Keeping my Apple Keychain on a USB Flash Drive
I've been facing the problem of securely mirroring my security credentials across our two Macs at home. The solution I've gone with is to use a Sandisk USB flash drive containing an encrypted, password-protected keychain.
The Apple Keychain is a great application that integrates nicely with any application capable of using its various APIs (Applescript, Cocoa, Carbon, etc). Rather than commiting to memory dozens of usernames and passwords for various web sites and programs, you can consolidate them in a password-protected keychain. Applications like Safari and Mail can then request access to a user's keychain to obtain security credentials.
Having a single keychain per machine would be like keeping your house keys at home, and your work keys at work. It doesn't make sense. Consolidating all of your keys onto a single, portable keychain improves the manageability of the keys and makes them less vulnerable. Imagine leaving on the surface of your desk the key to a filing cabinet located in your office. When you aren't at your desk, the key can be used without your knowledge. Such an opportuntiy for theft would not exist if you took the key with you on a keychain.
So, placing all of your digital credentials on a portable keychain has the ability to improve your overall information security. But it's extremely important that you protect the keychain. Just as with your real keys, anyone who gets your keys has access to your home, office, and car. Therefore, it's important that you protect your digital credentials as much as, if not more than, your real keys. Protecting the keychain in Mac OS X is easy since the keychain is password protected and encrypted. By choosing a strong password for the keychain, you can ensure that anyone who surreptitiously gains physical access to the digital keychain won't be able to view your credentials.
So far, I've had a good experience with my digital flash drive. While switching between my Powerbook and Mini, I simply bring the flash drive with me. Mac OS X automatically refers to the keychain when it is available. I wish that a similar facility were available for Windows PC's so that I could securely store and access my credentials at work.