Say I installed a malicious app on my iPhone that stole my iCloud password. Can the Keychain be compromised ?

Basically, can the keychain passwords be accessed by solely having the iCloud password ? How safe is it ?


Solution 1:

It's pretty secure, since any new device attempting to read your iCloud Keychain requires one of the following:

  • One of your existing devices verifies the connection through a push notification with manual acceptance.

    When you enable iCloud Keychain on an additional device, your other devices that use iCloud Keychain receive a notification requesting approval for the additional device. After you approve the additional device, your iCloud Keychain automatically begins updating on that device.

  • Your iCloud Security Code

    When you set up iCloud Keychain, you're asked to create an iCloud Security Code. It can be a 4-digit code similar to the passcode lock for your device, or you can have a more complex code automatically generated for you. The iCloud Security Code is used to authorize additional devices to use your iCloud Keychain. It's also used to verify your identify so that you can perform other iCloud Keychain actions, such as recovering your iCloud Keychain if you lose all your devices.

    Entering the code incorrectly multiple times causes manual verification method

  • SMS verification to your phone.

    The device that is using the SMS-capable phone number you provided when you first set up iCloud Keychain. A verification code is sent via SMS to this phone number. If you don't have access to this number, contact Apple Support, who can verify your identity so that you can complete setup on your new device.

Furthermore, you can also protect your iCloud account / Apple ID by enabling two factor authentication so that in many cases - the first use of your iCloud password on a new device triggers a push notification warning in addition to the automatic email that Apple sends when your password is used on a new device.

In summary:

  1. You get email notification when your password is used on a new device for iCloud - no opt-in steps needed.
  2. Keychain syncing has enhanced protection / two factor authentication baked in, again no opt-in is needed.
  3. You can opt-in to AppleID two factor authentication to further protect against password loss/skimming.

Solution 2:

For some interesting takes on what great lengths Apple went through to make this scheme secure, see the following:

  • Synopsis of features of new iOS 7 keychain
  • White paper from Apple (technical details)

Short story: It's pretty secure, but understand how it works (nothing's completely secure). It's designed so that not even Apple can read your keychain, but be sure you know how to recover from lost devices, codes, etc.