The keychain in OS X should run seamlessly in the background to store and retrieve passwords for the various services you use. At most it should ask you for a password once or twice when you initially access a service, but there may be times when you regularly see messages pop up on your Mac that indicate a certain program or service is trying to access your keychain. When this happens, a dialogue box will appear with the words “PROGRAM_NAME wants to use the ‘login’ keychain’ with an option to supply your password and confirm or deny the request.
This type of request is expected for new services you are using, but after you have granted access, then this should no longer appear. If it does, then there may be some configuration settings that you can try to help fix the problem:
Turn off keychain auto-lock
One security feature that is available for all keychains on your Mac is the ability to automatically lock after a given period of no activity or if you have slept the computer. Note that these are separate from screen locks which do the same thing, but which require passwords to access the entire computer. With these auto-lock features, the system can still be used, but the keychain will simply require authentication again.
- Open the Keychain Access utility (in Applications > Utilities)
- Right-click your login keychain and choose the “Change settings for …” option
- Uncheck the two checkboxes to disable auto-lock features, or otherwise modify them to your needs.
If you wish to keep of these behaviors, then one helpful feature is to go to the General section of the Keychain Access preferences and enable “Show keychain status in menu bar”, which will display a new menu extra that looks like a small lock. If the keychain is unlocked then the lock will appear open, but if not then the lock will appear locked.
These two options may have your keychains automatically locking and then repeatedly requiring your password.
Run keychain first aid
If your keychains are not working properly, then Keychain Access can help ensure they are in working order and using the expected behaviors, but you have to first ensure Keychain Access is set to apply these behaviors to keychains when First Aid is run:
- Go to Keychain Access’ preferences
- Select the First Aid tab
- Ensure at least the bottom three options are checked
- Close the preferences and press Option-Command-A to open the First Aid panel
- Run the first aid verification, and then repair if any errors are found
Ensure at least the bottom three options here are checked before running the First Aid routine on any of your keychains.
Remove iCloud keychain and re-add
If you are using the iCloud Keychain feature to synchronize passwords between your various Apple devices, then try resetting this on your current Mac by gong to the iCloud system preferences and unchecking the Keychain service. Confirm you wish to continue, and then re-check the box to associate your iCloud keychain again. When you do this, the system will remove and re-add your keychain and in doing so hopefully clear the problem at hand.
Reset local login keychain
A final option is to completely reset your local login keychain, which will start you off with a fresh keychain file that your apps and services will use for storing passwords. When you do this, you will have full access to your old keychain so you will not lose any passwords, but OS X will simply not use them at the moment and require you enter your passwords again:
- Open Keychain Access
- Go to the Keychain Access preference
- Click Reset My Default Keychain
- Confirm this action and wait a short moment
The option to reset your default keychain is in the General section of the Keychain Access preferences.
When done, if you cannot remember one of your passwords then you can use Keychain Access to open the old keychain and either drag items from it to your new one, or open them directly to access their stored passwords.
i have no first aid ???
can i haz?