Feb 9, 2012
I'm struggling to get Autofill and Keychain Access configured to operate in a rational way. Perhaps I don't understand something, but judging from all the discussion in various places, there seems to be quite a bit of confusion on the subject. What I want to do seems pretty logical and straightforward (at least to me) :
View 2 Replies
When I visit a secure site (say for online banking), I would like to have Safari use Autofill to get the password for his site from my keychain (where it is kept securely encrypted when not in use), and fill in the username and password fields for me. What I do not want is for Safari and Keychain Access to retain that userid and password info indefinitely. For example, I logged in to pay a bill at the airport lounge, and then someone swipes my MacBook, logs in, and transfers all my funds to their bank.
It seems that this was what was happening when I first set up Autofill... each time I went to the secure login page, Safari/Autofill/Keychain Access automatically filled in the userid and pw with no prompts, or request for authentication. This behavior might be OK for a website such as the New York Times, but it's not OK for my online banking account!
After some reading, much of which was conflicting due to various OS and Safari versions involved, and some trial and error and testing, I came up with the following settings:
1. In Safari, I set up Autofill to automatically supply userid's and pw's: At this point, there are no websites listed in the "Edit..." window.
2. Next, I entered the required info (userid, pw, URL) in Keychain Access, and set its Access Control as follows: This, I hoped would require that *each* use of the userid and pw be authenticated.
3. Now for the test: I go to the website, and get a request for authentication: So far, this is what I had hoped for, but immediately after I supply the keychain password, I am prompted for it again as follows (I've blanked the actual name of the website):
I want this to be secure, but entering the same keychain password twice is just annoying. I've tried various combinations and tweaks to configure this to work rationally (i.e. one and only one keychain password entry), but have not been successful. It seems that it will work with *no* authentication required, or with *double* authentication required.
Mac OS X (10.7.3)