For the first few, you probably came up with memorable, clever passwords no-one else would be able to guess. Then you probably started to reuse some of the better ones. Then, if you started to have trouble remembering them, you might have committed the cardinal sin of passwords: writing them down somewhere handy. A friend of mine has a wad of Post-It notes stuck to her monitor, each containing a user name and password for some service or other she subscribes to. Very secure.
Under Mac OS 9, Apple provides a way for you to keep all your different passwords together in the one place, keeping them secure without having to write them down. It's called the Keychain.
The Keychain actually dates way back to the old System 7 days, when Apple had a proprietary email and messaging system called PowerTalk built into the OS. PowerTalk allowed users to keep all of their various and sundry passwords in one place, and activate all of them with a single master password. While PowerTalk had its fans (Steve Wozniak was a big supporter of the technology) it never really took off. Open-standard email and messaging systems were much more popular, and few people really got the hang of the Keychain. When Apple introduced Mac OS 8, it contained specific code that would disable PowerTalk. Only very clever hackers could make it work under the new system.
With Mac OS 9, the Keychain is back, although PowerTalk remains the stuff of Apple trivia quizzes. Apple has done little to promote the fact that the Keychain exists in Mac OS 9, which suggests that its renaissance will really happen with Mac OS X next year. Mac OS X is a fully multiuser operating system (there is no single-user mode) and the Keychain's great strength comes in keeping your passwords separate from everyone else's who might use your computer. (This is where the Post-It technique falls down).
Setting up a Keychain
If you've set up Multiple User accounts on your machine (see Here's How April 2000), each user automatically has a Keychain created for them. For this tutorial, I'll presume you don't have a Keychain and you need to create a new one.
1 Open the Keychain Access control panel. If you don't already have a Keychain, it will ask if you want to create a new one. Click Create. If one exists, click Cancel and then, from the File menu, select New Keychain.
2 Enter a name for your new Keychain, and enter your password twice. It is very important that this password is a good one, because it controls access to all the others you will later add to the chain. Make it memorable, make sure it includes a few numbers as well as letters, and make sure it doesn't contain personal information about you, since this is easy to guess. Your pet's name and your birthday, for instance, make lousy passwords.
3 You should now have an unlocked Keychain window open on the desktop. Before you proceed, there are a few setting changes you should make. If you have multiple keychains created, there will be a Keychains menu in the menu bar. Use this menu to make the Keychain you have just created the default one. Under the Edit menu, select your Keychain's settings. You can, if you wish, change your Keychain password from here. More importantly, you should check the boxes that say Lock after X minutes of inactivity (and select a number of minutes), and Lock when the system sleeps. This will ensure that no-one can access material on your machine if you step away from your desk for a moment. De-select the checkbox that says Allow access without warning, and click OK.
If you are using Keychains in a multiple-user machine, you should only change your password from the login screen that appears when you start up. Changing your password from the Keychain Access control panel may stop you logging in correctly next time you start up your machine.
Adding items to a Keychain
1 Open the Keychain Access control panel and unlock your Keychain. If you have multiple Keychains, make sure the one you want to add items to is selected as "default" in the Keychains menu.
2 To add a file server to the Keychain, simply drag its icon from the desktop onto the open Keychain window. You will be prompted for your user name and password. Then, next time you want to log onto that server, you won't have to type in those details as long as your Keychain is unlocked.
Note that you must log onto the server using the Network Browser application in order for the convenience of the Keychain to work.
The Chooser is not designed to interact with the Keychain, so it will continue to ask you for your user name and password anyway. (Since the Chooser is not present in Mac OS X, this will soon not be an issue). Alternatively, create an alias for the file server, and access it by double-clicking the alias. Then it will obtain your password from the Keychain.
3 To add a Web site to the Keychain (for a site that requires authentication, of course), go to the URL where you enter your password and log in. Then drag the URL from the browser window onto the desktop to create an Internet Location clipping file. Drag this file onto your open Keychain, and enter your user name and password again. Next time you go to the site, presuming your Keychain is unlocked, you shouldn't have to enter the password again.
Note that some browsers and some Web sites don't support the Keychain as well as they might, so you'll just have to try this trick with a few of them and see where it works and where it doesn't.
4 Some applications (such as accounting software) that utilise passwords will allow you to add passwords to the Keychain. In the dialogue box where you enter your password, look for a checkbox or other button that says Add to Keychain and select it. If such a device doesn't exist, chances are the software doesn't support the Keychain, and you just have to remember the password.
5 Apple provides a program called Apple File Security that allows you to protect individual files on your hard drive from prying eyes. Confidential business information, that collection of binaries you downloaded from Usenet on company time, and those amusing caricatures of the boss are all good candidates here.
Click once on a file to select it, then select Encrypt. You can also control-click on the file to bring up a contextual menu, and select Encrypt from that. You will then be prompted for a password for the file. In the window, there is a checkbox saying Add to Keychain. If you don't want to add the password for each file to your Keychain, you must de-select this box. Apple File Security passwords are added to the Keychain by default.
When you next try to open the file, if your Keychain is unlocked you will not be prompted for a password. If your Keychain is locked, you'll need to know the password to view the file.
Your secrets are now safe!
Taking it with you
If you want to use the same set of user names and passwords on several different computers (at home and work, for instance), it is easy. The Keychains are just preference files, and can be moved around like any other files.
Lock the Keychain you wish to transport.
Open the Keychains folder (inside the Preferences folder, inside the System folder).
Copy the file you wish to transport onto a disk or other medium.
Take it to the other computer and copy it into the Keychains folder (the other computer must also be using Mac OS 9).
Unlock the Keychain.
It should be possible to email the Keychain file to your other computer, or copy it over a network. Unfortunately, I have my email password on my Keychain, and I have to lock the Keychain in order to copy it. Catch-22.
Incidentally, if you want to get rid of a Keychain, simply make sure it's locked, then drag the Keychain file to the Trash. You'll then have to remember all of your various passwords that were connected to the chain.