Keychain being used by downloads without permission

As I was downloading Opera browser for Mac, my Keychain Access popped up. I never use my Keychain for anything, but somehow Opera was able to get to Keychain without asking permission first. And somehow an entry was created for it:

Attributes
Name: Opera Safe Storage
Kind: application password
Account: Opera
Where: Opera Safe Storage

Access Control:
Confirm before allowing access


Keychain Access had not asked me to enter a password. Nor did Opera ask me any permissions to use the Keychain. All this was done without any warnings or notifications to me until after the fact.

1) First of all, how did this happen?
2) How do I prevent anything else from accessing my Keychain without permission?

Opera was not the only one, this is just the first time I noticed. I saw there had been entries made for Safari and others that had all accessed the Keychain in the past without asking me first.

Some sites, such as this one, should you tick the remember me, that is what happens Keychain passes it on.

The one thing I do not like about Opera is one is required, no option, to download Java from oracle which has proven faults.

Some sites, such as this one, should you tick the remember me, that is what happens Keychain passes it on.

The one thing I do not like about Opera is one is required, no option, to download Java from Oracle which has proven faults.


http://forums.macrumors.com/threads/apple-java-6-for-10-11.1890762/

Thanks Harry. I did not tick any boxes, unless there was a default setting I missed. Whenever I encounter a site that prompts, "do you want to remember this password," I always tick “Never for this website.” Also, Opera did not prompt me to install Java either - perhaps the newest version doesn’t require it.

The odd thing is that I did not enter any passwords for Opera, so I’m not sure what password it saved for me in the keychain.

Is there a way to configure the keychain so that the default setting is to not accept any new passwords?

And is it safe for me to delete all the random items in the keychain to start fresh, or are there items there that need to remain in the keychain?

Any application can use the OS X Keychain API to store and load items from an encrypted store. The keychain is not exclusive to users' items.

That said, this can only happen when the user also has Admin privileges. So to prevent this in the future, you may want to create a separate "Admin" user and give your own user less privileges. This will result in having to type the admin password a few more times, but you'll be in control.

I also recommend Little Snitch for monitoring any apps that want network access.

Thanks!

I just deleted the individual files in the keychain “login”.
Then I control clicked on “login” and clicked “delete keychain” + “delete references and files.”

I attempted to do the same with "local items,” however the option to delete is greyed out. I was only able to lock it. I did not touch the System or System Roots.

Then I followed your suggestion to go into another admin account, downgraded my personal account to standard user. Rebooted. Upon signing into my account, I received the pop-up: “OS X wants to use the Local Items keychain”
I ticked cancel.

Now I navigated to a website in Safari, and am getting the error message “A keychain cannot be found.” When I click the “?” it doesn’t show me any further info. I had to repeatedly click “Cancel” several times for it to cancel.

Do these sites need the keychain for things other than passwords? Will my Mac work incorrectly now that I have deleted these password files? I did not delete anything marked “keys” as I do not know what this is, only files marked “password.”

You may have broken something by manually deleting items.

Keychain is required to store HTTPS certificates from websites as well as any secure cookies. I would allow keychain access, unless you can see it is trying to store a login.

You can perform a keychain repair:

• Click on the Go menu > Utilities > Keychain Access.
• Click on the Keychain Access menu > Keychain First Aid.
• Enter your Username and Password.
• Click on Verify to check for corrupted passwords (red entries).
• Then select the Repair option.

These are the results of the keychain repair:

Verify:
Checked login keychain
Error: login keychain not found
Unable to get info for ~/Library/Keychains/login.keychain, reason: The operation couldn’t be completed. No such file or directory
Checked default keychain
Checked keychain search list
Problems were found; you should choose the Repair option to fix them
Verification failed

Repair:
Checked login keychain
Error: login keychain not found
Repair terminated unexpectedly



Additionally, I was concerned when I read that there are known exploits in Keychain. I am running OS X 10.9.5 Mavericks. How can I check to be sure that my Keychain is not compromised by any malware?

Best suggestion is to update the operating system. Last September Apple quietly ceased security updates for Mountain Lion OS X.8, and if they follow the usual protocol of not supporting further back than two operating systems, Mavericks may well get the chop later this year.

Thanks for the heads up. I’ll look into that after I get this sorted.

Meanwhile, how do I check my Mac to be sure I don’t have any Malware?

Dear Mac Newbie 01, the moral to this story is, don't muck around with Keychain Access (unless you really know what you are doing). If you keep it locked and leave it alone you have no reason to worry. Items stored in Keychain are there for a **** good reason. Everything you mentioned in your first post is NORMAL default behavior and NOT a security risk.

Keychain is not a folder filled with passwords, it is a complex system application essential to the running of the Operating System.

This is a case of "a little bit of knowledge is a dangerous thing".

I also assume all this tampering was done without a backup. (please tell me it isn't so). I notice you did not wait for an answer to your question, "And is it safe for me to delete all the random items in the keychain to start fresh, or are there items there that need to remain in the keychain?" Had you done so I (and I think any other member of this forum) would have said NO, at least not without a full backup first.

It is probable that you will need to rebuild the system from scratch by doing a clean install of the current OS or upgrade to El Capitan if your device can run it.
Also I am curious, if you never let your browser remember your passwords how do you remember them?

https://www.malwarebytes.org/antimalware/mac/

Malwarebytes for Mac the best abput and is free. Download from link, install and run Scan every week or two. It installs in your Applications Folder between Mail and Maps in my case.

@mac Newbie,

I know it's a bit late in the day; but the following Links might interest you as they explain the functions of Keychain Access and how you might handle various problems.

http://www.computerworld.com/article/2891793/how-to-use-mac-os-x-keychain-guide.html
http://www.umkc.edu/is/support/services/macintosh/keychain.asp

In the meantime, I agree with various commentators that you will have to restore Keychain either from a backup (Time Machine or a Clone), or by reinstalling your current OS, or, best of all (if your Mac can handle it) upgrading to El Capitan.

Without Keychain, your Mac isn't going to operate properly.

Ian

Hi Mac Newbie,
I agree with all who said that you must back up the system before trying to change the system's key settings (I hope you had time machine backup running). So if you don't have one, now is the time do a backup.

When you have that backup, please try this: first create a new account with administration privileges. This will be your plan B if something goes wrong and you can not login to your original account.

Then change your original OSX account password and log out of it. Log back into the original account with the new password.

You should get an access message about keychain and on that message window there should be a button "create new keychain". Click on that. Done.

If you can't get into the original account with the new password, use the plan B account to get in and change the password of the original account from there.

If all fail you need to restore your files from the backup you made before starting.

I hope this helps.

Hi @Mac Newbie, this does happen to a lot of Mac users where safari wants to use the local items keychain. The solution that helped me out of this was this: Finder => Go => Utilities => Keychain Access. Click the lock icon and lock the Keychain. Its on the top left. Now click the lock again to unlock it, type the OS X admin password if asked. Choose Reset My iCloud KeyChain. Hope it helps. https://appuals.com/mac-keeps-asking-for-keychain-local-items-password/