• The Tiger Report: Please Fix My Keychain

    October 8th, 2005

    It’s hard to remember that long ago, but Apple’s Keychain was even around in Mac OS 9. The idea behind it is sensible, a single file that stores all your user passwords. You can lock it for even greater protection, and when it works, you don’t have to pay attention to it.

    When it doesn’t work, you are left trying to figure out all your user passwords, assuming they are more complicated than your cat’s name or your daughter’s birthday. Why? Well, say you’re using Apple’s Mail application and you have several accounts. No, this isn’t an unlikely scenario. It happened to me just the other day. I kept getting password prompts as it accessed each and every account. All right, I know my passwords pretty well without prompting, so it’s an annoyance and nothing more.

    But I did click the checkbox to add the password to my keychain. Why should it forget, all of a sudden? And why does the password prompt reappear a few days later?

    Now I’m not the only one who has encountered this problem. Unfortunately, not all of you, even if you do use a strong or relatively secure password, have it at your beck and call. Suddenly, you’re adrift at sea, and you may go scurrying for that little yellow stick-it note you tossed into a desk six months ago, one you hope contains your password. Or you call someone like me to help you figure out what you forgot.

    In a few cases I know about, the only solution was to contact the ISP and have the password reset. Of course, you then have to create a new password, because the ISP will usually grant you something simple such as, say, “password.” I’m serious, and I’m also serious that some of you never change it, and I’ll get to that later.

    You enter the password the next time the password prompt appears, remembering to check the option to store it in the keychain. Everything works properly, until the symptoms return all over again a day, a week, or a month or two later.

    So what went wrong and is there a simple solution? Well, first lets look at the cause. In some cases, the fault lies with your ISP. It’s mail servers are tasking an unusually long time to authenticate your password, or they’re not functioning correctly, so Mail assumes the password was rejected. Usually it’s a passing phenomenon, and it’ll be fine the next time you try. If not, I wish you look persuading your ISP it’s actually their problem. While some are aware of the condition of their services, others require strong prodding to admit they are at fault.

    But what if it’s not the ISP, but a problem with your Keychain? Well, there is one simple remedy, one that may or may not cure such symptoms. That’s a feature in the Keychain Access application, which resides in the Utilities folder by the way, known as Keychain First Aid. Under Tiger, you find it under the Keychain menu, and you can use it to repair settings and permissions. Sometimes it even works, and you can rest assured that you will not be disturbed with any unexpected requests for your password, until it breaks again of course.

    However, what do you do if Keychain First Aid finds nothing wrong? Endure the problem? Well, I suppose, unless it reaches the point where the prompt appears every time your mail is checked, and after the fifth or sixth time, I can see where this symptom can get mighty disturbing. In my case, I tolerated the persistence for a few hours, and I tried to be patient. I really did, but finally I decided to toss the login.keychain file and be done with it. It’s located, by the way, in your Users/Library/Keychains folder. Or just use Spotlight to scope it out.

    After tossing the file, I restarted, which, created a new login.keychain file. Of course, I had to reenter all my passwords, from all the applications I use that support Keychain, from scratch, but the problem was vanquished. It appears to me that it was caused by a level of file corruption that was beyond Keychain First Aid’s ability to repair.

    This is not a Tiger phenomenon, of course. I’ve seen it happen in earlier versions of Mac OS X, and as I said, I’m sure some of you have encountered it too. Like the Migration Assistant, Keychain isn’t a sexy feature, but one that ought to be a little more resilient to problems of this sort. Chalk up another item for the Leopard wish list.

    As to passwords, if you don’t want to make them easy to crack, take a little extra time to pick something unique. The best is a random collection of upper and lower case letters intermixed with numbers. It may tax your memory to recall it, but it’s worth the effort.

    | Print This Article Print This Article

    Leave Your Comment