Wim Decorte, May 15, 2015, Soliant Consulting Blog

Source: https://www.soliantconsulting.com/soliant-tv/keychain-access-windows-mac/

Table of Contents

• Introduction
• What is Keychain Access in FileMaker?
  • Mac Keychain Access
  • Windows Credential Manager
• Key Changes in FileMaker 14
  • 1. Credential Management on Windows
  • 2. Developer Control Over Credential Storage
• How to Use Keychain Access in FileMaker 14
  • Storing Login Credentials
  • Accessing and Managing Credentials
• Disabling Credential Storage for Users
  • Turning Off Keychain Access
  • Use Cases for Disabling Credential Storage
• Best Practices for Secure Credential Management
• Conclusion

Introduction

In this post, we’ll take a deep dive into how Keychain Access works in FileMaker 14 on both Mac and Windows, the changes it brings, and how you can control this feature as a developer.

What is Keychain Access in FileMaker?

In FileMaker, Keychain Access is a feature that allows users to store their login credentials (username and password) securely, so they don’t have to re-enter them each time they access a file. This is especially helpful for users who frequently access the same FileMaker solutions, saving time and providing a seamless login experience.

Mac Keychain Access

For Mac users, FileMaker integrates with Apple’s Keychain Access, which is a built-in macOS feature for securely storing sensitive information like passwords, certificates, and private keys. When enabled, FileMaker will automatically store your credentials in Keychain, and next time you open the file, your login information is filled in automatically.

Windows Credential Manager

New in FileMaker 14 is the support for Windows Credential Manager, a similar tool on the Windows operating system. The Credential Manager stores login credentials in a secure vault, and just like the Keychain on Mac, it autofills your login information when you reopen the FileMaker file.

Key Changes in FileMaker 14

FileMaker 14 brings two significant updates related to credential management, making the experience smoother across platforms while also giving developers more control over security.

1. Credential Management on Windows

Previously, storing login credentials was exclusive to Mac via Keychain. With FileMaker 14, Windows users can now benefit from similar functionality through the Credential Manager. This is a major upgrade for cross-platform FileMaker solutions, ensuring both Mac and Windows users enjoy the convenience of storing credentials securely.

You can find the Credential Manager in the Control Panel of Windows. From there, you can view and manage any saved credentials, including those saved by FileMaker.

2. Developer Control Over Credential Storage

One of the most impactful changes for developers in FileMaker 14 is the ability to disable credential storage. While this feature is enabled by default, allowing users to store their login details, developers can now turn it off, preventing the operating system from storing any credentials.

This added control allows developers to enhance security by ensuring that credentials are always entered manually or managed through other secure methods.

How to Use Keychain Access in FileMaker 14

Storing Login Credentials

On both Mac and Windows, when you log into a FileMaker file, you will see a checkbox below the password field that allows you to store your credentials.

• Mac: “Allow Keychain Access to save password.”
• Windows: “Allow Credential Manager to save password.”

If this option is selected, your credentials will be securely stored on the system. The next time you open the file, you will not be prompted for a password, as the system will auto-fill your details.

Accessing and Managing Credentials

• On Mac, you can access the Keychain by opening Keychain Access from the Utilities folder in Applications. From here, you can view and manage the saved FileMaker credentials.
• On Windows, open the Control Panel and navigate to Credential Manager. Here, you can see the stored credentials for FileMaker and manage them (edit or delete) as needed.

Disabling Credential Storage for Users

As a FileMaker developer, there may be scenarios where you don’t want users to store their credentials in Keychain or Credential Manager. FileMaker 14 now allows you to disable credential storage directly from File Options.

Turning Off Keychain Access

To disable the ability to save passwords, follow these steps:

1. Go to File > File Options.
2. In the File Options dialog, you will see a new checkbox:
   • Mac: “Allow Keychain Access to save password.”
   • Windows: “Allow Credential Manager to save password.”
3. Uncheck this option to prevent the operating system from storing any login credentials.

This feature is enabled by default, meaning unless you explicitly turn it off, users will have the option to store their credentials.

Use Cases for Disabling Credential Storage

Disabling credential storage may be necessary in scenarios where enhanced security is a priority, such as:

• Multi-user systems: When multiple users access the same computer, you might want to prevent credentials from being stored to avoid accidental logins by other users.
• Sensitive data environments: For files that contain highly confidential information, it may be safer to require users to enter their login details every time.
• Compliance: Some industries may have compliance requirements that prohibit storing login credentials locally.

Best Practices for Secure Credential Management

While Keychain and Credential Manager offer convenience, it’s crucial to balance that convenience with security. Here are some best practices for managing credentials in FileMaker 14:

1. Use strong passwords: Always ensure that users set strong, unique passwords, especially when using credential storage.
2. Enable two-factor authentication: For added security, use two-factor authentication (2FA) alongside credential storage to protect against unauthorized access.
3. Regularly review stored credentials: Periodically check the Keychain or Credential Manager for outdated or unnecessary credentials and remove them.
4. Monitor user access: Keep track of user access logs in FileMaker to ensure that credentials aren’t being misused.
5. Disable storage for sensitive data: For files with sensitive information, consider disabling credential storage altogether.

Conclusion

FileMaker 14 offers improved convenience for users on both Mac and Windows with its seamless integration of Keychain Access and Credential Manager. These tools simplify the login process by securely storing credentials, but developers must be mindful of when to allow or disable this feature. By following best practices for credential management, you can strike the right balance between ease of use and security in your FileMaker solutions.