Hi all. Norton 360 VPN has recently asked for access to my Keychain. I understand this is to do with "NEIKEv2Provider" which is, quote, " a service responsible for establishing secure VPN connections ( built in VPN protocol on Mac)". Please could someone knowledgable tell me if granting this permission would give Norton or anyone else access to my administrator password or any password in my keychain? Thanks
I think I understand now. Thanks for your help
Maybe, discuss your concerns:
Enif2303:With Mac, the administrator password can be the same as the keychain access password. Or is *your* password referring to something else?
Do you have a user password (the password you use to log in to the computer)?
Do you have a password protected administrator account?
If the keychain password does not match your login password, when you log in to the computer...you must also enter a password to unlock the keychain.
"keychain access password" is the password used for Keychain Access.
Does *your* password (administrator password, user password, keychain access password) allow access to the keychain to receive the required authorization data for the VPN connection.
https://support.norton.com/sp/en/us/home/current/solutions/v138741680
A login password, also called a user password, allows you to log in and access the information on your Mac. When you create your login password, be sure it’s easily memorable, write it down, and keep it in a secure location. Privileges are limited by the type of user. An administrator user is required to perform many important tasks, such as setting certain system preferences, installing software, and administering standard users.
Keychain Access stores passwords for various apps and services. This saves you the effort of entering your password for each of the items in your keychain. A keychain password secures your keychain, which is unlocked when you log in. See About your keychain password.
https://support.apple.com/guide/mac-help/understand-passwords-mchlp2555/mac
If the keychain password does not match your login password, when you log in you must also enter a password to unlock the keychain.
The keychain password is available only to the user and not the administrator.
https://support.apple.com/guide/mac-help/about-your-keychain-password-mchlp1086/12.0/mac/12.0
Your Mac can have multiple administrators. You can create new ones, and convert standard users to administrators.
Don’t set up automatic login for an administrator. If you do, someone could simply restart your Mac and gain access with administrator privileges. To keep your Mac secure, don’t share administrator names and passwords.
https://support.apple.com/guide/mac-help/aside/gloscddf7f3c/12.0/mac/12.0
Thanks for the fast response. It's appreciated. I'm still a little unsure. Re comment 8512874 above "Norton support, please read what the dialog to enable VPN are asking. The advice you are giving is incorrect. They are NOT asking for an administrator password. They are asking for *your* password to access your login keychain".
With Mac, the administrator password can be the same as the keychain access password. Or is *your* password referring to something else?
Because Keychain Access securely stores and retrieves your user names, passwords, and other information, you can make individual passwords more complex and difficult to break. This can make your individual accounts more secure.
You can also use Keychain Access to manage certificates, which are issued by trusted organizations to validate websites, digital documents, and other web-based materials.
https://support.apple.com/guide/keychain-access/what-is-keychain-access-kyca1083/mac
NEIKEv2Provider uses the IKEv2 (built in VPN protocol on Mac), is a service responsible for establishing secure VPN connections. NEIKEv2Provider requests access to the KeyChain in order to receive authorisation data required for the VPN connection to be established. VPN Profile needs a private key that is used for signing for the actual handshake (IPSec) for key exchange to happen.
The keychain entries that get inserted into the user’s keychain need to be used for signing purposes during the IPSec handshake (which uses IKE ( Internet Key Exchange ) to determine a shared key for the session) and signing requires extra permissions in the keychain.
https://community.norton.com/en/comment/8513858#comment-8513858
Looks like Norton's Secure VPN has changed the way it interacts with the macOS networking. It looks like it now requires items to be put in your keychain. Note particularly that if you don't want the popup to occur each time Norton VPN wants access to the items, you choose "Always Allow" and not simply "Allow".
https://community.norton.com/en/comment/8512874#comment-8512874
Norton support, please read what the dialog to enable VPN are asking. The advice you are giving is incorrect. They are NOT asking for an administrator password. They are asking for *your* password to access your login keychain.
https://community.norton.com/en/comment/8513810#comment-8513810
The VPN configuration is placing a digital certificate in your keychain - the certificate is used to secure communications over the VPN. If properly set up using the guidance that Norton has provided, the request for the password should only be happening once. You have to select "Always allow" in the setup dialogs instead of "Allow" to make that happen. Otherwise the VPN will ask you for your password every time it needs to access the digital certificate it stored in your keychain.
https://community.norton.com/en/comment/8513819#comment-8513819