I’ve lost count of the number of times Mac technical support customers have asked me what the keychain is. It’s a very simple concept. Fundamentally it’s a place for you to store passwords so that applications, such as your email program, can retrieve the password when they need. So how does it work?
When you create an email account you’ll be asked for the password needed to access that mailbox. If you tick the box saying “remember this password” then the password is then added to your keychain with a note saying which application wanted to remember the password. Henceforth, everytime that application needs to send that password, it asks the keychain for it. The keychain checks to see if the application requesting the password is the one that asked for it to be saved. If it is, the password is provided. If it isn’t, the password is refused.
So why do you sometimes see messages saying things like “The application Mail wants to access an item in your keychain…” out of the blue? Usually it’s because you’ve run an OS update, the application Mail has been updated and the keychain is checking that you still want to give it access to your passwords.
Why so complex? If the keychain didn’t protect passwords on a per application basis, someone could persuade you to download dodgy software onto your machine that could then extract all your stored passwords. Which would be very bad news.
Lastly, the keychain is normally locked by a “master” password – no program can access data stored in it until you enter the password for that keychain. The reason you don’t typically see a prompt to enter the keychain password is that it is automatically unlocked when you login to your Mac.
All cleared up? Good.