Your MacBook is valuable; protecting it is important, but this chapter is about protecting the data on your MacBook, which is even more valuable. If you've purchased music, movies, or other content from the iTunes Store, you've invested hard-earned dollars in that content. If you use iPhoto, you can't replace those photos stored there at any price. Then there's personal data such as financial information that you need to safeguard. For all these reasons, you should take precautions to secure your MacBook and its data.
Keeping Software Current
Preventing Internet Attacks
Protecting MacBook with General Security
Protecting Data with Time Machine
Protecting Data with Encryption
Protecting Information with Keychains
There are two good reasons why you should keep the software that you use current. One is that software developers frequently develop revisions to improve the features of their applications and to remove bugs. The other, and the reason this topic is included in this chapter, is that many applications, and most definitely Mac OS X itself, have a large role in how secure your MacBook and its data are. The bad guys, people who develop viruses and attempt to hijack your computer or steal your data, are always working on new ways to penetrate your computer. Most software developers try to limit your exposure to attacks in their software as much as possible; to keep up with the new attempts to compromise your computer, you need to take advantage of security improvements that are part of software updates.
There are two basic categories of software that you need to keep current. The first is Apple software, which includes Mac OS X along with Apple applications you have. The second category is the third-party software you have installed.
Because it is the largest factor in how secure your MacBook and its data are, Mac OS X is the most important software you need to keep current. The good news is that Mac OS X includes the Software Update tool that makes it easy to keep Mac OS X and your Apple applications current. You can update software manually, and you can also configure Software Update so that it checks for and downloads updates automatically.
You can update your Apple software manually by performing the following steps:
Choose Apple menu
Click Show Details. The dialog box expands so that you see each of the updates that were found (see figure 14.1).
To install an update, select its check box. To prevent an update from being installed, deselect its check box.
Click Install numberofupdates, where numberofupdates is the number of updates you've selected to install.
If prompted to do so, type your Administrator username and password and click OK.
Click Restart if prompted to do so.
If a restart is required, your MacBook restarts and continues the installation process. When the desktop reappears, you are using the updated software.
If a restart isn't required, after the update process is complete, you see a dialog box letting you know; click OK to close it. The Software Update application checks for additional updates (the updates you installed are marked with a check mark in a green circle); if it doesn't find any new updates, quit the Software Update application by clicking Quit.
Note
Updates you didn't install are maintained on the list; you can install them by selecting their Install check box and clicking the Install button. To remove an update from the list without installing it, select it and choose Update
Checking for software updates is easy enough, but why not have your MacBook handle this for you automatically? Here's how:
Open the Software Update pane of the System Preferences application.
Click the Scheduled Check tab if it isn't selected already.
Select the Check for updates check box.
On the Check for updates pop-up menu, choose the frequency with which your MacBook checks for updates (see figure 14.2).
If you want important updates to be downloaded automatically, select the Download updates automatically check box. Important updates are those that affect your system and have the most impact on its security. I recommend that you select this check box so these vital updates are downloaded as soon as they are found. If you don't select this check box, you're prompted to download the updates when they are available.
Quit the System Preferences application. When the specified amount of time passes, Software Update checks for new software. When it finds new versions, it downloads them automatically and then prompts you to allow them to be installed or prompts you to allow them to be downloaded and then installed.
Note
You can check for updates manually by clicking Check Now; this does the same thing as choosing Apple menu
You can use the Software Update pane to view information about updates you've installed by doing the following:
Open the Software Update pane of the System Preferences application.
Click the Installed Software tab. You see a list of all updates you've downloaded and installed on your MacBook (see figure 14.3).
Sort the list by clicking any of the column headings. You can change the sort direction by clicking the column heading again.
Support for updates to non-Apple software isn't built in to Mac OS X. Instead, each application provides its own tools to download and install updates. Most of these support manual or automatic updates. The details of updating a third-party application depend on the specific application. The following sections show how to update Microsoft Office applications manually and Snapz Pro X from Ambrosia Software automatically; other third-party applications are updated similarly.
Note
Ever since Mac OS X was released many years ago, I've hoped that Apple and third-party companies would develop an approach whereby the Software Update tool works on all software installed on your MacBook, whether it's from Apple or not. Alas, that's not happened yet.
Most Mac users are also Office users; to update an Office application manually, do the following:
Launch the Office application.
Choose Help
Select the update you want to install.
Click Install.
Follow the on-screen instructions to complete the update.
Note
You can configure Microsoft Office applications to check for updates automatically by choosing Help
Snapz Pro X from Ambrosia Software (www.ambrosiasw.com) is the best screen capture application for the Mac (almost all the figures in this book were captured with it). To configure it to check for updates automatically, perform the following steps:
Launch Snapz Pro X.
Click the Preferences tab.
Select the Check for new versions at launch check box. Each time you launch the application, it checks for newer versions. When one is found, you are prompted to download and install it.
When you use your home network, you should shield your MacBook from Internet attacks through an AirPort Extreme Base Station or Time Capsule. When you use networks outside of your control, such as one available in public places, you should use the Mac OS X firewall to prevent unauthorized access to your computer.
Warning
Never connect your MacBook directly to a cable or DSL modem without first enabling the Mac OS X firewall.
You can protect the computers on your local network from attack by placing a barrier between them and the public Internet. You can then use a Dynamic Host Configuration Protocol (DHCP) server that provides network address translation (NAT) protection for your network, or you can add or use a hub that contains a more sophisticated firewall to ensure that your network can't be violated. A benefit to these devices is that you can also use them to share a single Internet connection.
One of the easiest and best ways to protect machines on a local network from attack and simultaneously to share an Internet connection is to install an AirPort Extreme Base Station or Time Capsule. These devices provide NAT protection for any computers that obtain Internet service through them, and for most users, this is an adequate level of protection from hacking. That's because the addresses of each computer on the network are hidden from the outside Internet. The only address exposed is the one that is assigned to the base station by the cable or DSL modem. This address is useless to hackers because there isn't any data or functionality exposed to the Internet from the base station.
To learn how to configure a base station to protect your network and the computers on it, see Chapter 3.
Whenever your MacBook isn't protected by a base station or other firewall, make sure you configure its firewall to protect it from Internet attacks. Common situations are when you travel and connect to various networks, such as in public places and hotel rooms. In most cases, these networks are configured to limit access to your computer (similar to how a base station shields it), but you shouldn't count on this. Instead, protect your MacBook with its firewall by performing the following steps:
Open the Security pane of the System Preferences application.
Click the Firewall tab.
Click Start.
Click the Advanced button. The Advanced sheet appears (see figure 14.5).
To provide the maximum protection, select the Block all incoming connections check box. This prevents all connections except those very basic connections required for network access, such as DHCP and Bonjour. If an action you try doesn't work the next time you try it after configuring the firewall, you need to deselect this check box and perform Step 6 instead.
Add any applications you are sure you want to allow to have incoming connections or block all incoming connections by clicking the Add (+) button below the action list, selecting the application you want to add, and configuring its pop-up menu to Allow incoming connections or Block incoming connections. Applications that are allowed have a green status while those that are blocked have a red status. Any blocked applications are unable to receive incoming traffic, and functions associated with receiving communication from outside your MacBook are prevented. (When you've not allowed a specific application through the firewall and it tries to communicate, you're prompted to allow or prevent it.)
To allow applications that have a valid security certificate to receive incoming connections, select the Automatically allow signed software to receive incoming connections check box.
Select the Enable stealth mode check box. This further protects your MacBook by making sure that uninvited connection requests aren't acknowledged in any form so that the existence of your computer is hidden.
Click OK. Your settings are saved and the sheet closes. Your MacBook is protected by the firewall.
Note
If you have trouble with some network or Internet services after configuring the firewall, make sure you check the firewall configuration to ensure it isn't configured to prevent the kind of service you are trying to use. As long as the service is configured within Mac OS X, this shouldn't be the case, but it's a good thing to check if you have a problem.
Mac OS X includes a number of general security settings that are particularly useful if you use your MacBook in a variety of locations, some of which might allow it to be accessed by someone else. To configure these settings, do the following:
Open the Security pane of the System Preferences application.
Click the General tab (see figure 14.6).
Select the Require password after sleep or screen saver begins check box to require that a user type his account's login password to stop the screen saver or wake up the MacBook from sleep and then choose the amount of time the computer is asleep or in screen saver mode before the password is required on the pop-up menu.
To prevent someone from being able to use your computer just by starting it, select the Disable automatic login check box.
To restrict a user's ability to change system settings, select the Require password to unlock each System Preferences pane check box.
To cause user accounts to be automatically logged out after periods of inactivity, select the Log out after check box and set the amount of inactive time using the time box.
To protect the contents of your MacBook's virtual memory, select the Use secure virtual memory check box. When this feature is active, data written to disk is stored securely when virtual memory is required.
To prevent location services from identifying the MacBook's current location, select the Disable Location Services check box.
To prevent your MacBook from being controlled through an infrared remote control, select the Disable remote control infrared receiver check box.
Note
When you allow access to your MacBook through a remote control, you can click Pair and follow the on-screen instructions to pair your MacBook with a remote.
The most important thing you can do to protect your MacBook and its data is to back it up. Backing up simply means having at least one copy of all the data on your computer in case something should happen to the data. What could happen? Lots of things, such as an accidental deletion of files, a hardware or software problem that makes the data unavailable, liquid being spilled on the MacBook, and so on. There shouldn't be any question in your mind that something like this will happen, because no matter how careful you are, at some point data you want to keep is going to disappear from your computer. If you have everything backed up properly, this is a minor nuisance. If you don't have good backups, this could be a disaster.
To drive this point home, think about how much money you've spent on content from the iTunes Store. You can only download this content once. After that, if you need to download it again, you have to pay for it again. Going beyond money, consider photos that you manage in iPhoto. Many of those are irreplaceable; without a backup in place, you could lose them and never be able to get them back. Then there are documents you've created, financial records, and so on.
The good news is that with an external hard drive, you can use the Mac OS X Time Machine to back up with minimal effort on your part; in fact, once you set it up, the process is automatic. Time Machine makes recovering files you've lost easy and intuitive.
Time Machine backs up your data for as long as it can until the backup hard drive is full. It stores hourly backups for the past 24 hours. It stores daily backups for the past month. It stores weekly backups until the backup drive is full. Once the drive is full, it deletes the oldest backups to make room for new backups. To protect yourself as long as possible, use the largest hard drive you can, and exclude files that you don't need to back up (such as system files if you have the Mac OS X installation disc) to save space on the backup drive.
To use Time Machine, you need to gain access to an external hard drive and then configure Time Machine to use it. And you should know how to use Time Machine to restore files, should (I mean when) you need to.
To use Time Machine, you need to be able to store data on an external drive. To accomplish this, you have the following options:
Time Capsule. This Apple device is a combination AirPort Extreme Base Station and hard drive (see figure 14.7). With capacity options of 1TB or 2TB, you can gain a lot of backup storage space. Additionally, a Time Capsule is also a fully featured AirPort Extreme Base Station, so it makes an ideal backup drive for any computer connected to the AirPort network it provides. The downside of Time Capsule is that it is more expensive than a standard hard drive, but if you don't already have an AirPort Extreme Base Station, it is slightly less expensive than buying the base station and hard drive separately.
Hard drive connected through USB or FireWire. You can use a hard drive directly connected to your MacBook as a backup drive. This provides the fastest performance of any option, and hard drives are inexpensive and easy to configure. (See Chapter 13 for detailed information about connecting your MacBook to an external hard drive.)
Shared hard drive. You can back up to a hard drive that you can access through File Sharing over a local network.
Warning
It's best if you don't use a backup hard drive for any purpose beyond backing up your data. You want to keep as much space available for your backups as possible and using the drive for other purposes makes less room available for backing up, which means that your backups don't go as far back in time as they might. You can share a backup drive among multiple computers, but if you do this, make sure it is a very large drive.
After you gain access to a backup hard drive, you can configure Time Machine to back up your data. In an ideal world, your backup hard drive is large enough so that you can copy your MacBook's entire drive onto the backup so you can restore any file on your machine. However, unless you have a relatively small amount of data on your computer or a very large backup hard drive, making a complete backup will limit the time for which backup data is stored. So you might want to exclude certain files, such as system software files that are on the installation disc, to make your backups smaller so that they can be stored longer.
Warning
Is Time Machine perfect? It's close, but there are some things you need to be aware of. Hard drives can fail, and if your backup drive fails, it is no longer protecting your data. If you don't discover this until you need to restore files, you're out of luck. You should also back up important files in a second way, such as on DVD. You can burn files to a disc from the Finder and from within some applications. You should store your backup DVDs and CDs in a separate location just to be even more safe.
To configure Time Machine, perform the following steps:
Open the Time Machine pane of the System Preferences application.
Drag the slider to the ON position. Time Machine activates and the select drive sheet appears (see figure 14.8).
Select the drive on which you want to store the backed-up information.
Click Use for Backup.
If you selected a Time Capsule protected by a password, type the password and click Connect; if not, you don't need to do anything for this step. The sheet closes and you return to the Time Machine page. The drive you selected is shown at the top of the pane, and the timer starts the backup process, which you see next to the text "Next Backup."
Click the Stop button next to the text "Next Backup." This stops the backup process so that you can configure it more specifically.
Click Options. The Do not back up sheet appears. This sheet enables you to exclude files from the backup process. For example, you can exclude the System Files and Applications if you have the Mac OS X installation disc available because you can always restore the system from the disc.
Click the Add (+) button. The select sheet appears.
Move to and select the folders or files you want to exclude from the backup and click Exclude.
If you selected system files, click Exclude System Folder Only to exclude only files in the System folder, or Exclude All System Files to exclude system files no matter where they are stored.
If you don't want the backup process to run when you are operating on battery power, deselect the Back up while on battery power check box.
If you want to be warned as old backups are removed from the backup drive, select the Warn after old backups are deleted check box. This is a good idea, as it lets you know when your backup drive fills up.
Click Done. You return to the Time Machine pane, which displays information about your backup (see figure 14.9). The timer starts and when it expires, the first backup is created. From then on, Time Machine automatically backs up your data to the selected hard drive. New backups are created every hour.
Select the Show Time Machine status in the menu bar check box.
Note
After you disconnect the external hard drive you use as the backup drive or move out of range of the Time Capsule you use, the next time you reconnect to it, a backup is performed automatically. Make sure you connect to the hard drive or Time Capsule frequently because your backups are only as "fresh" as the last time you connected to the backup drive.
Time Machine backups happen automatically, but you should ensure things are working properly by following a few simple suggestions:
Every so often, open the Time Machine pane of the System Preferences application and check the status of your backups. This includes the name of the current backup drive, the amount of disk space available, the oldest backup stored on the drive, the latest backup, and the time at which the next backup will be performed. The latest backup date and time tell you how fresh your current backup is; it shouldn't be more than one hour old unless there is a problem, you've disabled Time Machine, or haven't connected the backup drive to your MacBook in a while.
As the backup drive gets full, you see warnings when old backups are deleted. You need to make sure that there aren't files in the old backups that you might need at some point. This can happen if you delete a document or folder from your MacBook but don't restore it for a long time. Eventually, the only copy left might be in the oldest backup that gets deleted when the hard drive gets full.
When your backup system has worked for a while, check the status of the hard drive you are using. If it is filling up rapidly, consider removing some of the system and application files that might be part of it to reduce the space required. The most important files to protect over a long period of time are those you've created, changed, or have purchased. Files that are already on a disc, such as Mac OS X software, are relatively easy to recover.
If there are files you want to keep, but don't use any more, consider moving them onto a DVD or CD for archival purposes. Then delete them from your MacBook's hard drive, and over time they'll be removed from the backups or you can exclude them from Time Machine to reduce the amount of drive space required.
Test your backups periodically to make sure things are working properly by attempting to restore some files (explained in the next section). If you don't discover a problem until you need to restore important files, it is too late, so make sure your backup system is working properly. Create a couple of test files for this purpose and let them exist long enough to get into your backups (at least one hour assuming you are connected to your backup drive). Delete some of the files and empty the Trash. Make and save changes to some of the test files. Then try to restore both the deleted files and the original versions of the files you changed. If you are able to restore the files, your data is protected. If not, you have a problem and need to get it solved so that your data isn't at risk.
Use the Time Machine menu on the Finder menu bar to quickly access commands and information. At the top of the menu, you see the date and time of the most recent backup. You can use the Back Up Now command to start a backup at any time. Select Enter Time Machine to restore files. Select Open Time Machine preferences to move to the Time Machine pane of the System Preferences application.
If you only have to use the information in this section to test your backups, it's a good thing. However, there may come a day when you need to use this information "for real" to recover files that are important to you. These might be photos from your last vacation, favorite songs you purchased from the iTunes Store, or even documents you've put a lot of work into. You might have accidentally deleted the file or realized you wanted a previous version. Or something might have gone haywire on MacBook and you lost some important files.
The reason this function is called Time Machine is that you can use it to go back in time to restore files that are included in your backups. You can restore files and folders from the Finder, and you can recover individual items from within some applications (such as photos from within iPhoto).
If the folders or files you want to restore are included in your backups and are available in the Finder, you can restore them by performing the following steps:
Open a Finder window showing the location where the files you want to recover were stored. This can be the location where files that have been deleted were placed, or it may be where the current versions of files are stored (in the event you want to go back to a previous version of a file).
Launch the Time Machine application by:
Clicking its icon (the clock with the arrow showing time moving backward) on the Dock.
Double-clicking its icon in the Applications folder.
Choosing Time Machine menu
The desktop disappears and the Time Machine window fills the entire space (see figure 14.10). In the center of the window, you see the Finder window that you opened in Step 1. Behind it, you see all the versions of that window that are stored in your backup, from the current version to as far back in time as the backups go.
Along the right side of the window, you see the timeline for your backups, starting with today and moving back in time as you move up the screen. At the bottom of the screen, you see the Time Machine toolbar. In the center of the toolbar, you see the time of the window that is currently in the foreground. At each end, you see controls that you use to exit Time Machine (Cancel) and the Restore button (which is active only when you have selected a file or folder that can be restored).
Move back in time by:
Clicking the time on the timeline when the files you want to restore were available.
Clicking the back arrow (pointing away from you) located just to the left of the timeline.
Clicking a Finder window behind the foremost one.
When you reach the files you want to restore, select them.
Click Restore. The files and folders you selected are returned to their locations in the condition they were in the version of the backup you selected, and Time Machine quits. You move back to the Finder's location where the restored files were saved. You can resume using them as if you'd never lost them.
Figure 14.10. You can use Time Machine to travel back in time to when files you want to restore were available.
Note
To restore a previous version of a file and keep the current version, rename the file before you launch Time Machine. Then restore the version of the file you want and you'll have both versions of the file in the Finder window.
Some applications that work with individual files, such as iPhoto and iTunes, provide Time Machine support so that you can restore files from within the application instead of by selecting the files in the Finder. This makes restoring files from certain kinds of applications easier because you can find the files to restore using the application's interface instead of using the Finder (which is difficult for iPhoto files because of the way that application names and organizes your photos).
The following steps show you how to restore photos in iPhoto (restoring files in other compatible applications is done similarly):
Open iPhoto.
Launch the Time Machine application by doing one of the following:
Clicking its icon (the clock with the arrow showing time moving backward) on the Dock
Double-clicking its icon in the Applications folder
Choosing Time Machine menu
The desktop disappears and the Time Machine window fills the entire space. In the center of the window, you see the iPhoto window. Behind it, you see all the versions of that window that are stored in your backup from the current version as far back in time as the backups go.
Move back in time by:
Clicking the time on the timeline when the photos you want to restore were available. The higher on the timeline you click, the farther back in time you go.
Clicking the back arrow (pointing away from you) located just to the left of the timeline.
Clicking an iPhoto window behind the foremost one.
As you move back in time, you see the versions of the window that are saved in the backup you are viewing, and the date and time of the backup in the center of the toolbar.
Use the iPhoto controls to move to the photos you want to restore.
Select the photos you want to restore.
Click Restore. The files are returned to iPhoto, and you can use them as if they'd never been lost.
Note
A portable hard drive is an ideal accessory for your MacBook so you can back up your data when you are on the move. A flash drive, SD card, or iPod is a good option to back up specific files when you can't access your regular backup system. If you have a MobileMe account, you can copy files to your iDisk to back them up.
If you travel with your MacBook, the data it contains is vulnerable because your computer can be carried away by other people. If you store important data on your computer, you can encrypt the data in your Home folder so that it can't be used without an appropriate password. Even if someone is able to mount the hard drive in your MacBook, he must have the password to be able to access data in your Home folder.
Warning
If you use your MacBook in public, you should disable automatic login whether you use FileVault or not. With automatic login enabled, anyone who starts your computer can use it. With this feature disabled, a password is needed to access it, which provides some level of protection. You should also require a password to wake up or come out of the screensaver if you leave your MacBook for any period of time without logging out.
The Mac OS X FileVault feature encrypts your Home folder using a password that you create so that this data can't be accessed without the appropriate password. To do this, Mac OS X has to create a copy of your Home folder during the encryption process, which means that you need to have free space that is at least the size of the information in your Home folder before you can enable FileVault.
Warning
To use FileVault, the associated user account must have a password. If you didn't configure a password for your user account, or for any other user account, you need to do so before you can activate FileVault. Also, only one user account can be logged in to activate FileVault.
To activate FileVault, perform the following steps:
Open the Security pane of the System Preferences application.
Click the FileVault tab (see figure 14.11).
Click Set Master Password. The master password sheet opens. The master password enables you to decrypt encrypted files for all users. You must create a master password before you can activate FileVault. If you are an administrator of the computer and no one else knows your password, you can use the same password that you use for your user account.
Type the master password in the Master Password field and the Verify field, and then click OK. The sheet closes and the Set Master Password button becomes the Change button.
Warning
FileVault can interfere with backup applications, including Time Machine. You must be logged out of your user account for Time Machine to be able to back up your Home folder. I recommend that you disable FileVault when you use your MacBook in a secure location so that your backups aren't disrupted.
Click Turn On FileVault. The FileVault service starts up, and you are prompted to type your password.
Type your user account's login password.
Click OK. You see a warning sheet that explains what you are doing and that activating this service can take a while (you can't log out of your account until the service has been turned on).
If you also want the data that is being encrypted to be erased securely when the encrypted version is created, select the Use secure erase check box (which overwrites deleted data so that it can't be recovered as easily).
Click Turn On FileVault. The FileVault window appears; you can't do anything else on your MacBook until FileVault starts. When the process is complete, you see the Login window.
Warning
FileVault must be activated for each user account to secure each user's Home folder. Also, it only protects data stored in the encrypted Home folder. Any data stored outside of an encrypted Home folder is vulnerable.
Log back in to your account. You shouldn't notice any difference, except that your Home folder's icon is now marked with the secure icon (a lock). All your Home folder files are encrypted and aren't accessible unless a valid encryption password has been entered.
When you log in to your account (or any other account protected by FileVault), the files in your Home folder are decrypted automatically so you won't need to do anything else to access them. The value of FileVault is for those times when you aren't logged in to your account and someone else has access to your computer. For example, suppose someone steals your MacBook. Although she can't access your user account without your login password, she could connect the computer to a FireWire drive with Mac OS X installed and start up from that volume. Because the files on your MacBook startup volume are not protected anymore (the OS on the computer to which the MacBook is connected is running the show), they are accessible. If FileVault is not on, these files are not encrypted and can be used, but if FileVault is on, these files are encrypted and are useless unless the password is known.
Note
If another user turns on FileVault and subsequently forgets his password, you can use your FileVault master password to decrypt the files in that user's Home folder. You can provide the master password to the other user so he can decrypt his files. Then change the master password to make sure only the authorized people have it. Or reset the user's FileVault password without providing the master password.
Many times, you can select a check box that causes Mac OS X to remember the passwords you type. These passwords are remembered in the keychain associated with your account. Just by using the remember check box, you get a lot of value from the keychain because it stores the various usernames and passwords for you. All you have to remember is the password for your user account that unlocks the keychain, which in turn applies the appropriate usernames and passwords so you don't have to type them manually.
When you have applications, such as Safari, remember usernames and passwords (such as those for Web sites you visit), they are also stored in your keychain so that you don't have to type this information each time you need to log in. Each kind of username and password is stored as a specific type in your keychain.
Before you can use a keychain, it has to be created; a keychain is created automatically for each user account you create. However, you can create additional keychains for specific purposes if you need to.
To use a keychain, it must be unlocked. To unlock a keychain, type its password when you are prompted to do so. When you log in to your user account, the default keychain for that account is unlocked automatically because its password is the password for the user account with which it is associated.
While typing a keychain's password can be annoying because it is a fairly common requirement, you should remember that at least you only have to remember the keychain's password instead of remembering a separate password for each resource.
Many types of resources can be added to your keychain to enable you to access them, including the following:
AirPort network passwords.
File sharing passwords.
Internet passwords.
MobileMe password.
Secure notes. You can store information that you want to protect using secure notes. For example, if you want to store your credit card information so that it can't be accessed unless you are logged in to your user account, you can add it to your keychain. When you need that information, you can open the secured note containing your credit card information in your keychain.
You can view and configure your keychain with the following steps:
Open the Keychain Access application located in the Utilities folder within the Applications folder (see figure 14.12). In the top-left pane is a list of all keychains that your account can access. In the lower-left pane is a list of categories for all the keychains that are installed under your user account. Select a category and the keychain items it contains appear in the lower-right pane of the window. You see information related to each keychain item, such as its name, its kind, the date it was last modified, when it expires, and the keychain in which it is stored. When you select a keychain item, detailed information about that item appears in the upper part of the window.
Note
Your default keychain is called the login keychain. The Passwords category contains several subcategories. To view them, expand that category by clicking its expansion triangle.
To see what items are included in your default keychain, select login.
Select the All Items category. Each item in your keychain appears in the list.
To get summary information about a keychain item, select it. A summary of the item appears at the top of the window, including the kind of item it is, the user account with which it is associated, where the location to which it relates is, and the modification date.
With the item still selected, click the Information button (the i located at the bottom of the Keychain Access window). The Information window appears. Depending on the item's type, its Information window contains various kinds of information that you can explore.
Close the Information window.
Double-click a keychain item. Its window appears. This window has two tabs: Attributes and Access Control. The Attributes tab presents information about the item, such as its name, its kind, the account, the location of the resource with which it is associated, comments you have entered, and the password (which is hidden when you first view an item). The Access Control tab enables you to configure how the item is used.
To see the item's password, select the Show password check box. You are then prompted to confirm the keychain's password.
Confirm the password by typing it at the prompt and choosing to allow access to the item. When you return to the Attributes tab, you see the item's password.
Click the Access Control tab. Use the access controls in the pane to control which applications can access this keychain item and how they can access it.
To allow access to the item by all applications, click the Allow all applications to access this item radio button. If you want to configure access for specific applications, continue with the rest of these steps.
To allow access by specific applications but require confirmation, click the Confirm before allowing access radio button, and select the Ask for Keychain password check box if you want to be prompted for your keychain's password before access is allowed.
To enable an application not currently on the list to access the keychain item, click the Add (+) button located at the bottom of the list and select the application to which you want to provide access.
Click Save Changes. Your changes are saved, and you return to the Keychain Access window.
You can add items to a keychain in several ways, including the following:
When you access a resource that can provide access to a keychain, such as a file server, look for the Add to Keychain check box.
Drag a network server onto the Keychain Access window.
Drag the Internet Resource Locator file for a Web page onto the Keychain Access window.
Manually create a keychain item.
Note
If a particular application or resource doesn't support keychains, you won't be able to access that resource automatically. However, you can still use Keychain Access to store such an item's username and password for you, thus enabling you to recall that information easily.
One useful thing you can add to a keychain is a secure note. This protects the information you enter with a password so that it can only be viewed if the appropriate password is provided. To add a secure note to a keychain, use the following steps:
Open Keychain Access.
Select the keychain to which you want to add the note.
Choose File
Type a name for the note in the Keychain Item Name box.
Type the information you want to store in the Note box.
Click Add. The note is added to your keychain and you return to the Keychain Access window where you see the new note you added.
To view a secure note, do the following:
Select the Secure Notes category. Your secure notes appear.
Double-click the note you want to read. The note opens.
Click the Show note check box. You see the note in the window.
When an application needs to access a keychain item and it is not configured to always allow access, you see the Confirm Access to Keychain dialog box that prompts you to type a keychain's password and choose an access option (see figure 14.14). When prompted, you have the following three options:
Deny. Access to the item is prevented.
Allow. A single access to the item is allowed.
Always Allow. Access to the item is always allowed, and you don't see the prompt the next time it is used.
If you want to become a keychain master, check out the following information:
Your keychains are stored in the Library/Keychains folder in your Home directory. You can add a keychain from one account to another account by moving the keychain file to a location that can be accessed by the second account. (For example, you can copy your keychain into the Public folder of your Home directory to enable other users to add that keychain to their own accounts.) To add a keychain to a user account, open Keychain Access under that account and choose File
Delete a keychain by selecting it and choosing File
If you choose Edit
You can synchronize keychains on different computers by using MobileMe syncing (see Chapter 5). This ensures that once you add information to your keychain, such as a secure note, it is available on all of your Macs.
If you choose Edit
Choose Keychain Access
If you choose Edit
If you choose Keychain Access