OS X: On Keychains & First Aid

Anyway, the program that controls all of the keychains (and thus the stored passwords) that you have is called Keychain Access, so that's where we'll do our troubleshooting for the purposes of this tip. 

One of the common symptoms of a potential keychain issue is this familiar but incredibly annoying alert from Mail, especially if you start seeing it all of the time:

Of course, that box can mean tons of things, from network or server troubles to your password actually being incorrect (surprise!), but it can also indicate that something's wrong with the keychain entry that's storing that password. To check it out, first open the aforementioned Keychain Access program, which lives in your Applications> Utilities folder. 

Here's its pretty little icon.

Once it’s open, click on the “Keychain Access” menu in the upper-left corner and choose Keychain First Aid.

In the window that appears, you’ve only got two options—”Verify” and “Repair.” If you just wanna see if anything’s wrong, click “Verify,” type in your account password, and then choose Start. If you’d like to fix problems as they're found, select “Repair” instead. Pretty self-explanatory, right?

Whew!

If the program finds and fixes anything, try doing whatever caused you to want to repair your keychain in the first place and see if the issue’s been resolved. If not (or if the First Aid tool didn’t find anything, which is quite common), you can try some more serious steps, like searching for any keychain entries that are associated with the problem and removing them manually. So for example, if we pretend I've got a troublesome Gmail account that keeps prompting me for my password within Apple Mail, I can search Keychain Access for “Gmail” and see what comes up:

That's…um, only about a twentieth of what's actually there. I have a lot of Gmail accounts.

I could then select some or all of those entries and press the Delete key to get rid of them, or I could double-click each one to see more details about what's stored there. If I delete an entry, Mail will request the missing password again (since Keychain Access no longer has it stored), and when I re-enter it, a new keychain item will be created. So if the problem is with one particular entry, that's an easy way to troubleshoot things. 

Finally, if you're having tons of issues, a nuke-it-from-orbit solution would be to reset your entire keychain. Apple’s got a support article on that, but I really really really don’t recommend you follow those instructions unless you know what you’re getting into and you’ve got some serious problems with your keychain. If I didn’t say “really” enough there, let me do it some more. Be really really really careful with that, OK?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.