Keychain is macOS’s built-in credential store for passwords, certificates, Wi‑Fi secrets, browser tokens, and other authentication material. It is designed to keep sensitive data encrypted and accessible only to approved apps or the logged-in user, which makes it a core trust boundary on Apple endpoints.
In cyber security, Keychain matters because compromising it can expose more than a single password: attackers may gain reusable logins, session material, or secrets that unlock cloud, email, and developer accounts. Stealers often try to query Keychain directly, abuse user prompts, or trick victims into entering credentials into fake installers or terminal-based lures. Defenders monitor for unusual Keychain access, protect devices with strong local account controls, and reduce risk by using least privilege, MFA, and endpoint detection for suspicious credential-extraction behavior.



