OS X’s Keychain Password Request Dialog Does Not Inspire Trust

I use the OS X Keychain, but I have the password for my keychain set to a different one than my login password. As such, when I start up one of my Macs, I see a dialog asking me to enter the password to unlock my keychain.

But I’ve often felt that this dialog is not very clear, and does not inspire trust. It mentions one of a number of different system services, none of which the average user has ever heard of. Here’s the dialog I saw after I booted my MacBook Pro today:

Keychain password request

What is CallHistoryPluginHelper? Even I don’t know. Sometimes I see different services requesting the password, such as accountsd, or some other “d” (for daemon, or background process). I don’t know why today I saw a different process ask for the password.

The problem with this is that the dialog does not inspire trust. How do I know that it is really the system level keychain that is asking for this password? Couldn’t a third-party app toss up a similar dialog, and get me to enter my keychain password?

When it’s the Keychain Access app itself asking for the password, this dialog is different, but not by much:

Keychain app password request

Or if a different app requests access to the keychain, that app’s icon displays in the dialog:

Mail keychain request

But just after I saw the above dialog (I locked my keychain to get Mail to ask for it) I also saw this:

Keychain request

I don’t think that com.apple.internetaccounts.xpc is a very user-friendly name.

Apple should think about changing this dialog to make it more understandable. It’s quite an important dialog: if you do give away you keychain password to some random app, you can give away the keys to all your online accounts.