Tag Archives: Keychain

How to certify and encrypt your e-mail in OS X

CertificateIconXEven though we have modern messaging technologies like Apple’s Messages that default to encrypted communications, we still primarily use e-mail, even for sensitive business transactions. If you have several partners that you would like to communicate privately with, then while you can resort to an encrypted collaboration platform, you can also do so via classic e-mail, with only a few steps taken for each person. Continue reading

How to manage lost passwords in OS X

SecurityIconXThere are several ways to lock down your Mac, in order to prevent third-parties from either accessing your data, or using your system for purposes you do not intend. Since your Mac consists of several layers of hardware and software, each can be secured with a password; however, there are times when you may have forgotten your password. In these instances, you will likely be locked out; however, in most cases you should be able to recover your system. Continue reading

Fix persistent invalid certificate errors in OS X

CertificateIconXWhen connecting to various online services, your Mac will use certificates to validate a connection. If a certificate being used for a connection is expired or invalid, then OS X will notify you of this when attempting to use it, and offer you the choice of continuing with the connection, inspecting the certificate, or canceling the connection. Such warnings are convenient for detecting an invalid connection, such as one that might be malicious, so if they happen then consider looking into them; however, there may be times when practically every connection you attempt gives you a certificate warning. Continue reading

Can’t remember passwords? Here are two ways to reveal them.

KeychainAccessIconXIf you’re browsing the Web and need to either create a new account or log into an existing one, then you will likely need to enter your password. To help with this, OS X will prompt you to store your password in the OS X keychain, which will encrypt and assign the password to the site you have just accessed. This is similarly applied to programs you may use, such as e-mail clients, which will attempt to access secured resources like your e-mail accounts or social media pages. However, the convenience this provides may result in your inability to remember your passwords, even for sites you regularly frequent. Continue reading

Manage OS X always asking to use your keychain passwords

KeychainAccessIconXThe keychain in OS X should run seamlessly in the background to store and retrieve passwords for the various services you use. At most it should ask you for a password once or twice when you initially access a service, but there may be times when you regularly see messages pop up on your Mac that indicate a certain program or service is trying to access your keychain. When this happens, a dialogue box will appear with the words “PROGRAM_NAME wants to use the ‘login’ keychain’ with an option to supply your password and confirm or deny the request. Continue reading

Apple Keychain ‘completely cracked’ by security researchers, but are you vulnerable?

BurnIconXResearchers at the Georgia Institute of Technology have revealed findings that show Apple’s Keychain password service is vulnerable to malware that can steal passwords from other apps on the system and gain access to services and devices that you use with your Mac.

The Keychain stores passwords in an encrypted format, so while direct access to them is exceptionally difficult, OS X supports services that allow apps to authenticate and then have access to the passwords. Continue reading

Protect your Mac from a password-revealing security flaw

KeychainAccessIconXA security issue exists in OS X where if you are logged into your Mac, any individual may sit down at your system and gain access to the passwords in your keychain.

When you save passwords to your keychain in OS X, your Mac will automatically allow access to them for specific services, such as Mail for logging into your e-mail accounts. However, other services that access them will be required to authenticate before they have access to the password, especially those that will reveal your password in plain text. Continue reading