One useful feature of Mac OS X is the concept of a Keychain. A keychain contains a number of secure items such as passwords for websites, servers and programs as well as security certificates, which prove your identity when sending encrypted emails and chats or when accessing secure services like a VPN. All of these separate items can be contained within a single keychain so that you only need the password for the keychain to be able to unlock everything that items on the keychain secure. 

Your Mac actually has several keychains, one for each user called the Login Keychain that is unlocked automatically when they log in and several that are used by the system itself. Each user also has a default keychain where any new items are saved and this is usually the same as their Login Keychain.

Having the Login Keychain also be the default keychain sounds like a good idea at first, all you have to do is log in to your Mac and you can then access all the secure places that you need to access without having to remember any more passwords. Whilst being convenient this can also be A Very Bad Thing. If anybody is able to log in to your Mac they will have access to all of your secure items and if you are using somebody else’s Mac you have to be able to remember what all of your passwords are since your keychain will be back on your own one.

The answer to this is to literally keep your keychain on your keychain, or more accurately a USB key. Format the USB key as Mac OS X Extended then open up Keychain Access from /Applications/Utilities. Create a new keychain file using the File menu and store the keychain on the USB key using a secure password; you can use the Password Assistant in the dialog to check how secure your password is. Next select the new keychain and go to the File menu and choose Make Default. Any new items will now be stored on your USB key but you will need to move any existing ones over by dragging and dropping them from your Login Keychain to the new one. Make sure not to move things like your AirPort password or anything else that may be needed when your Mac logs in.

All you need to do now is to plug the USB key in before you log in to your Mac and remove it when you log out and you will be able to keep all of your passwords available for easy access but store them away from your Mac.

To use your keychain on someone else’s Mac open Keychain Access, click the add button and select the keychain on your USB key. Don’t forget to remove it from Keychain Access when you have finished.

Make sure that you make a backup of your new keychain somewhere secure as well since USB keys can go bad.