Macintosh Support - Keychain Management

Managing your Macintosh Keychain

What is a keychain?

The keychain in Mac OS X is Apple’s password management system.

A keychain can store all your passwords for applications, servers, and websites, or even sensitive information unrelated to your computer, such as credit card numbers or personal identification numbers (PINs) for bank accounts.

When you connect to a network server, open an email account, or access any password-protected item that is keychain-aware, your keychain can provide the password so you don't have to type it.

You start with a single keychain, which is created automatically the first time you log in to your Mac OS X user account. Your default keychain has the same password as your login password. This keychain is unlocked automatically when you log in to Mac OS X and is referred to in Keychain Access menus as the "login" keychain.


When keychain problems occur

Keychain problems occur when a user's login password does not match their keychain password.  This can be caused by using authentication methods other than the standard OS X local account system.  On campus Macs, many users log in with their UMKC Exchange account credentials.  However, when a user changes their UMKC Exchange password, keychain does not recognize the change automatically.  When the password used to log into the machine does not match the current keychain password, the keychain does not unlock for use with password management.  The user is able to log onto the machine, but applications that use the keychain system, such as Safari or Outlook, will give the user an error message stating that the application wants to use the "login" keychain.  It will ask for the keychain password.  Below is a typical keychain request for Safari.

Login keychain 

If a user clicks Cancel, the message will return again.  If a user clicks Cancel a second time, the message goes away and the application continues to open.  However, if the warning is cancelled, saved password information will not be available while using the application. 


Changing your keychain password

When a keychain mismatch occurs, the user must change their keychain password to match the password used to log on to the machine.  To correctly change your keychain password, the user will use the application Keychain Access.  Keychain Access is located in Applications\Utilities.  When you run Keychain Access, it will look similar to the following:

Keychain Access 

To change your keychain password:

  1. Select "login" under the list of keychains. 
  2. From the menu at the top of the screen, click Edit.
  3. Select Change Password for Keychain "login"...
  4. Enter the current keychain password.  Remember that the "current" keychain password is the password previously used to log into the machine, before your most recent password change.
  5. Enter your new password and verify.  The new password you enter should match the password you used to log into the machine.  For UMKC users, you should use your current UMKC Exchange password.


When Users cannot change their keychain password 

Sometimes a user will be unable to change their keychain password.  This can occur if a user forgets what their previous login password was.  Also if a keychain has become corrupt, you will not be able to change it.  In those instances, it may be necessary to manually delete and recreate your keychain. 

WARNING!  Manually deleting your keychain will effectively erase all stored passwords on the machine.  You will have to re-enter passwords that are normally provided for you automatically.  Online passwords such as logging on to websites in Safari will have to be re-entered into your new keychain. 


Manually deleting the keychain

This should only be attempted by advanced users or tech support personnel.


1. Open the hidden Library folder. To do this, click the Go menu in the Apple Finder. While the Go menu is displayed, hold down the Option(Alt) key to reveal the Library menu option. While still holding the Option(Alt) key, click Library. The Library window will appear.

2. Delete the user’s login.keychain file (or move it to a different location). This can be found in the Keychains folder, which is located in the User’s Library folder.

 Keychain Path

3. Relaunch Safari, or the afflicted app. On relaunch you will be presented with the ‘Keychain Not Found’ dialog box which states that ‘A Keychain cannot be found to store “Safari” [or other app]‘. Click ‘Reset To Defaults’.

Reset Keychain 

4. A dialog asking you to confirm the keychain reset appears. Click “Yes”.


5. Finally you will be prompted to enter the user’s login password in order to create the new keychain. Do so and click ‘OK’.

New keychain 

6. Relaunch Safari or the afflicted app. That’s it! Problem solved and no more dialog boxes.