The macOS Monterey User’s Guide to Password Manager for Keychain Access

Hidden in the Utilities folder in the Applications section of Finder, Keychain Access doesn’t immediately announce its presence. Safari stores usernames and passwords, but that interface is more of a different way of Keychain Access. Before looking for a third-party password manager online, consider the Mac’s built-in utility.

Keychain Access contains the various keys, passwords and certificates created by the system with options to edit and delete. In addition, it includes two features not found in iCloud Keychain: secure notes and a password generator.

Apple’s macOS displays a dialog box to save credentials in several places, such as Safari. Keychain Access stores this information and optionally distributes it to other devices via iCloud Keychain.

On the mac, sync is available in System Preferences > Apple ID. A box next to Keychain Access can be checked or unchecked to sync login information. Keychain Access stores other data types, including certificates, secure notes, and Wi-Fi passwords.

Keychain Access is found by typing its name in Spotlight and in the Utilities folder in the Applications section of Finder. The app manages multiple keychains, such as: iCloudlogin, system and system roots.

Keychain Access displays passwords with options for name, modification date, type, and keychain location

The app lists several keychains in the left menu and clicking on one of them will display the items in that keychain. Each list contains the item’s name, type, location, and modification date.

Wi-Fi passwords are listed as “AirPort Network Passwords” in the Type section, while app passwords are listed as “Application Passwords”. “Web Form Passwords” are usernames and passwords created through Safari.

The system automatically saves most items to Keychain Access and includes a Password Assistant that creates strong, unique passwords according to different rules.

Keychain Access has many features typical of a password manager, such as a password generator and secure notes, as well as a unique feature only available to a system like macOS.

Safari can automatically generate a unique password for websites, with an option to edit them in iOS 16. But Keychain Access works more like a traditional password manager, with password length and character configuration that includes letters, numbers, and special symbols.

To get started, open Keychain Access and click the Passwords tab. Then click on the square icon with a pencil to create a new keychain item. In the window that appears, click the key icon next to the password field. Another option is to click File > New Password Item in the menu bar or press Command-N on the keyboard.

Generate a password with Keychain Access

The Password Assistant has an option to change the password type, such as Letters & Numbers, Numbers Only, Random, and FIPS-181 Compliant. It also assesses the strength of the password against cracking, depending on the number of characters it contains.

The Random option creates passwords that contain letters, numbers, and special characters. FIPS-181 is a standard for an automated password generation algorithm that creates randomly pronounceable syllables as passwords. An example of this generated by the Password Assistant is ‘urnefloucmowshanaejthockimidelv’.

Keychain Access creates and stores secure notes, just like other apps like Apple Notes. These are made on their own, unlike the password notes that debuted in iOS 15.4.

Clicking the Secure Notes tab displays this option. Then click on the square icon with a pencil to create one. Another option is to press Shift-Command-N on the keyboard.

Manage Secure Notes with Keychain Access

These are simple plain text notes that offer no formatting or customization. Each note is composed of a title and text, nothing more. They will not sync with iCloud Keychain and will not appear on other Apple devices.

Some keychain items, such as security keys and certificates, can be imported and exported from one Mac to another. However, passwords and secure notes cannot be exported from Keychain Access.

1. Click File > Import Items in the Mac menu bar or press Shift-Command-I.
2. Locate the file of items in its location in Finder.
3. Choose the destination keychain and click Open.

1. Select the keychain items for export.
2. Click File > Export Items in the menu bar or press Shift-Command-E. If the Export Items menu is dimmed, Keychain Access cannot export at least one item.
3. Choose a location in Finder to save the file, then click the File Format menu to choose a file type.
4. Click Save and enter a password needed to import keychain items on another Mac.

Setup Assistant automatically transfers keychains to Keychain Access on a new Mac, and the keychain files in Finder can also be copied and pasted without Setup Assistant.

1. Open Finder, hold down the Option key and click Go > Library in the menu bar.
2. In the Keychains folder, locate the appropriate files, usually ending with .keychain-db. Do not transfer encrypted folders with file names containing a number of numbers.
3. Press Command-C and Command-V to copy and paste the files to an external storage device.

Creating passwords and secure notes and importing/exporting items are all essential functions of Keychain Access. The app also has an advanced feature called Certificate Assistant.

Keychain Access creates self-signed certificates, certificate authorities (CA), requests a certificate from an existing CA, and reviews/evaluates certificates.

A certificate authority is an entity that manages digital certificates, a document that validates cryptographic public keys associated with another entity. These entities can be email addresses, websites, companies and individuals.

Managing Certificates with Keychain Access

Once the app is open, click Keychain Access in the menu bar, then select Certificate Assistant. Each option has on-screen instructions. For example, creating a CA includes choosing a name, selecting the identity type, choosing a user certificate, and emailing from the user’s email address.

These features make Keychain Access a strong competitor to third-party password managers. Plus, it’s easy to use and best of all, it’s free and already built into macOS.