Avoid using encrypted sparse bundles for the moment, as you can’t change their password. Apple Encrypted Archives aren’t ready for normal use either.
password
How is an attacker most likely to get their hands on the secrets stored in your Mac’s keychains, and what can you do to protect them?
We’re swimming upstream in a raging torrent of alerts and notifications. Rather than clicking through everything, macOS should lead by example and do what we did with traffic signs.
Multiple requests for a keychain password, login password mismatch, broken keychains, expired certificates, and using the Data Protection keychain.
How can you tell whether a request for a keychain password is genuine? What about a regular request for password authentication?
macOS has two types of keychain, and its tools for working with them, Keychain Access and the command tool security, only work fully with one type.
What if you’ve forgotten your Mac’s password, or the secondhand Mac you bought expects you to enter one, or its owner has died?
hdiutil chpass, the only means of changing passwords for sparse bundles, doesn’t work in macOS Ventura 13.3.1. The workaround requires a VM and 13.1.
Contrasts how passwords and passkeys work, and how passkeys can be protected using iCloud, and Apple’s iCloud keychain escrow.
Solving repeated requests for passwords, telling the genuine from the bogus, how passwords can become mismatched, and more.
The Eclectic Light Company 