Different password for login and keychain

I’m sorry if this is common knowledge, but I haven’t been able to find an answer. On older Mac OS’s you could set the keychain password to be different fom the login password, so if someone should be able to access your Mac it would not be possible to use your saved passwords without unlocking the keychain. This doesn’t seem to be possible anymore in High Sierra, is that true? The change password option for the login keychain is greyed out, and if you delete the iCloud keychain, the login keychain that replaces it can’t even be locked; I find that very strange indeed. I’m now glad that Firefox uses it’s own password manager, which I detested in the past…

Hi @Maurice,

Yes – I have had the same problem since upgrading from 10.12 to 10.13 around the start of this year. When I called AppleCare about it, they acknowledged it as a bug.

David

This was never a feature, it was always a bug. It is still possible to get your passwords out of sync, I think, by changing your login password via the command line, but I do not recommend it.

Have a good password for logging in and don’t share it.

Is it possible to have a seperate password for Keychain Access to ones log in password? Ideally I would like to have the keychain only accessed and opened by my fingerprint. The keychain settings will determine how long the keychain is available.

It was possible in the past, even if it was a bug, but it would save me from having an overly complex login password. My internal storage is encrypted with file vault , and my sensitive data is stored in an further encrypted sparse bundle so I am not “that” concerned about initial access to my Mac. If I were to use keychain for all my passwords (which would be accessible with just the login password) I would be very concerned.

Thanks.

1 Like