Saturday, December 17, 2005

Lock screen in OS X: Show keychain status in menu bar

MacDevCenter has written a brief tutorial on the OS X Keychain. It doesn't completely demystify the keychain (I'm still a bit unclear about what it means to unlock or lock an entire keychain), but it helps. I like the idea of showing the keychain status in the menu bar; as a side-effect I also get a convenient 'lock screen' shortcut. A Look at Keychain Access (and Why You Should Care)

... If you choose to go down this route [lock keychain], you may quickly run into one of the disadvantages of being over-careful about security: websites and email clients and all sorts of other applications start pestering you with dialogs, asking you to enter your keychain password every single time something needs to be done. To avoid this, return to Keychain Access' preferences panel and check the "Show Status in Menu Bar" option.

Now you've got quick, easy access to your keychain controls from the menu bar, and you can lock and unlock whole keychains without having to mess around inside of Keychain Access itself.

Note that there's also a Lock Screen command, which may come in handy if you have to leave your machine unattended for short periods of time. It will ask for your username and password before letting you get back to work.

Another good policy is to create several keychains. One for boring day-to-day stuff--this might as well be your default login.keychain file, one for Secure Notes, and extras for any passwords and certificates that you need to keep extra secure.
Using the Keychain for secure notes is a bit silly. Much better to create an encrypted disk image to hold that sort of thing, and mount it as needed. Just be sure NOT to store the password for the disk image in the keychain!

No comments: