Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create a 'password safe' for online passwords' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create a 'password safe' for online passwords
Authored by: alblue on Dec 05, '05 03:01:20PM

Like pretty much everyone else here, I recommend using the Keychain app to manage passwords.

What perhaps often goes unnoticed in Keychain is that you don't just have to have one Keychain. There's one by default (called login.keychain) and/or your username (e.g. Administrator.keychain). If that keychain is there when you log in, and the same password is used to secure it as your login password, then it's unlocked automatically.

However, you can have multiple keychains; if necessary, each with their own password. My banking keychain is different from my login one so that even if someone sits down at my machine and posts as me to macosxhints.com, they can't get at my banking details.

Also, keychains can be set to lock after inactivity (although whether that's inactivity in using the keychain or inactivity of using the computer isn't clear) and when the computer goes to sleep. Great if you want to have some uber-secure keychains whilst not having it bug you for your GMail password every time you wake from sleep.

Lastly, if you want to sync different machines but have a separate stash for each, why not have two keychains? One can be a 'master' for your laptop (say, laptop.keychain) and the other can be a 'master' for your desktop (say, desktop.keychain). Then just set up an Automater job to copy one to the other...



[ Reply to This | # ]
The importance of segregation
Authored by: macubergeek on Feb 01, '06 03:00:45AM

Here's the thing. If you use your personal mac on the job, you probably don't want to mix your employer's usernames and passwords to things like routers in with your other stuff.

One idea I've had is to create a logon.command file which is a double clickable expect script which would log me onto remote hosts. like so:

#!/usr/bin/expect --
spawn ssh username@remote_host.com
expect "password"
send "my_password\r"
interact

This will store my password on an encrypted disk, which isn't mixed in with my other personal passwords...I can move the *.img file around on a thumb drive, and it will log me in and give me a shell to the remote host too.

The problem with the keychain is that if you lose control of your logon password you lose everything else stored in the keychain too.



[ Reply to This | # ]