Keychain sharing is a feature in Apple devices that allows users to securely share passwords, account information, and other sensitive data between their own Apple devices. With keychain sharing, users can sync keychain data like website logins, credit card information, WiFi network information, and other account credentials between Macs, iPhones, iPads, Apple Watches, and more.
How does keychain sharing work?
Keychain sharing relies on end-to-end encryption and Apple’s iCloud service to share keychain data safely between devices. When a user enables keychain sharing on their Apple ID account, their keychain data is encrypted and uploaded to iCloud. This encrypted data can then be downloaded and decrypted on any of the user’s other Apple devices that they are signed into with the same Apple ID.
To enable keychain sharing, users must turn on two-factor authentication for their Apple ID account and be signed into iCloud on all devices. With two-factor authentication enabled, a secure cryptographic key is generated that allows Apple devices to access and decrypt the keychain data stored in iCloud. Without access to this key, the shared keychain data remains securely encrypted and inaccessible.
End-to-end encryption
A core component of keychain sharing is Apple’s use of end-to-end encryption. This means only you and your devices have the “keys” to decrypt your keychain data – not even Apple can access the encrypted data stored in iCloud. The cryptographic keys used to encrypt and decrypt your keychain data are securely stored only on your trusted devices.
When you first enable keychain sharing, your devices generate a set of encryption keys that will be used to protect your shared keychain data. One set of private and public keys is stored locally on each device. A second set of keys is generated and uploaded to iCloud in an encrypted escrow bag that can only be unlocked and accessed by your other devices.
This encryption system ensures that only your trusted Apple devices can decrypt and read your keychain data. Your keychain data is encrypted before it leaves your device, remains encrypted while stored in iCloud, and is only decrypted when retrieved by one of your approved devices after authenticating with your Apple ID and decryption keys.
Using two-factor authentication
In order to use keychain sharing, you must enable two-factor authentication (2FA) for your Apple ID account. Two-factor authentication adds an extra layer of security beyond just a password by requiring you to authenticate with a second factor – such as a verification code sent to one of your trusted devices – when signing into your Apple account.
With 2FA enabled, signing into your Apple account requires something you know (your password) and something you own (a trusted device). This prevents unauthorized users from accessing your account and encrypted iCloud data even if they know your password. Having 2FA enabled ensures that your keychain data remains securely encrypted in iCloud and is only accessible on your personal approved devices after unlocking with both your password and a second authentication factor.
Requiring trusted devices
In addition to 2FA, keychain sharing only allows your keychain data to be decrypted on trusted devices that you’ve previously approved. When you first set up keychain sharing, your personal devices generate encryption keys that are required to unlock and access your shared iCloud keychain data.
Even if someone else knows your Apple ID password, they will not be able to access your encrypted keychain data without also having access to one of your trusted devices that stores your personal encryption keys. This ensures that your sensitive credentials and account information cannot be accessed without your explicit approval.
If you ever lose a device or need to revoke access, you can review and remove trusted devices from your Apple ID account. This will prevent that device from being able to decrypt and retrieve your shared keychain data going forward.
What types of data can be shared via keychain sharing?
Keychain sharing allows users to sync a variety of sensitive personal data between Apple devices including:
- Website usernames and passwords
- WiFi network information
- Home and work contact information
- Mail accounts and email server settings
- Credit card information and app payment details
- Social media, banking, and other app account credentials
- Security and encryption keys
- Saved location and mapping favorites
- Safari bookmarks
Essentially, anything you have saved in your local keychain on one Apple device can be securely shared to your keychain on your other devices using the keychain sharing feature.
Sharing logins and passwords
One of the most useful aspects of keychain sharing is the ability to sync website usernames and passwords. Keychain access allows users to save login credentials for websites and apps on their Apple devices and safely reuse them with AutoFill.
With keychain sharing enabled, any passwords you save in your keychain on one device will automatically propagate to your keychain on your other iCloud-connected devices. This allows you to seamlessly log into websites and apps without needing to remember or re-type your credentials.
Sharing credit card information
In addition to login credentials, keychain sharing also lets you sync credit card information between devices. When you make a purchase in an app or on a website on one device, the credit card data can be saved to your keychain and then shared via iCloud to your other devices.
This makes entering payment information quicker and easier when making purchases online or within apps on any of your Apple devices. The card details are pre-filled automatically at checkout after authenticating with Touch ID or Face ID.
Sharing WiFi passwords
Keychain sharing also lets you sync your WiFi network information and passwords across devices. Instead of needing to remember and manually re-enter your WiFi login details on each device, keychain sharing securely transfers this information so any network passwords saved on one Apple device are available on your other devices.
This allows you to seamlessly connect to known WiFi networks without having to go through the password entry process on each new device. Your iPhone, iPad, Mac, Apple Watch, and more will all have immediate access to your saved WiFi passwords.
What are the benefits of using keychain sharing?
There are several notable benefits to using Apple’s keychain sharing feature:
Enhanced security
Keychain sharing relies on rigorous encryption standards to ensure your data stays private. The use of two-factor authentication, public key cryptography, and trusted devices means your sensitive information is protected from unauthorized access.
Convenience
Sharing keychain data between devices means you can seamlessly log into accounts, connect to WiFi, make purchases, and reuse passwords without having to manually re-enter credentials on each device.
Streamlined login
Thanks to shared passwords and AutoFill capabilities, keychain sharing enables faster, smoother logins when accessing apps, websites, and services across all your Apple devices.
Centralized storage
Instead of having fragmented accounts and credentials across devices, keychain sharing centralizes and syncs your sensitive data through encrypted iCloud storage.
Cross-platform conveniencE
Keychain sharing works across iPhone, iPad, Mac, Apple Watch, and Apple TV to provide a unified keychain experience across all your primary Apple devices.
What are the limitations of keychain sharing?
Despite the many benefits keychain sharing can provide, there are some limitations to be aware of:
Apple devices only
Keychain sharing only works between Apple devices. It does not share data across non-Apple phones, Windows computers, smart home devices, etc.
Manual syncing
Unlike some data syncing, keychain sharing is not automatic. Users must manually enable and configure the experience across devices.
Apple ID requirement
You can only share keychains between devices signed into the same Apple ID account. Switching Apple IDs or using separate accounts will create distinct, unshared keychains.
Nosharing with family
Apple’s Family Sharing feature does not extend to enabling keychain sharing across family members’ devices. Keychain data is only shared between a single user’s devices.
iCloud dependence
Keychain sharing relies on having an active iCloud account and being consistently connected to the internet to sync keychain data across devices via iCloud servers.
Security compromises
While very secure, any cloud-based syncing carries some risk of compromised data in the event of a breach. With sufficient encryption standards in place, however, this risk is minimal.
How to set up and manage keychain sharing
To start sharing keychains between your Apple devices, follow these steps:
- Enable two-factor authentication on your Apple ID account.
- Make sure you are signed into the same Apple ID on all devices you wish to share keychains between.
- On your iPhone, iPad, or iPod touch, go to Settings > [your name] > iCloud > Keychain and toggle on iCloud Keychain.
- On your Mac, open System Preferences > Apple ID > iCloud and check the box for Keychain.
- Accept the prompts on each device to set up your iCloud Keychain.
- Enter the security code sent to your trusted phone number when prompted during setup.
Once enabled across devices, your keychain sharing will sync automatically whenever you make changes or additions on any device. To manage trusted devices access and review logs:
- On iPhone/iPad/iPod – Settings > [your name] > iCloud > Manage iCloud Keychain
- On Mac – System Preferences > Apple ID > iCloud > Manage iCloud Keychain
Here you can remove trusted devices, view account activity, and ensure only your personal approved devices can access your shared keychain information.
Conclusion
Keychain sharing provides an easy and secure way for users to sync sensitive credentials, account information, and passwords between Apple devices. By relying on end-to-end encryption, two-factor authentication, and trusted devices, users can enjoy seamless and private access to keychain data across iPhones, iPads, Macs, and more.
While Apple-centric in nature, when properly configured and managed, keychain sharing takes much of the headache out of accessing accounts and reusing complex passwords across your personal iOS and Mac devices.