How to Store Secure Notes Without Using 3rd Party Apps

| How-To

I'm talking about the Keychain—I call it an OS X "security vault." You may already know that your Mac's Keychain is constantly guarding access to data on your Mac in several different ways, and that it is the primary defense against the injection of malware onto your Mac.

Your Keychain password - which is usually your Mac logon password - is triple-encrypted. Keychain provides you with a "single sign-on" access to your Mac. You just need to remember your logon password, and Keychain does the rest. It stores and later applies your various passwords for your other Mac system services, websites, servers, wireless networks, encrypted disk images, and much more.

Keychain also includes the ability to generate and store Secure Notes for you. These are in a special category because Keychain applies additional encryption to them. Secure notes constitute an interesting side benefit to Keychain that is not obvious, since you actually need to enter the inner sanctum of your Mac's Keychain Access application to use the feature.

Let me address an important issue now. Accessing your Keychain is completely legit and sometimes necessary for troubleshooting purposes. However, I strongly suggest that you follow the steps in this article for the sole purpose of creating secure notes. Don't go mucking around in Keychain Access unless you know what you're doing! OK? Don't make me come over there! Be on the safe side. You may look around, but don't touch! One more thing… while Keychain is very robust, if you somehow corrupt your Keychain password without backups, or can't remember it, no one—not even Siri—can get in to retrieve your secure notes. You've been warned!

OK. Got that out of the way. Let's create a secure note.

Secure notes stored in your Keychain are quite secure, but they are very simple text files. Nothing fancy—no text formatting, no images, no bells, and certainly no whistles. You will type your secure note within the Keychain Access app, or you can copy/paste text into the appropriate spot, which I will show you momentarily.

Launch the Keychain Access app located in your Utilities folder which is inside the Applications folder. From Finder, you can get there quickly by selecting Utilities from the Go Menu.

The main window of the Keychain Access app.

This is the main window in Keychain Access, where you manage your secure notes.

Keychain Access will display a typical 3-pane window. Looking at the left-hand column in the "Category" section, click on "Secure Notes"—it's icon looks like a yellow sticky note. This will reveal a list of existing secure notes, if any. If this is the first time you enter, there will be no notes listed.

Now, create your note by either clicking on the little "+" sign at the bottom-left of the Secure Notes list panel, or via FILE > NEW SECURE NOTE ITEM.

Creating a secure note.

This is where you create and name your secure notes.

You are then presented with a text field where you can enter your deepest, darkest secrets. You can type or copy/paste from elsewhere. Finally, provide a name for your note in the appropriate field.

All your secure notes will be listed here. Click the "+" button to create more notes.

When done, click ADD. You will see your new note listed. If you select the note, you will be shown its vital stats. The number of notes you can enter is virtually unlimited; and so is a note's length.

The password prompt for opening a secure note.

Before the note can appear, you need to enter your password.

To test the security of your note, first QUIT Keychain Access. Then, relaunch it. Click on the "Secure Notes" category. Finally, double-click on your secure note to open it. You should just see a blank field where the text should be. Don't fret; it's hidden and encrypted at this point.

Click the "Show Note" checkbox, and you will be prompted for your Keychain password (typically, your logon password). It's prompting you for your password in order to decrypt the note (make it intelligible) since it was encrypted with your Keychain password when you originally added the note.

You should select Allow for a one-time access to the note. Be careful with Always Allow, as selecting this option will compromise the security of your note. If you right-click (or control-click) on the note name in the list, you'll see that you can copy the note contents into the clipboard. As you might expect, you will be prompted for the password before it will complete this operation, and keep in mind that the data on the clipboard is no longer secure.

That's all there is to it. Again, nothing fancy, but nevertheless a handy, built-in security utility. And, the cost is just right…free! For more complete solutions, you should check out single sign-on and password management apps like 1Password or LastPass.

There is so much more to be said about the Mac Keychain and the Keychain Access app. So, stay tuned for more down the road here on TMO.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

2 Comments

mhikl

Sandro, Keychain is wonky, and has been since some update from an OS universe I don’t remember. Sometimes it works, sometimes not so much, other times not at all—for some sites it will store PWs, other sites, not.) The hours I have spent trying to figure this tormented kitty out I can never get back. If I were a meanie, I would have a Stevie head banging troll.
I have resorted to storing my PWs in VoodooPad and also have a PW for general sites I visit which is linked to its own email name. I also sort of use LastPass but it must have been designed by the nut who did Keychain as it has its similar quirks that work against mindfulness and calm.
I have given up on Apple ever making KC work regularly and consistently and definitely would not enter into this dark world for notes where more headaches lurk to spoil my day.

scooper1

The method described is not so secure—anyone who knows the login password can open such a Secure Note, and that is likely to include family members and the like.
What should be done is to create a new keychain with its own password, and to create/store Secure Notes in that keychain.

Log-in to comment