Apple has recently introduced iCloud Keychain, a system designed to allow users to synchronize passwords and credit card information across Safari browsers within the Apple ecosystem. However, critical security flaws in the iCloud Keychain system make it unsuitable for the storage of any university credentials.
At this time, members of our community are advised to NOT use iCloud Keychain to store any university passwords or any other critically-important credentials.
In order to make the system easy to use across multiple devices, Apple must store the encrypted password database and an easy-to-retrieve copy of the cryptographic keys as well. Since most users will rely on the default four-digit PIN to protect the keychain, anyone who gains access to the encrypted password store though an attack on the Apple system or by theft of an Apple device can decrypt the stored passwords in a split second. Therefore, we recommend not using the iCloud Keychain to store passwords or sensitive/confidential data on any Apple device (iPhone, iPad, or Macintosh computer).
If you have any questions, please contact the Tech Desk at 570-577-7777 or firstname.lastname@example.org