Viewing and updating a stored Gmail password on an OS X system

On a Mac OS X system, passwords can be stored in a keychain. You can view and manage stored passwords via the Keychain Access program found in the Applications/Utilities folder. If you use the Apple Mail program to check email for a Gmail account, you can view the password stored in a keychain for the Gmail account by opening the Keychain Access program and then typing gmail in the search box at the upper, right-hand corner of the window and hitting Enter. You should then see entries displayed for imap.gmail.com and smtp.gmail.com, if you are checking email via the Internet Message Application Access Protocol (IMAP) and sending email via the Simple Mail Transfer Protocol (SMTP).

Keychain Access Gmail entries

To view the stored password that is used to access the email for the Gmail account, you can double-click on the IMAP entry.

Keychain Access imap.gmail.com

To view the password, click on the Show password check box. You will be prompted to provide your login password. Provide that password and click on Allow, or Always Allow, if you don't want to see the prompt in the future when you request such access.

Keychain Access 
InternetAccounts Access Group

You will then see the password displayed next to "Show password".

If you wish to change the password stored in the keychain, you can type a new password and click on Save Changes.

DJI Phantom 3 Drone

Keychain Access Gmail password 
displayed

Alternatively, you can check the password from the command line, e.g., a Terminal window using a security find-internet-password -ga accountname command where accountname is the name of the Gmail account; don't include the "gmail.com" and be sure that you capitalize the account name just as it appears in the Account field when you view the information via the Keychain Access utility. E.g., if the Gmail address was public.public222@gmail.com, I could use the following command:

$ security find-internet-password -ga 'public.public222'
keychain: "/Users/jmcamer1/Library/Keychains/login.keychain"
class: "inet"
attributes:
    0x00000007 <blob>="imap.gmail.com"
    0x00000008 <blob>=<NULL>
    "acct"<blob>="public.public222"
    "atyp"<blob>="dflt"
    "cdat"<timedate>=0x32303135303832353231333334325A00  "20150825213342Z\000"
    "crtr"<uint32>=<NULL>
    "cusi"<sint32>=<NULL>
    "desc"<blob>=<NULL>
    "icmt"<blob>=<NULL>
    "invi"<sint32>=<NULL>
    "mdat"<timedate>=0x32303136303330333230343432395A00  "20160303204429Z\000"
    "nega"<sint32>=<NULL>
    "path"<blob>=<NULL>
    "port"<uint32>=0x0000008F 
    "prot"<blob>=<NULL>
    "ptcl"<uint32>="imap"
    "scrp"<sint32>=<NULL>
    "sdmn"<blob>=<NULL>
    "srvr"<blob>="imap.gmail.com"
    "type"<uint32>=<NULL>
password: "ThePassword"
$

The last line displayed is the password, so I could filter the output with grep, if I only wanted to see the password.

$ security find-internet-password -ga 'public.public222' | grep "password:"
password: "ThePassword"
$

Note: you will be prompted as to whether you wish to allow access to the information as shown below:

oreilly.com - Your tech ebook super store

Prompt to allow access to view password

You can click on Allow to permit access; if you don't want to see the prompt in the future, click on Always Allow.

Other options available for the security find-internet-password command are shown below:

Aiseesoft DVD Creator for Mac
$ security find-internet-password -h
Usage: find-internet-password [-a account] [-s server] [options...] [-g] [keychain...]
    -a  Match "account" string
    -c  Match "creator" (four-character code)
    -C  Match "type" (four-character code)
    -d  Match "securityDomain" string
    -D  Match "kind" string
    -j  Match "comment" string
    -l  Match "label" string
    -p  Match "path" string
    -P  Match port number
    -r  Match "protocol" (four-character code)
    -s  Match "server" string
    -t  Match "authenticationType" (four-character code)
    -g  Display the password for the item found
    -w  Display only the password on stdout
If no keychains are specified to search, the default search list is used.
        Find an internet password item.

You can use the security add-internet-password command to change the password.

$ security add-internet-password -h
Usage: add-internet-password [-a account] [-s server] [-w password] [options...] [-A|-T appPath] [keychain]
    -a  Specify account name (required)
    -c  Specify item creator (optional four-character code)
    -C  Specify item type (optional four-character code)
    -d  Specify security domain string (optional)
    -D  Specify kind (default is "Internet password")
    -j  Specify comment string (optional)
    -l  Specify label (if omitted, server name is used as default label)
    -p  Specify path string (optional)
    -P  Specify port number (optional)
    -r  Specify protocol (optional four-character SecProtocolType, e.g. "http", "ftp ")
    -s  Specify server name (required)
    -t  Specify authentication type (as a four-character SecAuthenticationType, default is "dflt")
    -w  Specify password to be added
    -A  Allow any application to access this item without warning (insecure, not recommended!)
    -T  Specify an application which may access this item (multiple -T options are allowed)
    -U  Update item if it already exists (if omitted, the item cannot already exist)

By default, the application which creates an item is trusted to access its data without warning.
You can remove this default access by explicitly specifying an empty app pathname: -T ""
If no keychain is specified, the password is added to the default keychain.
        Add an internet password item.
$

To change the password for the Gmail account public.public222@gmail.com in the example above to be ANewPassword, I could use the command below:

$ security add-internet-password -a 'public.public222' -U -s 'imap.gmail.com' -w 'ANewPassword'
$

The -a option is used to specify the account name, the -U option indicates I want to change an existing account (if I omitted it then the entry would not be updated if it already existed), the -s option specifies that I'm updating the entry for the server imap.gmail.com, and the -w option allows me to specify the new password. If you enclose the password in single quotes rather than double quotes, you can use characters, such as an exclamation mark, that might otherwise have a special meaning to the Bash shell and thus not actually be stored as part of the password as you expect.

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px