[haxxorfreak]

Yes, the keychain is encrypted with your OS X user login password and only unlocked on login. I imagine this will still be the case as Apple mentioned AES256 encryption on their iCloud Keychain slide, though they could change it to use your Apple ID password if they plan on having mobile device support.

[nodata]

So let's see... in Firefox I have FIVE apple logins saved, because they can't decide on which url to use:

* appleid.apple.com

* daw.apple.com

* id.apple.com

* secure1.store.apple.com

* secure2.store.apple.com

If they have trouble getting something as simple as that right, I'd like them to stay away from my keychain.

[smackfu]

That seems like a fault of Firefox that it can't wildcard password storage. That situation works in 1Password.

[meepmorp]

I don't think Firefox saves logins in the OS X keychain, and mapping which credentials go with which urls is something that Firefox is responsible for, not Apple.

[nodata]

Apple doesn't have a consistent single login url. Firefox isn't to blame for that.

[pooriaazimi]

> Yes, the keychain is encrypted with your OS X user login password and only unlocked on login

The "login" keychain is encry..... (the rest of your sentence).

You can have many more keychains, and they can have far more sophisticated passphrases. I have an "Internet Identities" keychain (for iCloud, Gmail, Dropbox, VPSs, Github, ...) that has a very long passphrase and is not unlocked at the login, nor it stays open after you enter the password (so, if Safari asks for the password and I enter it, the keychain doesn't just stay "open" for all apps to feast upon).