Apple’s Keychain Access application makes it easy to stay on top of your passwords for different sites and applications, but it isn’t as intuitive as some other Mac tools.
First, it’s usually kept out of the way, so you’ll likely only interact with it when you need to autofill login credentials on a website or app. You can also open the Keychain Access tool to look up specific passwords, but that usually isn’t necessary if you’re simply trying to access your account.
With that in mind, it’s common for Mac users to have little to no experience with the Keychain Access app. Fortunately, your Keychain password is tied to your local account password by default. That said, it can be changed at any time, making it easy to forget if you don’t have a separate password manager.
In this article, we take a look at what your Keychain password is used for, where you can find it, and how to quickly recover or change it in Mac OS Catalina (10.15.6). Make sure to check out the best password managers if you need help keeping track of your passwords.
What is Keychain?
As mentioned, Keychain is the Mac tool for managing your passwords. When you create an account or log into an existing one on a website, it will automatically ask if you want to store that information for future use.
Keychain can also be used for certificates, encryption keys, and secure notes. While your Mac can keep track of credit card information, those settings are managed separately from either Apple Pay or Safari preferences.
Since Keychain generally runs in the background by storing and filling passwords as needed, it’s easy to miss that the application exists. Keychain Access is designed to give you convenient access to all the information that’s stored in your Keychain. You can open the app by typing its name into Spotlight or finding it in the Finder Applications folder.
How does Keychain Access work?
When you open Keychain Access, you’ll see a list of all the data points that you’ve stored through Keychain. The left side of the application allows you to look at different Keychains.
Your specific Keychains may vary depending on your usage. Our app shows four: Login (most online accounts linked to the device), iCloud (credentials stored in the cloud), System (Wi-Fi passwords, certificates, and keys), and System Roots (exclusively certificates).
You can double-click on an entry in Keychain Access to view more information or look at a specific password. You’ll need to authenticate the request using the password associated with the corresponding Keychain. For example, we were shown the dialogue box below after trying to view a password in the Login Keychain.
As long as you have the password on hand, you can easily configure Keychain Access to allow every request on a particular Keychain. That gives you convenient access to all your login credentials, but you should never select this option if anyone else has access to your device.
How do I change my Keychain password in System Preferences?
Apple automatically applies the password that you use to log into your local account as the default Keychain password. Keep in mind that this is separate from your Apple ID or iCloud information, which is used to log into a single account across multiple devices.
Furthermore, your Keychain password will automatically be updated whenever you change your local account password. In short, you shouldn’t have any trouble accessing your Keychains as long as you remember your account password on the device you’re using.
You can change your Keychain password simply by changing your local password. In the System Preferences application, navigate to Users and Groups, select your account, and then click Change Password. From there, enter your old password, type in your new password twice to confirm, and add a password hint if necessary. This change will be reflected the next time that you request to view a password in the Keychain Access application.
How do I change my Keychain password in Keychain Access?
You can also change your Keychain passwords separately from within Keychain Access. Even though changing your local password will also affect your Keychain password, this doesn’t work the other way around. Basically, you can create a new password for particular Keychains without impacting passwords for other Keychains, your Apple ID, or your local account.
To change a Keychain password directly, open Keychain Access and navigate to the target Keychain. From there, click Edit in the menu bar at the top of the screen and select Change Password for Keychain “____.”
Unfortunately, the option to change passwords for particular Keychains is currently restricted for default Keychains like Login and iCloud. These are created by the operating system and linked directly to your account, so the easiest way to change their passwords is generally to create a new account password in System Preferences under Users and Groups. You could also opt to entirely reset your default Keychains from Keychain Access preferences, but that will remove every existing entry in your current Keychains.
Another way around this restriction involves creating a new Keychain, making the new one default in place of your current defaults, and then changing the password on the original Keychain before switching it back to default.
Keychain seems like a relatively simple way to track your passwords, but Apple’s convoluted password system can be confusing to new users. In general, we recommend simply changing your local account password if you need a new Keychain password.
That said, temporarily changing your default Keychains is an easy way to achieve a similar result. This is also the better option if you want to change your Keychain password while keeping your current Mac login credentials.