Options for securing password files in OS X

Password managers like Apple's Keychain or the third-party 1Password utility are exceptionally useful options for managing the numerous credentials we establish and use on a day to day basis with our computers. With these tools set up, you can easily check an option to save your username and password in an encrypted form, to be retrieved whenever you access the respective service.

Despite these tools, some people may still wish to keep a list of usernames and passwords they use in an accessible list, such as a text document or other more simplistic form, even if it's just out of habit.

Unfortunately, doing so circumvents the security offered by a keychain manager, and if your computer is stolen or accessed when you step away from it, then your passwords may be easily retrievable. However, with some simple steps, if you still wish to keep your password file, you can do so in a secure way.

1. Drive Encryption
   The first step is to enable full disk encryption on whatever drive you save your password file. If this drive is your boot disk, go to the Security section of the system preferences and enable FileVault; or if not, right-click the drive in the Finder and choose the option to encrypt it from the contextual menu. This will set the drive up as a CoreStorage volume, and secure it with a 128-bit AES encryption routine that should prevent file access in the event of theft.
   
   With encryption enabled, files can be stored on the drive in otherwise insecure ways, but they will be irrecoverable by anyone who does not have the drive's password.
2. Disk Image encryption
   While full disk encryption makes securing file contents seamless, you can do a similar routine for only a subset of files, by storing them in an encrypted disk image file. You can create an encrypted disk image in Apple's Disk Utility program by selecting New Disk Image from the File menu, and set a specific size of the image. You can also limit the size of the disk image, or more preferably use a dynamically expanding image such as a sparse or sparsebundle image. Next, choose either 128- or 256-bit encryption from the Encryption drop-down menu, and save the image in the location of your choice.
   
   Now you can open the image, supply your password when prompted, and copy your files into the image (it will behave just like you have attached an external USB drive).
3. Secure Notes
   Some programs offer options to secure individual files instead of collections of files or an entire logical volume. Programs like Microsoft Word offer options to secure documents with passwords, but with some of these programs the passwords just prevent opening and raw data may otherwise be extractable from the files. On the other hand, some programs offer robust encryption options that can secure your files. A couple of these include Word and Apple's Pages suite, but another convenient one is Apple's Keychain Access utility. This program offers a secure notes feature, which can hold text and images, and be fully encrypted along with other items in your keychain.
   
   To use this, open Keychain Access and choose the Secure Notes category of your keychain. Then click the little plus button to add a new note, and copy your desired content into it. Then close the note and whenever you need to access it, you can do so from the keychain access utility. This process will place the notes into your default login keychain, but you can create a separate keychain just for these notes, to further increase security.
   

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.