How to manage keychain clutter in OS X

The OS X keychain is useful for storing authentication information, but can get cluttered with unused items that sometimes may prevent it from working properly.

The OS X keychain is a useful and secure way to save passwords, certificates, and other authentication information for applications, Web sites, and various other services. By default these are generally loaded into either the log-in keychain or the System kechain, depending on whether the service is user-oriented or a system setting such as Wi-Fi or VPN passwords.

Though the keychain is convenient, sometimes after extensive use it can become cluttered with numerous items. Generally this clutter does not harm anything, but sometimes it can result in odd problems such as the incorrect password being used for a service even though the current password is saved.

Tidying up the keychain
If you are having troubles with the system constantly asking you to save passwords in the keychain, you might benefit from cleaning it up a bit. Open the "Keychain Access" utility and go through each keychain listed in the Keychains section (in the upper left of the window). If you have multiples of the same item, try first opening them to check which one contains the correct password information, and then delete the ones that are incorrect.

Keep in mind that if you have more than one account for an online service, you will see multiple entries for that service. One area where this will be most prominent is for Email accounts if, for instance, you have multiple Gmail accounts that you access through Apple's Mail program.

In addition to removing duplicate items, you might as well remove any expired certificates and keys that are in the keychain. While expired and unused items should not affect anything, removing them will keep the keychain relatively tidy.

When removing items from the keychain, do not worry about inadvertent deletions of active and used passwords. If they are missing then the programs using it will prompt you for the password again and create a fresh entry for it.

Starting over
Tidying up the keychain is one option, but some people might consider starting over with a fresh keychain. If so, then one way to do this is to go to the username/Library/Keychains/ folder and remove the "login.keychain" file in that directory. When you do this, upon logging in, the system will create a new log-in keychain and link it to your account so it opens whenever you log into your system. The keychain will be empty, so the system will regularly ask you for various passwords as it repopulates the new keychain.

Instead of deleting the old log-in keychain, another option is to rename it and keep it in your "Keychains" directory. From here, when the system creates a new log-in keychain you can open Keychain Access and choose "Add Keychain" from the "File" menu. Selecting the renamed keychain will make it available, and you can then unlock it and drag desired items from it to the newly created log-in keychain.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Featured Video

iPad Pro after one week: Can it replace your laptop?

CNET Senior Editor Andrew Hoyle has been using Apple's gigantic tablet as his main computer for a week. Luke Westaway asks how it stacks up.

by Luke Westaway