Keychain does not encrypt names

[ithinkihaveacat]

One thing I was surprised to discover is that Keychain does not encrypt the names corresponding to password entries; these are easily readable via strings or similar. This means that the websites the user accesses, and often related email addresses, can be trivially extracted from the login keychain:

$ strings ~/Library/Keychains/login.keychain | grep www.britishgas.co.uk
www.britishgas.co.uk
www.britishgas.co.ukhtps

This is retrospectively "obvious" since Keychain itself can read the name/titles without a password, but it might be worth noting in the guide.