I use iCloud Keychain across iOS devices and my MacBook Pro. I recently discovered that on my Mac I can access the passwords stored in the iCloud keychain simply with my (admin) login credentials. Is there a way to give the iCloud Keychain a specific password?
I would like to prevent the iCloud Keychain from being unlockable with my computer login (password and Touch ID) and, ideally, on my iOS devices also with my online Apple ID.
Alternatively, if the above is not possible, can I use a different Keychain for syncing? I know, on the Mac I can create personal Keychains that have their own unique passwords. Is there a way to sync these Keychains across devices? So far I was unable to get them to show up on my iPhone.
Thank you very much!
EDIT:
Following suggestions from bmike's answer below who refers to this question, there are possibilities how to specifically change either the login password (using passwd) or the password of a specific keychain (using security ... – follow the link for further information). However, what I am trying to do is to change the iCloud keychain password.
The iCloud keychain shows up as a separate keychain in the sidebar of Keychain Access, but it doesn't seem to be stored in any accessible place (i.e., in a .keychain-db file) the password of which could be changed via the methods suggested.
If I get the info from any item in the iCloud keychain I can simply show the password by entering my login password. It asks me for the "Local Items" keychain, which seems to be the same like my login keychain (at least it obeys the login password).
Even when I try to specify "Access Control" for an item, I'm not allowed. In regular items, I can click "Ask for Keychain password" under the "Access Control" tab. But in the items under iCloud Keychain it displays "Access for this item cannot be edited" there.
Any further help is much appreciated!
Best Answer
I’m afraid the cloud keychain is the only one you can not lock your account out of so you'll likely fail to do what you ask.
All other keychains are trivial to choose an different password - even the log in keychain is easy since you can change your log in password with the
passwdcommand line tool. Then, each time you log in to your Mac - the keychain password will be what it was before you changed the log in password and have to enter the second password.Most people hate that situation, but you could run that way intentionally if that suits you.
The iCloud Keychain is tied to secure tokens so that you can have different passwords on different devices and I believe it uses your iCloud password to generate the unlock tokens. If so, you’ll have to disable iCloud Keychain syncing in all likelihood to lock / change it via passwords.