Security

What is iCloud Keychain, and is Apple’s password manager safe?

Mark O'Neill

Sep 27, 20248 min read

What is iCloud Keychain, and is Apple’s password manager safe? Header image

Apple has called its iCloud password manager “Keychain” since the early days of macOS (previously known as Mac OS X). In 2013, Keychain was renamed iCloud Keychain, and now, in 2024, with the introduction of iOS 18, it is being rebranded to iCloud Passwords & Keychain.

But what exactly is iCloud Passwords & Keychain? How does it work? Where can you find it, and is it safe to use?

What is iCloud Keychain?

iCloud Keychain, now known as iCloud Passwords & Keychain, is an encrypted password manager that can be synced to other iOS and macOS devices via an iCloud account. It can save your website login details and autofill the login fields for you.

With the latest 2024 version, the passwords are presented in an app with a clean, user-friendly interface.

Is iCloud Keychain safe?

Entrusting all of your usernames and passwords to an app is obviously a major gesture of trust on the part of the user. That’s why you are perfectly justified in wondering if Keychain is safe.

Fortunately, the answer is yes. iCloud Keychain is safe because:

  • There is end-to-end encryption, making it very difficult for someone to break into the app.
  • You can enable FaceID to open the app.
  • Apple is constantly updating and strengthening its security protocols to ensure that there are no vulnerabilities.

That said, the security of Keychain can be compromised by:

  • Not enabling 2-factor authentication on your iOS or macOS devices
  • Not adding a PIN code or FaceID
  • Not installing security patches and OS updates

In other words, iCloud Keychain is itself secure, but it is only as secure as your device. All the encryption in the world isn’t going to matter if a bad actor gains physical access to your device.

Can someone hack my iCloud Keychain?

A dark photo of a man using a laptop.

While it is possible that someone could hack your iCloud Keychain, it would be extremely difficult and would require a lot of work and technical knowledge. It wouldn’t be something that would be done in a few minutes (unless you failed to add a PIN code or 2-factor authentication to your device).

Here’s how your iCloud Keychain could theoretically be hacked:

  • A malware-infected device could potentially damage the security of your Keychain. This could involve a phishing email enticing you to click a link or malware directly added to the device by someone with physical access.
  • A hacker could mount a brute force attack to figure out your device’s login password or PIN code. However, Apple has security protocols in place that will shut down devices after 10 failed password attempts. So, this threat is rather minimal — unless your password is so weak that it can be guessed in under 10 attempts.
  • If your device has a security vulnerability (for example, due to an uninstalled update), a hacker could take advantage of that. This is why you must always install new updates as soon as possible.

How iCloud Keychain works

We won’t get into the technical nitty-gritty of how iCloud Keychain works, but we can give you an overview of how it functions when you browse the internet.

A screenshot of the Facebook login page with iCloud Keychain autofilling login credentials.
Facebook is a trademark of Meta Platforms, Inc.

When you enter a new username and password on a website, Keychain offers to save the details for you. If you give Keychain permission to do so, the details are saved in your encrypted Keychain database. These details are then synced to your other devices via iCloud.

The next time you visit that website, Keychain will offer to autofill the username and password fields for you. You can accept or refuse. If you refuse, you will have to enter the details manually.

How to set up iCloud Keychain

When buying a new iOS or macOS device or setting up a new iCloud account, you will have to enable the Keychain feature on that account and device. It’s a simple 10-second process.

How to set up iCloud Keychain on iOS

A screenshot of the iCloud page within Apple Account settings.
A screenshot of the iCloud Passwords & Keychain settings with the option to Sync this iPhone.
iCloud is a trademark of Apple Inc.
  • Go to Settings > [Your Name] > iCloud.
  • Tap Passwords.
  • Turn on Sync this [Device].

How to set up iCloud Keychain on macOS

A screenshot of the iCloud settings showing iCloud+ features.
iCloud is a trademark of Apple Inc.
  • Go to Apple menu > System Settings > [Your Name] > iCloud.
  • Click Passwords.
  • Click Sync this Mac.

How can I access iCloud Keychain on different devices?

As of iOS 18, iCloud Keychain can be accessed only by the new standalone, free Passwords app. It will be installed for you automatically when you install iOS 18 or macOS Sequoia.

If you delete the Passwords app on iPhone for any reason, you can easily reinstall it from the iOS store. The macOS version cannot be deleted.

How to find iCloud Keychain access on an iPhone

So, how do you access Keychain on iPhone or iPad? Simply go to your App Library. The Passwords app will be under P. You can also swipe down on your screen and use the Search box.

Make sure Keychain is enabled on your device by going to the Passwords setting in iCloud, as explained above.

How to find iCloud Keychain on a Mac

Finding the Passwords app on a Mac is just as easy. Go into Finder > Applications, and Passwords will be right there waiting for you.

Again, ensure you have gone into your iCloud settings on your Mac to enable the Keychain sync feature.

The cons of Apple’s iCloud Keychain

So far, it may sound as if iCloud Keychain is the best Apple feature ever and the answer to all your password security problems. But there are also some big disadvantages you should be aware of first.

It all depends on your iCloud security

As with everything in iCloud, if your password and 2-factor authentication (or lack thereof) is compromised, then everything inside the account is compromised — including your passwords.

Compare this to a standalone password manager app, such as LastPass, which has its own separate encryption protections.

Exporting passwords is impossible on iPhone

The Passwords app is closely integrated into the macOS and iOS ecosystems. And while it is possible to export your passwords from Keychain on a Mac as a CSV file, there is no way to do so on an iPhone.

If you have a Mac, this may not be an issue for you. But if you don’t own a Mac and decide to switch from an iPhone to an Android device, you can’t export your Keychain passwords all at once. All passwords will have to be entered into your new device individually and manually.

No app feature customization

Some password managers give you extra features like storing sensitive screenshots and documents. The Apple Passwords app, on the other hand, offers you no extra features or customization at all. It’s all plain and no-frills. Some users may appreciate this straightforward approach, but others may see it as a drawback.

It gets in the way of browser password managers

If you also have your passwords stored in Chrome or Firefox’s password manager, then both the browser and iCloud Keychain will pop up, offering to autofill the login fields for you. Having more than one option compete for your attention can be irritating.

That said, in iOS 18, you can go into the Chrome app settings and choose whether you want to use the Chrome password manager or Keychain. The other one then gets disabled.

Apple replaces iCloud Keychain with a new Passwords app

As of macOS Sequoia and iOS 18, Apple has overhauled Keychain from top to bottom and turned it into a slick, fast Passwords app. This was long overdue, and it now makes using iCloud Passwords & Keychain a much more pleasant user experience.

Key differences between iCloud Keychain and Apple’s Passwords app

There are differences between the old iCloud Keychain and the new Passwords app, the first being the appearance.

The image below is the old Keychain interface.

A screenshot of the old Apple Keychain interface.
Apple Keychain and iCloud are trademarks of Apple Inc.

The image below is the new Passwords app.

A screenshot of the Apple Passwords app.
Apple Keychain and iCloud are trademarks of Apple Inc. Amazon is a trademark of Amazon.com, Inc.

As you can see, the Passwords app is much more user-friendly, easier to navigate, and easier to understand.

iCloud Keychain data is stored on Apple’s central servers in a secure vault. The database contains, as well as passwords, obscure root certificates and encryption keys, making the interface untidy and unwieldy.

The Passwords app, on the other hand, is just that: passwords. The app is built with simplicity and ease of use in mind. Login details can be added, deleted, and amended easily, and you can access your passwords when you’re offline.

In summary, iCloud Keychain is the more complicated version, and the Passwords app is the simpler alternative. And who doesn’t like simpler?

How do I migrate my passwords from iCloud Keychain to the Passwords app?

There is no need to migrate your passwords to the new Passwords app, as everything is automatic. The Passwords app is iCloud Keychain. It’s merely been redesigned and given a fresh coat of paint. Therefore, the transition from one to the other is seamless.

How do I enable password autofill?

For the Passwords app to autofill your user login details on a website, you must first enable the feature.

On a Mac, go to System Settings > General > Autofill & Passwords.

A screenshot of the macOS Settings page showing the AutoFill & Passwords option.
iOS is a trademark of Apple Inc.

Toggle on Autofill Passwords and Passkeys. Also, make sure that the Passwords app is enabled under the heading that reads “Autofill from.”

A screenshot of the AutoFill & Passwords settings page in macOS, with the option to AutoFill from Passwords.
iOS is a trademark of Apple Inc.

Why should you use Apple’s password manager?

We’ve gone over the disadvantages of using the newly rebranded Apple Passwords app. But what are the advantages?

Everything is kept in the Apple ecosystem

Relying on multiple apps and third-party services can be a major headache. By using the Passwords app, your sensitive information gets stored inside iCloud, negating the need for a separate third-party password manager app. In other words, you’re keeping things nice, neat, and simple.

It’s extremely simple to use

As we said before, this password manager has no frills and is quite plain. It has one job only — to autofill your passwords. From the get-go, iCloud Keychain is very easy to use, with no learning curve or instruction manual required.

It warns you of compromised and reused passwords

One of the best features of the new Passwords app is that it tells you if any of your passwords have been compromised in a data breach. If so, you can change the password right there and then.

As well as compromised passwords, you are also warned when you start reusing passwords, with a strong recommendation to use unique passwords for each of your online accounts.

It stores your Wi-Fi network login details

In addition to passwords, the Keychain Passwords app also stores your Wi-Fi network login details. One neat feature is the ability to generate a QR code so someone can just scan it with their device and log in. This is great for cheeky guests who ask to use your Wi-Fi.

The rebranded passwords app has turned Keychain into a much better, easier-to-use product. With a much more user-friendly interface, it has seriously made me consider switching from my current password manager. If only they would add a passwords export option for iPhone. But, hey, iOS 18 is still young. You never know what they might add to Passwords next.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. iCloud and iPhone are trademarks of Apple Inc.

Mark O'Neill Mark O'Neill
Mark has been a technology writer since 2004 when he wrote a regular eBay column for AuctionBytes (now eCommerceBytes). He was a contributing writer to Lifehacker, Lifewire, PC World, and Android Authority, as well as a managing editor at MakeUseOf.
You might also like
Can Macs be hacked? Can you tell if your Mac was hacked? Header image
Can Macs be hacked and how can you tell if your Mac has been hacked?
Oct 22, 2024
12 min read
Can Macs get viruses, and how do you protect your MacBook? Header image
Can Macs get viruses, and how do you protect your MacBook?
Oct 14, 2024
10 min read
Lost an iPhone? How to find it and protect the data that's on it: Header image
Lost an iPhone? How to find it and protect the data that’s on it
Oct 11, 2024
9 min read