iCloud Keychain is a handy feature for Apple users that provides a secure and convenient way to manage passwords and other sensitive information. With iCloud Keychain, you can securely store your login credentials, credit card information, Wi-Fi passwords, and other important data on your Apple devices.

At its core, iCloud Keychain champions data security. It ensures data security with end-to-end encryption, allowing only trusted devices linked to your iCloud account to access the information. Moreover, iCloud Keychain bolsters security with biometric authentication methods like Touch ID or Face ID.

Overall, iCloud Keychain is a potent tool that makes it easy to manage your passwords and other sensitive information securely across all your Apple devices. If you're not already using it, you should consider turning it on to take advantage of its many benefits.

The benefits of using iCloud Keychain

Apple has made significant strides in enhancing its password management capabilities with the introduction of new features in iOS 15, macOS Monterey, and beyond. In the past, iCloud Keychain was a somewhat passive password manager that would occasionally pop up unexpectedly to suggest strong passwords or autofill information, leaving users confused. However, with the latest updates, iCloud Keychain has become more proactive and now scans for potential password breaches, alerts users to repeated passwords, and even enables two-factor authentication (2FA).

Turn on iCloud Keychain on your iPhone, iPad or iPod touch

Tap Settings, tap [your name] and then choose iCloud Tap Passwords and Keychain Turn on iCloud Keychain.

Turn on iCloud Keychain on your Mac

Choose Apple menu  System Settings (or System Preferences) Click your name, then click iCloud Turn on Password & Keychain.

A Shortcut to access Passwords in a quick way

Using a password manager is essential in today's digital age. With so many accounts to keep track of, it's easy to fall into the trap of using the same password across multiple accounts or using weak passwords that are easy to guess. Apple has made it easy for users to manage their passwords by providing a built-in password manager that syncs across all Apple devices.

Access passwords with a Shortcut

To access the password manager on your Apple device, go to Settings (iOS) or System Preferences (macOS) and locate the Passwords option. However, revisiting this location each time can be time-consuming.

To streamline the process and easily access your passwords, use the Passwords shortcut. For iOS and iPadOS users, it's a single tap from the home screen, while macOS users can find it in the menu bar. Make sure you have the Apple Shortcuts app installed, and then download the Passwords Shortcut or follow the provided instructions to download and run the script. This script retrieves the shortcut and configures your terminal environment for Touch ID, simplifying your authentication process.

Manage passwords in the terminal

Macs have a fingerprint scanner (Touch ID) to simplify the login process. iCloud Keychain works best when you leverage Apple’s biometric system to make filling passwords quick and easy. Then you won’t need to type your Apple ID password or passcode whenever you need to fill in a field, but this is not activated by default in the terminal, which means that when you run programs with security privileges, you need to type the password.

You can either manually set up Touch ID in your terminal by following the provided steps, or use the script for an automated process:

• Manual Setup
• Automated Script

Note: Modifying PAM (Pluggable Authentication Module) configurations requires careful consideration due to its sensitive nature. It's imperative to fully comprehend each step and command involved in this process. Before making any changes, it is crucial to have up-to-date backups of your system to ensure safety and security. Proceed with caution and informed understanding.

Manual Configuration of Touch ID

Before macOS Sonoma (Pre-macOS 14)

1. Open Terminal: Start by launching the Terminal application on your Mac.

2. Edit Configuration: Open the /etc/pam.d/sudo file in a text editor. For example, using nano, enter:

   sudo nano /etc/pam.d/sudo

3. Integrate Touch ID: At the top of the file, add the following line:

   auth       sufficient     pam_tid.so

4. Save Changes: After adding the line, save your changes and exit the text editor.

Following these steps enables Touch ID authentication for the sudo command in Terminal, allowing fingerprint verification instead of a password prompt.

macOS Sonoma (macOS 14) and Later

macOS Sonoma introduced /etc/pam.d/sudo_local, a new file to maintain Touch ID configurations for sudo across system updates. Here's the setup process:

1. Check for the template: macOS Sonoma includes a sudo_local.template file. Ensure its existence with:

   ls /etc/pam.d/sudo_local.template

2. Create File: If the sudo_local.template exists, copy it to create sudo_local:

   sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local

3. Edit sudo_local configuration: Open sudo_local in a text editor, for example:

   sudo nano /etc/pam.d/sudo_local

4. Uncomment Touch ID rule: Uncomment the Touch ID rule by removing the `#`` at the beginning of the line:

   #auth       sufficient     pam_tid.so

   to:

   auth       sufficient     pam_tid.so

5. Save and Test: After editing, save the changes, close the editor, and test the new configuration by using the sudo command in Terminal.

These steps enable Touch ID authentication for sudo commands on macOS Sonoma and later versions. For automated setup, consider using a script as outlined below.

Automated Configuration of Touch ID

Keyave is a script designed to automate the setup of Touch ID authentication for terminal operations on Mac, replacing the need for password entry. Choose from two methods for installation:

Automatic Download via curl: Simply execute the following command in your terminal to quickly download and seamlessly install the utility:

zsh -c "$(curl -fsSL https://raw.githubusercontent.com/nicolodiamante/keyave/HEAD/bootstrap.zsh)"

Manual Cloning: For those who prefer a hands-on approach, you can manually clone the repository to your desired location (~/keyave in this case):

git clone https://github.com/nicolodiamante/keyave.git ~/keyave

Post-Download Steps

Directory Navigation & Script Execution: Navigate to the root directory of the repository, and then execute the installation script using the following command:

source utils/install.zsh

The script first determines the macOS version on your Mac. For macOS Sonoma (version 14) and later, it modifies the sudo_local file to enable Touch ID authentication for sudo commands. This is achieved by copying a template file and adjusting its settings to incorporate Touch ID support. If the system is running an earlier version of macOS, the script instead modifies the sudo file directly to enable Touch ID, adding the necessary configuration at the top of the file. In both scenarios, a backup of the original file is created for safety. The script is tailored to enhance security on Mac models with Touch ID capability.

Final Thoughts

Apple's iCloud Keychain is a user-friendly password management solution seamlessly integrated into the macOS ecosystem. It's ideal for casual users and families looking for simplicity. Besides password storage, it securely handles credit card data and syncs across Apple devices. With end-to-end encryption and biometric authentication, it's cost-effective and proactive against password breaches. Recent updates enable third-party app integration. iCloud Keychain combines ease of use, strong security, and broad functionality, making it a standout password manager choice.

Notes

Easy access to the Shortcut using Spotlight

To access the Shortcut using Spotlight, follow these steps:

Open the Shortcuts app on your Mac Open Passwords Click on the File menu in the top-left corner of the screen Click on Add to Dock from the dropdown menu.

Once you add the Shortcut to your Dock, it becomes readily accessible. You can also use Spotlight to open it by simply typing the Shortcut's name. After adding it to Spotlight, you have the option to remove the Shortcut from the Dock if you prefer. This method offers a quick and convenient way to access your password manager, ensuring efficient management of your passwords.

How to set Touch ID in iTerm

In Apple's default terminal it works like a charm, but in iTerm2 it needs additional configuration.

Go to Prefs Advanced Allow sessions to survive logging out and back in Set the value to no Restart iTerm.

Access your iCloud passwords with Chrome on Windows

iCloud may be Apple’s thing, but you can still get your passwords even if you have an iPhone and a PC. You’ll need to download iCloud for Windows first and ensure it’s updated to the latest version. Then you’ll need to grab the iCloud Passwords extension in the Chrome store and sign in to turn on both. Once you enter your verification code, you can grab passwords from your iCloud Keychain when visiting a site in Chrome on your PC, just as if you were using Safari on your Mac.

Resources

• Set up iCloud Keychain
• iCloud data security overview
• Two-factor authentication for Apple ID
• How to find saved passwords and passkeys on your Mac
• How to find saved passwords and passkeys on your iPhone
• Use Touch ID on Mac
• Shortcuts User Guide

Contribution

Any suggestions or feedback you may have for improvement are welcome. If you encounter any issues or bugs, please report them to the issues page.