Prevent Keychain from copying an internet password to the login keychain

keychainsafari

I find that my passwords are being copied from my "bank" keychain into the login keychain every time I allow Safari to autofill the fields. How can I prevent that?

I have created a separate keychain called "bank" to store my sensitive financial account passwords. I use a different keychain password and set it to lock automatically after 5 minutes.

Best Answer

This was a security bug and a fix was released today by Apple.

About the security content of Safari 10.1:

Safari Login AutoFill

Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4

Impact: A local user may be able to access locked keychain items

Description: A keychain handling issue was addressed through improved keychain item management.

CVE-2017-2385: Simon Woodside of MedStack

Best Answer

Related Solutions

IOS – How to tell Mobile Safari to stop remembering to never remember the password

IPhone – How to prevent keychain passwords being seen with iPhone passcode

Related Question