Having your social media accounts impersonated is the last thing you want: your profile information is a goldmine for cyber criminals because it is exactly the kind of data that they are looking for to personalize their phishing scams. For this reason Keychain Access, a security feature of macOS built to streamline the workflow of Mac users, becomes a security threat on shared computers, and as such it is highly recommended that system administrators disable it.
The Role of Keychain Access on a Mac
Keychain Access is the built-in password manager for macOS. It stores passwords and account information, and retrieves it on demand. Keychain Access has a locked, encrypted container called “keychain” where the account names and passwords for apps, servers, and online accounts are stored. The function is also used to store any credit card numbers, bank account PINs, and secure notes that have been used online. Users can turn to Keychain Access to manage certificates issued by trusted organizations to validate websites, documents, or other web-based materials.
AutoFill is turned on by default in Safari, so every time you visit a website you’ll see a prompt from Keychain Access to save the password to your keychain. If you happen to own multiple Apple devices, iCloud Keychain can be used to keep all your Safari website usernames and passwords, credit card information, and Wi-Fi network information up-to-date across all devices.
Why Disable Keychain?
Removing the burden of remembering passwords is neat, but not always the best idea on shared Macs simply because other users with access to the same computer can ultimately log into your accounts without your permission.
As a result, it is recommended that users disable Keychain Access to avoid such uncomfortable situations and force users to either remember their own passwords or use a password manager to fill that gap.
In this scenario, a password manager is the best option because this way only the rightful user can access a specific account due to the security measures incorporated in this sort of service. The master password protects all saved passwords for that use and, in theory, that password is only known by the user who created it. Furthermore, password managers don’t lock the user into the Apple ecosystem as is the case with Keychain Access, but instead provide apps for all major platforms, which allows a greater freedom of platform choice.
How to Disable Keychain
To prevent automatic storage of web-based account logins you can disable the AutoFill feature in Safari as a first step.
- Launch Safari and press the Command + , keys to open the Preferences pane.
- Click on the AutoFill tab and uncheck “Using names and passwords”, “Credit cards”, “Using info from my contacts” and “Other forms”.
In Safari 11 Apple also gives you the option to prevent AutoFill in the Passwords tab.
- In Safari’s Preferences menu, click on the Passwords tab and authenticate with the user account password to view all saved usernames and passwords.
- Uncheck the “AutoFill user names and passwords”.
Repeat these steps with all your web browsers to prevent them from prompting with the option to save usernames and passwords.
- Click on the Firefox menu in the toolbar to launch Preferences.
- Uncheck the “Remember logins for sites” and “Use a master password”.
- Click on the Chrome menu in the toolbar and select Preferences.
- Click “Advanced” at the bottom screen.
- Under the “Passwords and forms” option, uncheck “Enable Autofill to fill out forms in a single click” and “Offer to save your web passwords”.
Remove All Saved Logins in Keychain Access
You can take a final step to prevent any accidental login by removing the existing “Login” keychain in Keychain Access.
- Launch the Keychain Access app.
- Select the “login” item located in the “Keychains” section.
- From the File menu, select “Delete Keychain ‘login’” or press the Command + Option + Delete keys.
This will remove all web account passwords, application passwords and all items stored in this keychain, letting you rest easy knowing that no one other than the rightful user will gain access to any online account on that Mac.
Best Mac Optimization Software of 2018