> To me, this makes encrypting Yojimbo items pointless - they become no more secure than unencrypted items. Both are accessible to anybody who can
> login to the account.
Maybe other users should have their own accounts on the Mac so you can keep your keychain private?
Another option is to set the keychain to not unlock at login. Or, simply create a second keychain for your private info. I believe you can have as many keychains as you like, and one can be optionally set to automatically unlock at login.
See Keychain Access in your Utilities folder to play with these options.
-Dennis
On 9/04/11 at 11:46 AM -0700, toad...@mac.com wrote:
>Another option is to set the keychain to not unlock at login.
>Or, simply create a second keychain for your private info. I
>believe you can have as many keychains as you like, and one can
>be optionally set to automatically unlock at login.
In addition, just because the keychain is unlocked does not mean
the password is visible. The keychain password still has to be
entered before Keychain Access will display the password (unless
you gave Keychain Access permission to *always* decrypt that item).
I agree with Dennis, just think a bit more about how you can get
keychains working the way you want; that will be much simpler
than introducing a different keychain manager.
Charlie
--
Ꮚ Charlie Garrison ♊ <garr...@zeta.org.au>
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
〠 http://www.ietf.org/rfc/rfc1855.txt
> BareBones' answer was that the tools needed are all provided by Apple
> themselves in the keychain and they therefore were not interested in
> doing anything else with Yojimbo security. Personally, I think
> locking your main keychain is a pain in the butt and not practical
> (especially Safari whines for access to the keychain constantly --
> even when not viewing encrypted pages).
I think that you might find it helpful to explore the features of the OS X keychain more thoroughly.
It is quite simple to create a new keychain, independent of your login keychain, with any enhanced security features you like. (For example: has its own password, distinct from your login password; is not opened automatically at login; closes itself automatically after five minutes.)
Then simply move your Yojimbo password entry from the default keychain to your new high-security keychain. (How? Literally drag the entry from one keychain to the other.)
Now, when you access any locked item in Yojimbo, Yojimbo will have to get the password from the high-security keychain, which will be locked, so you will have to type in your special high-security password.
Meanwhile, all of your other passwords will remain in the default keychain, with the default security -- i.e., no whining from Safari.
Regards,
Neil Faiman
On 10/04/11 at 12:00 PM -0700, Chris H.
<google...@chrishart.net> wrote:
>BareBones' answer was that the tools needed are all provided by Apple
>themselves in the keychain and they therefore were not interested in
>doing anything else with Yojimbo security. Personally, I think
>locking your main keychain is a pain in the butt and not practical
>(especially Safari whines for access to the keychain constantly --
>even when not viewing encrypted pages).
Don't use the main keychain for storing the Yojimbo master
password. Keep it in a different keychain that stays locked and
only unlock it when Yojimbo needs it.
On 10/04/11 at 4:40 PM -0400, Neil Faiman
<neil....@faiman.org> wrote:
>Now, when you access any locked item in Yojimbo, Yojimbo will
>have to get the password from the high-security keychain, which
>will be locked, so you will have to type in your special
>high-security password.
I should have read Neil's reply first. He explained it much
better than I did.
Also, the Apple keychains can store encrypted notes too; it's
not only for passwords.
The only reason I've ever found a need for anything other than
Apple keychain (& Yojimbo) is shared passwords when using Linux.
And that need hasn't been strong enough to look for alternate solutions.
On 11/04/11 at 11:49 AM -0700, Chris H.
<google...@chrishart.net> wrote:
>___ On 4/10/11 6:10 PM,<garr...@zeta.org.au> wrote: ___
>
>> The only reason I've ever found a need for anything other than
>> Apple keychain (& Yojimbo) is shared passwords when using Linux.
>> And that need hasn't been strong enough to look for alternate solutions.
>
>You obviously don't travel much or use many multiple devices, like I
>do.
Nope, don't travel much, live in a small town. We've actually
started our car twice in the last month, busy times indeed.
The few times I have to go the big smoke (to manage servers) I
take my laptop which also has my keychains. And I have a USB
disk which I keep backups on (as well as my ssh keys). So a
cloud solution hasn't been important.
I do use the cloud for my Yojimbo data though, which is great
for using on my phone around town. :-)
On 12/04/11 at 6:56 AM -0700, skkippy <mrtn...@gmail.com> wrote:
>I wonder how Yojimbo could know that the iPad sync password it needs
>is in some specific non-login keychain?
Apps don't request a password from a given keychain; they just
ask for the password and the keychain system finds the item in
the appropriate keychain, and if locked, then asks for the
keychain password.
If it's not working that way for you, then maybe explain what is
happening since it sounds like some other error is getting in
the way.
> have a hard time finding ways to learn about my Mac, so thanks for
> these links. Anyone have other ideas/resources to gain this type of
> knowledge?
While not a book, I recommend reading macintouch.com every day. Its focus is on troubleshooting, but if you read the reports you'll learn tons. It's updated six days a week, usually by noon EDT.
Seth