Which keychain is which on your Mac, iPhone, and iPad

Apple stores passwords and other secrets in a keychain on your device–but is it the Keychain? The difference confuses some readers. Generally, it works like this:

• macOS: The operating system maintains multiple keychains, which you can view via Applications > Utilities > Keychain Access. This tool can manage some low-level encryption details, like certificates, and will show at least a System and login (lowercase) keychain. Your login keychain contains the items used for your account, which include Wi-Fi network passwords, network volume passwords, website passwords, and many other things.
• iOS/iPadOS: Keychain mangement is hidden. iOS and iPadOS reveal passwords for websites and certain apps in Settings > Passwords. The fact that the password is for an app is opaque as Apple lists passwords by website address. Apps use an address for validation, and that’s what you’ll see. For instance, for Netflix, I see an entry for signup.netflix.com and www.netflix.com. But when I log in to Netflix using iOS, iPadOS, or tvOS, the matching password entry appears. Apple also stores entries for Wi-Fi networks that appear in Settings > Wi-Fi.
• iCloud Keychain: You can enable end-to-end encrypted key syncing across all your devices logged into the same iCloud account to share all kinds of keys. Because this happens without any involvement on your part after enabling it, it means Wi-Fi passwords, website passwords, and Mac-specific secure entries are synced among the appropriate devices.

If you have iCloud Keychain disabled at Settings > Account Name > iCloud > Passwords and Keychain (iOS 16/iPadOS 16) or iCloud Keychain in previous iOS/iPadOS releases, your iPhone or iPad will still store passwords at your request for apps and other purposes, just as a Mac will. These passwords just aren’t synced across devices.

iCloud Keychain data use doesn’t count towards iCloud or iCloud+ storage. And the end-to-end encryption used by Apple means that the encryption keys that protect your secrets are stored only on your devices—someone has to access a device and unlock it to gain access to passwords. Even if they unlock it, they have to authenticate again to view or see passwords on any iPhone or iPad as well as in default macOS setups. (You’d have to make several changes to disable authentication on a Mac for using passwords after the Mac was unlocked.)

This Mac 911 article is in response to a question submitted by Macworld reader Steve.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.