Whisky Tango Foxtrot Apple Keychain Login Sync

On a whim, in MacOS X 10.4, because I was tired of my old login passwd, I changed it. No biggie, right?

I was presented with a dialog, basically saying “Your keychain password has also been changed.” …huh?

Bahhhh!!! No! I didn’t want that!

Grrr… go stomping off to the Utilities folder for the Keychain app and find buried in a preference somewhere a CHECKED radio button saying “synchronize with login password” or something similar.


I NEVER checked that box. I have always… always had different login and keychain(s) passwords. I would never dream of making them the same. What asshat in Cupertino decided the make this choice for me?? And HOW can I change my default keychain password back to what I want it to be (perhaps I missed the obvious in my blind rage?)

I REALLY want to kill somebody at Apple right now. What a bonehead thing. No warning beforehand, just changed something very personal and important. Of course I have UNchecked that box now, but it is too late. I’d like to change my muscle-memory-embedded keychain passwd back to what it should be. If I missed some obvious design change, announcement, READ ME file, or clearly marked option that lead to this situation, feel free to point it out to me. Otherwise bring me the head of the idiot who dreamed up this stupid default action in MacOS X “Tiger”.

Maybe this is “normal” now that I think of it… I may have always changed my password at the CLI prior to this… I think I better go eat dinner and calm down.

Update: After I calmed down a bit, I went back into Keychain Access and found the obvious menu choice to change the password for the keychain. No need to clue me about this. BUT, let me tell you about keychains, and how I use them. I have a login password. I have my laptop set to require both a username and password at login (IIRC OS X defaults to a list of usernames, with only the password field blank.) I also require my login password for waking my laptop from sleep, or to get past the screen saver.

Keychains, to my mind, are completely different from login passwords. The keychain is where you store all your various passwords for all those email accounts, web servers, stupid blogs like this one, etc. I actually use several keychains. I have my default keychain, which is where I store the most frequently used, but in no way terrifically important passwords. The the passwords for this stupid useless blog, or the shared IMAP boxes we use at work to read generic email addresses like “support@forest.net”, ” abuse@forest.net”, etc… you know the ones listed in whois that get more spam than real email. I have several other keychains, and these store progressively more secure data. Access passwords for ARD, Timbuktu, SNMP strings, specific personal passwords and data that I prefer to keep secure… and then finally there are some passwords I just won’t keep stored anywhere but my brain, enable passwords for BGP routers and other network devices, root passwords for our DNS and mail servers, etc.

Every keychain has a different password and they get progressively more complex with the level of security required for the keychain data.

My default keychain has had a four character password. Mind you, it isn’t a word, or even anything logical. It is a random string of 4 characters from 3 different rows of the keyboard. I have been using this password, and simple variations of it for 15 years. It takes me about a nanosecond to type it. It is so deeply ingrained in my muscle memory that I can bang out those four keystrokes and hit return, even with my clumsy two-finger typing style in less time than it takes me to type any other 5-character string imaginable. This is WHY I use it for mundane, default keychain access… clickety-click!

But NO. Some Apple asshat, probably the very same asshat that decided to default the login/keychain sync, decided that THEY decide what level of security my default keychain should have:

Just fsckin bite me!

If I feel the need to hide my lame, low-security password to my slashdot login with a 4 character password, then LET ME. I am an adult, I understand that somebody could steal my laptop and run a crack against my default keychain and probably crack it is a few minutes. Big deal. So they’ll have access to some stuff that I have already decided is low-security which is why I prefer to keep access to it EASY rather than hard. If I want to be an idiot, LET me be an idiot. Please. I’m fine with risk concerning this particular data. sheesh!

So if anyone knows some clever way around this stupid limitation, please let me know. I have no problems doing it on a command line, been there, done that since the Bush the Elder was borking up the economy.

Until then, I will be tripping over my fingers typing three extra characters to get to slashdot, spam, and this dumb blog. sigh.