In the innocent days of our computing youth, many of us had to memorize just one passwordthe one we used to send and retrieve our email over a glacially slow dial-up connection. User-account passwords? For geeks. Shopping-site passwords? What shopping sites? iTunes Store? App Store? Mac App Store? Didn't exist.

In what may seem like a step backward, we now juggle dozens of passwords. We have passwords for logging on to our Macs, accessing our iOS devices, checking our email, receiving instant messages and texts, purchasing real and virtual goods, yacking on social networking services, streaming music and moviesthe list goes on and on.

Fortunately, we no longer need to scribble down each and every password on a hunk of binder paper that we tape to our desks in plain sight. Our Macs can store these passwords and, in many cases, automatically fill them in when needed. But theres more to know about passwords and the Mac's ability to store them than the simple fact that they exist. Here's a quick guide to what you canand cantdo with OS Xs passwords.

Keychains are key

Ever since Mac OS 8.6, the Mac has managed passwords with Keychain, Apples password-management system. The Keychain Access application (/Applications/Utilities) is a front-end to that system. It stores a wide variety of itemsincluding passwords for email, websites, servers, network shares, Wi-Fi networks, and encrypted disk images. Additionally, it can store secure notes, private keys, and certificates. Whenever you save a passwordwhether you're prompted by an application or you're saving a websites passwordits stored in the Macs keychain.

The Mac places keychain files in multiple locations/System/Library/Keychains, /Library/Keychains, and youruserfolder/Library/Keychains. Thankfully, the contents of these various keychain files are combined into Keychain Access, so that you needn't worry about where they're held.

Launch Keychain Access, and youll see that the window is divided into three panes. The top-left pane lists keychains accessible to you. Below this is the Category pane. Here you can choose to view specific kinds of things stored in the keychainpasswords, secure notes, certificates associated with your account, encryption keys, and certificates used broadly by your Mac. The largest pane, to the right, displays the contents of selected category itemsfor example, all of the items that have a password associated with them. Except in the case of certificates, you can double-click on one of these items to open a window where you can view the items attributesname, kind, associated account, location (a website or network address)as well as its access control (meaning the applications and services allowed to access the item).

Recover passwords

Keychain Access can do several useful things. For example, if youve forgotten a password and would like to recover it, Keychain Access is the place to go. To learn the identity of a password, select All Items or Passwords in the Category pane, then find the the item you want the password for and double-click it.

In the resulting window, enable the Show Password option. Youll be prompted for the password for the login keychain. Enter that and click Allow, and the password will be revealed in the Password field.

If you seek only to recover saved website passwords and are running Safari under Mountain Lion, your task is easier. Launch Safari, open Safaris preferences, and click the Passwords tab. All the websites for which youve saved passwords in Safari will appear in a list. Enable the Show Passwords option and enter your login password when prompted. Passwords will be listed to the right of each site.

You can also remove website passwords here. Just select the site you want to delete and click the Remove button. Or, to remove all remembered passwords, click Remove All.

Change the login keychains password

When you first set up a user account, the login password used for that account is additionally assigned to the login keychain, where new passwords are stored by default. So you can simply enter the password you use with your account to uncover a keychain item's secrets.

If theres a flaw in the Keychain Access security setup, this is it. If someone knows your accounts password, they can access the items in this keychain and then discover your other passwords. If youre concerned about that, you can easily change the password for the Login keychain.

In Keychain Access select the login keychain and choose Edit > Change Password For Keychain "login". Youll be prompted to enter your current password (the one you now use for your user account) and then enter and verify a new password. Do this, log out of your account and then back in; when the Mac needs to use one of the passwords stored in the login keychain, youll be prompted to enter it. As long as youre logged in, you shouldnt be troubled for that password again.

Auto-lock the keychain

By default, once youve logged in, your keychain will be unlocked, which isnt terribly secure if others can access your Mac when youre not around. You can add a level of security that auto-locks your keychain. To do that, launch Keychain Access, select your login keychain, and choose Edit > Change Settings for Keychain login.

The sheet that appears shows two options: 'Lock After X Minutes of Inactivity' and 'Lock When Sleeping'. If you choose the first option and configure it to read something like 5 minutes, your keychain will lock if it hasnt been accessed in the last five minutes. If an application needs access to your keychain after that limit has expired, youll be prompted for your login keychain password. Additionally, enable the Lock When Sleeping option, and your keychain locks when your Mac goes to sleep (when you close your MacBooks lid, for example). Click Save to implement the selected options.

If you forget

Youve changed the login keychains password and, regrettably, forgotten the new password. Is there any hope? Regrettably, no. Apple uses the Triple Digital Encryption Security standard (3DES) to secure the keychain. While not the most modern encryption scheme, its quite secure for everyday usersin this case, you. Unless you can recall your password, youre out of luck and must start over. To begin that process, well make a copy of the old keychain for safekeeping, in case you remember its password; we'll remove it from Keychain Access; and then we'll create a new login keychain that youll use in the future.

To do that, move to the Finder, select Go > Go to Folder, and enter ~/Library/Keychains. A Keychains folder containing your personal keychains will open. Locate the login.keychain file and drag it to a safe place on your Mac (the Documents folder, for example).

Now launch Keychain Access and select the login item that appears in the Keychains pane. It should appear as an empty box, indicating that its missing from the Keychains folder. Choose File > Delete Keychain login". In the sheet that appears, click Delete References.

Now choose File > New Keychain. In the resulting Save dialog box, name the new keychain login and save it to the default location (which is your accounts Keychains folder). Youll be prompted to create and verify a password for this keychain. (Be sure to choose a password that youll remember this time.) From this point forward, passwords that you add will appear in this keychain. And, yes, youll have to reenter any passwords stored in the old keychain when prompted.

Should the day come when your old password suddenly dawns on you, do this: In the Finder, open that Keychains folder and remove the current login.keychain file and put it in a safe place. Locate the old keychain whose password youd forgotten and place it in this folder. Log out of your account and then back into it. In all likelihood youll be prompted for the password for your keychain by some startup item. When you are, enter the password and the keychain will be unlocked.

Share your login keychain

If you have multiple Macs, each one has its own login keychain with its own set of passwords. Wouldnt it be great if each Mac had access to the same keychain? They can. Like so:

Make a copy of the login.keychain file inside the Keychains folder on the Mac that has the most complete set of passwords, and copy it to your other Macs. Remove the login.keychain file from each Macs Keychains folders and put it in a safe place in case something goes wrong. Place the copied login keychain file within the users Keychains folder. Log out and log back in. If your login password on the Mac youre currently using is different than the one on this master Mac, youll be prompted for the login keychains password. Once you enter it, you should have access to the same passwords as that master Mac.