the problem lies. You normally want e.g. the Mail application to have 'Always' access, which happens in a way that is not visible to anyone, but you DON'T normally want the Keychain Access application to have Always access to the password. In fact, I don't see any reason for an option like that at all. Why would you ever want to Always let one application display all of your passwords in plain text?

Security should be conservative by default. It should be very clear what the implications are of assigning a policy of Always for each application. Like I said, for e.g. Mail, that is what you want, but NOT for an application like Keychain Access.

Note this is not a problem soley with .Mac access. As noted in another post here, this could be a problem for any password entry, including those to ftp servers, bank accounts, encrypted files etc. I went through my keychain entries and found a half dozen that were set for Always access to the Keychain Access application. That is not what I ever intended. This should be tightened up.



[ Reply to This | # ]