An important preventive maintenance task is to protect your Mac from other people who use it or from those who access its files from a network. You can also use keychains to help you manage your own security information. Securing Your Mac with User AccountsYou should create user accounts for everyone who uses your Mac. In addition to the features that user accounts provide, such as a Web site and well-organized file storage, user accounts prevent unauthorized users from changing the system configuration of your machine. To learn how to create and configure user accounts, see "Creating User Accounts," p. 22. Securing Your Mac with PrivilegesFor those who access your Mac over a network, you can control the access to specific items by setting privileges for those items. You can control access in several levels of privilege from not being able to even see the item to being able to read and write to it. To learn how to configure privileges, see Chapter 25, "Building and Using a Network," p. 721. Securing Your Mac with KeychainsFor security and other reasons (such as making online shopping more convenient), you need usernames and passwords to access network resources, whether those resources are on a local network or on the Internet. After using even a few of these, you will have a large collection of usernames and passwords. Remembering these can be a challenge. Fortunately, your Mac lets you store all your usernames and passwords in a keychain. You can then apply your keychain to whatever resource you want to use and the appropriate information is provided so that you can access what you need. All you need to remember is the password, called a passphrase, which unlocks your keychain. You can configure your keychain so that you can gain automatic access to secured resources during each working session. To secure those resources again, you can lock your keychain, which means that the passphrase must be entered for that keychain to be applied. Before you can use a keychain, one has to be created. A keychain is created automatically for each user account you create. However, you can create additional keychains for specific accounts if you need to. To use a keychain, it must be unlocked. To unlock a keychain, you enter its password when you are prompted to do so. When you log in to your user account, the default keychain for that account is unlocked automatically. Adding a KeychainSometimes, you might want to add a keychain to your current account. For example, if you create a new user account, you might want to move your current keychain to the new account. You can add a keychain to your user account using the following steps:
You can see all the keychains installed for your user account by choosing View, Show Keychains. A drawer will appear and each keychain installed in your user account will be listed. Locked keychains are marked with the closed lock icon. Open keychains have the open lock icon. Adding Items to a KeychainAfter you have created a keychain, you can add items to it in the following ways:
TIP You can create an Internet Resource Locator file by dragging the icon next to the URL for that resource from the Internet application to your Mac. For example, in Internet Explorer, the icon appears immediately to the left of the address in the address bar. When you drag this icon onto your Mac, an Internet Resource Locator file is created. Open this file to move to the source at which it points. NOTE If a Web site uses a cookie to store information about your account (usually sites that don't include sensitive information in your account) and you enable your browser to accept cookies, you don't need to add it to your keychain. One of the best uses of a keychain is to store user accounts and passwords for Web sites you access. The simplest way to add such an item to your key is to use drag and drop. CAUTION For the drag-and-drop method to work, your username and password must be encoded in the URL for which you create an Internet Resource Locator. If it isn't, when you access that item, you won't be logged in to your account.
CAUTION Not all applications support keychain access. If a particular application or resource doesn't support keychains, you won't be able to access that resource automatically. However, you can still use Keychain Access to store such an item's username and password for you, thus enabling you to recall that information easily, and it is stored more securely than writing it down on a piece of paper. To manually add an item to your keychain, perform the following steps:
TIP You can set the default keychain for your user account by opening the keychain you want to make the default one and choosing File, Make "keychain name" Default. Using a KeychainWhen you have a keychain configured for an account and it is unlocked, you can access the items that it contains without entering your username or password. For example, when you open a server, it will open for you immediately. NOTE By the way, this is how Mac OS X can access your .Mac account without you having to log in each time. When you create a .Mac account, it is added to the Keychain for the Mac OS X user account related to it. Mac OS X can use this Keychain to access the .Mac account without requiring that you log in manually. To prevent a keychain from being accessed, lock it. Do so by opening the keychain and choosing File, Lock keychain name. To unlock a keychain again, click its Unlock button and enter the password for that keychain. NOTE If the keychain isn't open, select it from the Keychains menu, enter the password, and click OK to unlock it. Your keychains are stored in the Library/Keychains folder in your Home directory. You can add a keychain from one account to another account by moving the keychain file to a location that can be accessed by the second account. (For example, you can copy your keychains into the Public folder of your Home directory to enable other users to add that keychain to their own accounts.) To add a keychain to a user account, open Keychain Access under that account and use the Add button. This is useful if you want to be able to use the same keychain from several accounts. To remove an item from your keychain, select it and click Remove. Getting Information About Keychain ItemsIf you are using keychain items to store information, you can get information about a keychain item. Or, you might want to get information about a keychain item to see the details about what it accesses. TIP Earlier, I mentioned that you should find a secure way to store password and serial number information for software. You can use Keychains to do this even if you don't actually use the Keychain to access the item. For example, you can create a Keychain item for a piece of software that you use to store that software's serial number. To do this, click the Password button to create a new Keychain item, enter the name of the application, and then enter the serial number as the passphrase. Whenever you need this information, select the item and then check the "View passphrase" check box. After you unlock the item, the serial number will appear in the passphrase field. This is a secure way to store this type of information. Of course, if something happens to your Keychains, the data will be lost too so make sure that you have it backed up.
The Keychain Access application has various other useful features, such as the following:
|