Updating Mac Keychain After a Password Change

By Ben Greiner | January 15, 2018
Ben is the founder of Forget Computers, an award-winning Apple-focused technology consulting company, that is now part of the Ntiva family.

Do you need to update your Apple Mac keychain after a password change? Here's how!

For Mac users, Apple provide its users with a built-in password manager named keychain.

By default, your Mac login password is your keychain password as well. It automatically changes as you change Mac password from User & Group Preferences.

But if your Mac login password is changed by an administrator, your keychain password may not be changed - and you will be asked to enter keychain password next time you login.

If a network or mobile account password is changed by an administrator, or if the password expires as part of a directory security policy, the keychain must be updated upon next login.

In most cases, the OS will prompt the user with the message "The system was unable to unlock your login keychain", followed by these options…

  • Continue to Log In;
  • Create New Keychain;
  • Or, Update Keychain Password (default and recommended choice).

Below are the three different scenarios a user will be faced with based on the option chosen.

Continue Log In

Selecting "Continue Log-in" will provide access to desktop files, however network and some third-party applications will present dialog warnings because the keychain is locked. Fortunately, the keychain can still be updated using the following method:

  1. Open Keychain Access located in Applications > Utilities.
  2. From the Edit menu, choose: Change Password for Keychain "login"…
  3. Type the previous password, then click OK.
  4. If the correct password is entered, a new window appears. Enter the original password again in the Current Password field.
  5. In the New Password field, type the password that matches the current account password.
  6. Re-enter the newer password in the Verify field, then click OK.

The new password will still need to be entered for other directory services such as email or server mounts.

Create New Keychain

Selecting "Create New Keychain" will result in the destruction of the original keychain and all associated passwords. Each password will need to be reentered. In most cases, the user simply does not know their saved passwords so passwords may need to be reset. If a backup solution is in place, such as CrashPlan, it's possible to restore the previous user-keychain and follow the instructions above (Continue Log In), to recover the lost credentials.

Update Keychain Password

Selecting "Update Keychain Password" and entering the previous password to unlock the keychain, will result in the OS updating the login password accordingly so that services continue to work as expected. Hooray! If email is tied to the same directory credentials, or if server volumes are set to mount at login (single sign-on excluded), the new password must be entered again to gain access.


Apple MSP

Tags: Apple