Why does Keychain Access show the password field grayed out?

You have not ticked Show password yet. Tick it, then authenticate with your login password or Touch ID. If the box is still disabled, the WiFi item is stored in the System keychain and you must unlock it first as an admin.

Does this work on M1, M2, and M3 Macs?

Yes. Apple Silicon uses the same Keychain and security command. The only difference is that Touch ID is available on all MacBook Air and MacBook Pro models, which replaces the admin password prompt.

Can I see WiFi passwords synced from my iPhone via iCloud Keychain?

Yes, as long as iCloud Keychain is enabled on both devices with the same Apple ID. Networks joined on the iPhone appear in Keychain Access on the Mac within a few minutes and can be read with the same methods.

Can I reveal a WiFi password without admin rights?

Only if the WiFi entry is in your login Keychain. System-wide WiFi profiles stored in the System keychain require an administrator password to reveal.

Is there a command to list every saved WiFi network at once?

Use networksetup -listpreferredwirelessnetworks en0 to list SSIDs, then loop them through security find-generic-password -ga. A ready-to-paste bash snippet is included further down the page.

macOS Sonoma / Ventura / Monterey / Big Sur

Find a Saved WiFi Password on a Mac

Every WiFi network a Mac has ever joined is stored in Keychain, Apple's local credential database, along with the WPA key in a form the system can decrypt back to plain text. There are three reliable ways to read it back: the Keychain Access app that ships with every macOS install, the security Terminal command for scripts and bulk export, and the new System Settings path introduced in Sonoma 14. All three work on Intel, M1, M2, and M3 Macs, and all three respect Touch ID so you can authenticate with your fingerprint instead of typing the admin password.

Method 1: Keychain Access app

Keychain Access is the graphical front end to the macOS credential store. It is the friendliest path when you only need to look up one password and you prefer clicking to typing.

1
Open Spotlight with Command + Space, type Keychain Access, press Return.
2
In the sidebar select System if the network was joined by every user on this Mac, or login for networks you joined only from your own account.
3
Click the Passwords category at the top.
4
Find your SSID in the list, or type part of it into the search box in the upper right.
5
Double-click the entry, tick Show password, then authenticate with Touch ID or your login password.
6
The WPA2 or WPA3 key is printed in plain text next to Password.

If the SSID appears twice, once under System and once under login, they are the same network saved at different scopes. Either copy will work. System requires an administrator password to reveal, login does not.

Method 2: Terminal with the security command

The security binary is the command-line interface to Keychain. It is the fastest method and the only one that scales to scripts, backups, and recovering credentials from an old Mac before erasing it.

1. Reveal one specific WiFi password:

security find-generic-password -ga "MyHomeWiFi"

The first time you run this for a given SSID, macOS shows a Keychain prompt asking whether Terminal should be allowed to read the item. Click Always Allow so subsequent calls do not interrupt you, or Allow Once for a one-off look. On Macs with Touch ID the fingerprint sensor is offered instead of the password field.

The password line in the output looks like this:

password: "SuperSecretPassphrase123"

2. Suppress the rest of the attributes and print only the password:

security find-generic-password -wa "MyHomeWiFi"

The -w flag tells security to print only the password value, no metadata. This is the form you want inside shell pipelines.

3. Dump every saved WiFi password on this Mac:

for ssid in $(networksetup -listpreferredwirelessnetworks en0 | tail -n +2 | sed 's/^[[:space:]]*//'); do
  pw=$(security find-generic-password -wa "$ssid" 2>/dev/null)
  [ -n "$pw" ] && printf "%-30s %s\n" "$ssid" "$pw"
done

Paste this into Terminal and macOS prompts once per SSID unless you clicked Always Allow. The output is a two-column table of SSID and plain text password. Replace en0 with en1 if your WiFi is the second network interface, which is common on Macs with Ethernet adapters.

Method 3: System Settings on macOS Sonoma 14

Sonoma introduced a new Wi-Fi pane that finally exposes saved passwords without opening Keychain Access. This is the friendliest way on modern Macs, but it only exists on macOS 14 and later. Earlier versions must use Method 1 or Method 2.

1
Click the Apple menu, choose System Settings.
2
Select Wi-Fi in the sidebar.
3
Scroll down and click Advanced next to Known Networks.
4
Find the SSID whose password you want, click the three-dot icon, choose Copy Password.
5
Authenticate with Touch ID or your login password. The password is now on the clipboard.
6
Paste it into any text field to see it in plain text.

Copy Password puts the password on the clipboard but does not display it on screen, which is a deliberate design choice. If you prefer to see the value directly, Keychain Access and the Terminal method both print it in plain text on the same Mac.

iCloud Keychain: passwords from your iPhone

If you enabled iCloud Keychain on your iPhone and your Mac, WiFi networks joined on either device sync to the other automatically. That means a Mac can reveal the password of a network you only ever joined from your phone, as long as both devices are signed into the same Apple ID and iCloud Keychain is switched on.

Check the status on the Mac in System Settings → Apple ID → iCloud → Passwords and Keychain. If the toggle is on, your iPhone WiFi credentials are already in your local Keychain and all three methods above work on them.

On the iPhone side, iOS 16 and later added a built-in reveal path. We cover it in detail in the iPhone WiFi password walkthrough. The Mac route is usually faster if you already have both devices in front of you.

Apple Silicon notes (M1, M2, M3)

Apple Silicon Macs use the same Keychain format as Intel Macs, so every method on this page works without modification. Two differences are worth knowing:

Touch ID is everywhere. Every MacBook Air and MacBook Pro shipped since the M1 has Touch ID. When Keychain prompts for authentication, tap the sensor instead of typing your password.
Secure Enclave stores the decryption key. The raw Keychain blobs are encrypted by a key stored in the T2 or Apple Silicon Secure Enclave. That is why copying /Library/Keychains/System.keychain to another machine does not work, even as root. Credential theft from an offline disk image is intentionally impossible.

Comparison: which method should I use?

Method	macOS version	Admin rights	Best for
Keychain Access	All	Sometimes	Looking up one password
security command	All	Only for System keychain	Bulk export, scripts, backups
System Settings	Sonoma 14+	No	Quick copy-paste for one network

Troubleshooting

Show password checkbox is grayed out

You have not authenticated yet, or the entry is in the System keychain and you are not an administrator on this Mac. Log in as an admin user or ask one to reveal it for you.

security command returns SecKeychainSearchCopyNext: The specified item could not be found

The SSID is not spelled exactly the way macOS stores it. Run networksetup -listpreferredwirelessnetworks en0 first, copy the SSID byte-for-byte, including trailing spaces, and paste it between quotes.

Touch ID does not prompt, only the password field appears

Your account does not have Touch ID enrolled, or you are connected remotely. Touch ID works only at the physical Mac.

Password is blank or shows as a long base64 string

That is an 802.1X enterprise credential, not a home WPA2 password. Keychain stores it as an encrypted blob that cannot be read back as plain text.

Copy Password is missing from System Settings

You are on macOS Ventura 13 or earlier. The Copy Password item was added in Sonoma 14. Use Keychain Access instead.

iCloud Keychain networks not appearing

Sync can take several minutes after switching Macs. Confirm both devices show a green check under System Settings -> Apple ID -> iCloud -> Passwords and Keychain, then wait 5-10 minutes.

How macOS stores WiFi passwords internally

WiFi credentials live in two Keychain files. User-scope items are in ~/Library/Keychains/login.keychain-db, system-scope items in /Library/Keychains/System.keychain. Both are SQLite databases, with the actual password blob wrapped by a key derived from either your login password (user keychain) or the Secure Enclave machine key (system keychain).

The security binary talks to securityd, the user-space daemon that holds the unlocked keychain in memory after you log in. That is why you get a password prompt only once per session for login-keychain items, and why system-keychain items always require an admin password: they are unlocked by a different key that is not tied to your interactive login.

When none of the methods work

If the Mac has never connected to the network you are trying to recover, Keychain has nothing to reveal. The same is true after an Erase All Content and Settings reset, which wipes both keychains. In those cases the Mac genuinely does not know the password.

For a network you own, the next places to look are the router admin panel or the sticker on the router. If neither is available, an authorized handshake-based WPA2 recovery is the remaining option. Start with what a WPA handshake is and then compare router admin and handshake methods.

Frequently asked questions

Does revealing a WiFi password send it to Apple or anywhere else?

No. Keychain is a local store. When iCloud Keychain is enabled the encrypted blob is replicated to your other Apple devices, but Apple cannot read the contents because the wrap key never leaves the Secure Enclave on any device.

Can a Mac show the WiFi password of a network I never joined?

No. macOS only stores credentials for networks the current user or a previous admin actually joined from this Mac. If no one on this device has used the SSID, Keychain has nothing to reveal.

What about 802.1X enterprise WiFi at work?

Enterprise WiFi uses per-user certificates or tokens rather than a shared WPA key, so there is no single password to print. Keychain stores the identity but it cannot be exported as plain text. Contact your IT team for re-enrollment.

Is there a GUI tool that lists every saved WiFi password at once?

Keychain Access can show the full list under Passwords. To export plain text passwords in bulk, the for-loop Terminal snippet above is the cleanest route.

Does FileVault change any of this?

FileVault encrypts the disk at rest but not the Keychain at runtime. Once you log in, Keychain behaves exactly as on an unencrypted Mac. Both methods work identically on FileVault-enabled systems.

Can I revert a Keychain access grant I made to Terminal?

Yes. Open Keychain Access, find the WiFi entry, open its Access Control tab, and remove Terminal from the Always allow list. macOS will prompt again next time.

Mac wiped or never joined the network?

For networks you own, try the router admin walkthrough or the authorized handshake recovery form.

Owner-authorized use only

Read back WiFi passwords only on Macs you own or are authorized to administer. Keychain entries under the System scope belong to the machine owner, not the current user.