Login Passwords for KeyChain

[gtr]

So this past week I was struck curious by a request for access to a
keychain we rebootin. It was the FMFD.

In recent reboots I'm asked for from 2 to 4 passwords, and have been
for a number of years. It's no great hassle, since it's generally so
rare that I reboot anyhow. Still, it makes me wonder if there isn't a
simpler way.

Five or six years ago I mentioned I had no password on my keychain and
was admonished for it and told I was leaving myself open to mayhem, so
I put a password on it/them, that's when all of this began.

When I reboot, I have to provide a password to a keychain, initially, I
didn't note which but assume either "local" or "login":

commcenter
identityservicesd
accountsd

Next time it was:

assistantd - access to Login keychain
ScopedboomkmarkAgent - Login KC
Safari - Local KC

Next time its:

Safari - Local
Commcenter - Login
Identityservice - Login

Nex time its

FMFD - Login

Are these just the sad facts of life or is there a way to cut down on
this song-and-dance?

[David Empson]

gtr <x...@yyy.zzz> wrote:

> So this past week I was struck curious by a request for access to a
> keychain we rebootin. It was the FMFD.
>
> In recent reboots I'm asked for from 2 to 4 passwords, and have been
> for a number of years. It's no great hassle, since it's generally so
> rare that I reboot anyhow. Still, it makes me wonder if there isn't a
> simpler way.

There is. Change the password on your "login" keychain so it is the same
as the user account password for your user account.

The system will then use the entry of the login password (either your
manual entry or if you have set up the computer to log in automatically)
to automatically unlock the login keychain, avoiding the need to type in
another password the first time something wants the keychain.

I used to have a different password for my keychain but several OS X
versions ago it started to get unweildy because too many things kept
asking for it. Made them the same password and that annoyance went away.

--
David Empson
dem...@actrix.gen.nz

[Jolly Roger]

David Empson <dem...@actrix.gen.nz> wrote:
> gtr <x...@yyy.zzz> wrote:
>
>> So this past week I was struck curious by a request for access to a
>> keychain we rebootin. It was the FMFD.
>>
>> In recent reboots I'm asked for from 2 to 4 passwords, and have been
>> for a number of years. It's no great hassle, since it's generally so
>> rare that I reboot anyhow. Still, it makes me wonder if there isn't a
>> simpler way.
>
> There is. Change the password on your "login" keychain so it is the same
> as the user account password for your user account.

That's the default state on a newly installed system: both the user account
and the login key chain are set to the same password.

> The system will then use the entry of the login password (either your
> manual entry or if you have set up the computer to log in automatically)
> to automatically unlock the login keychain, avoiding the need to type in
> another password the first time something wants the keychain.

That's how it works for most users because the keychain password and user
account password are the same.

> I used to have a different password for my keychain but several OS X
> versions ago it started to get unweildy because too many things kept
> asking for it. Made them the same password and that annoyance went away.

I suspect gtr originally had his user account password and login keychain
password set to an empty string. Then he later changed the user account
password, but *didn't* set the login keychain password to the same thing.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[gtr]

I'll give that a try.

[gtr]

Exactly.

[Jolly Roger]

Ok. So in the future, keep this in mind. Typically, when you change your
user account password, the login keychain password is automatically
changed to match. IIRC (it's been a while), under normal circumstances
when you do change your user account password, at least some versions of
macOS will ask you if you want to change the login keychain password as
well. You always want to do that when prompted. If there is no prompt,
I'd assume it happens automatically.

[gtr]

On 2016-11-14 17:34:51 +0000, Jolly Roger said:

> On 2016-11-14, gtr <x...@yyy.zzz> wrote:
>> On 2016-11-14 06:46:20 +0000, Jolly Roger said:
>>> David Empson <dem...@actrix.gen.nz> wrote:
>>>
>>>> I used to have a different password for my keychain but several OS X
>>>> versions ago it started to get unweildy because too many things kept
>>>> asking for it. Made them the same password and that annoyance went
>>>> away.
>>>
>>> I suspect gtr originally had his user account password and login
>>> keychain password set to an empty string. Then he later changed the
>>> user account password, but *didn't* set the login keychain password
>>> to the same thing.
>>
>> Exactly.
>
> Ok. So in the future, keep this in mind. Typically, when you change your
> user account password, the login keychain password is automatically
> changed to match. IIRC (it's been a while), under normal circumstances
> when you do change your user account password, at least some versions of
> macOS will ask you if you want to change the login keychain password as
> well. You always want to do that when prompted. If there is no prompt,
> I'd assume it happens automatically.

Many thanks--stashed for future access
.

[Király]

Jolly Roger <jolly...@pobox.com> wrote:
> Ok. So in the future, keep this in mind. Typically, when you change your
> user account password, the login keychain password is automatically
> changed to match. IIRC (it's been a while), under normal circumstances
> when you do change your user account password, at least some versions of
> macOS will ask you if you want to change the login keychain password as
> well. You always want to do that when prompted. If there is no prompt,
> I'd assume it happens automatically.

All true. Keep in mind, though, that that only works if you are changing
user A's login password if you are are logged in as user A. If you
change A's login password while logged in as B, A's keychain password
doesn't change.

--
K.

Lang may your lum reek.

[Jolly Roger]

Eww. That's not good. Then again it's not hard to change the login keychain
password later separately - assuming you know to do it.

[gtr]

On 2016-11-14 17:34:51 +0000, Jolly Roger said:

> On 2016-11-14, gtr <x...@yyy.zzz> wrote:
>> On 2016-11-14 06:46:20 +0000, Jolly Roger said:
>>> David Empson <dem...@actrix.gen.nz> wrote:
>>>
>>>> I used to have a different password for my keychain but several OS X
>>>> versions ago it started to get unweildy because too many things kept
>>>> asking for it. Made them the same password and that annoyance went
>>>> away.
>>>
>>> I suspect gtr originally had his user account password and login
>>> keychain password set to an empty string. Then he later changed the
>>> user account password, but *didn't* set the login keychain password
>>> to the same thing.
>>
>> Exactly.
>
> Ok. So in the future, keep this in mind. Typically, when you change your
> user account password, the login keychain password is automatically
> changed to match. IIRC (it's been a while), under normal circumstances
> when you do change your user account password, at least some versions of
> macOS will ask you if you want to change the login keychain password as
> well. You always want to do that when prompted. If there is no prompt,
> I'd assume it happens automatically.

Having now done this I thought I'd update a few of the details for
future passers-by.

I attempted to go into KeyChain Access and change the passwords to
correlate with my login password. The first keychain I tried, told me
that four characters (replicating my login) did not present sturdy
enough security. So I bailed.

Instead I decided to make my login password match the longer password I
had been using for my keychains. So I did that. Thus everything
matched up; when restarting I no longer had to give various processes
access to my login or "Local Items" keychains.

Then--what the hell--I went back into system preferences and changed my
login a second time--back to my trusty insecure four-letter password of
old. Bingo--the keychains seem to have followed suit as I am still not
being asked for additional access when I do a reboot.

Thus ends saga #243.

[Jolly Roger]

Excellent.

Thanks for reporting back.

[kitti...@gmail.com]

Hi Everyone,

I'm praying for a reliable response to this issue, which I still cannot find online regarding the "identityservicesd wants to use the "login" keychain password; which even as the Admin, if you don't have this password, you can't access your computer.

This is actually a hack into your router system. Through your normal router services. They hacked your personal login.

So my first advice is to contact your service provider for your Internet, and not only have them change your router password, but to also create a very long and ridiculous password for your own in-home access, that includes symbols and numbers, so that its not easy to crack.

I rarely use my Big iMac, but needed to use the disc drive to send an image to my 13' Mac Air, I found this to be the case on behalf of my Big iMac.

I'm being requested to provide the "identityservicesd wants to use the "login" keychain password.

If you're finding yourself in this position, Apple wont assist you, which is why you aren't finding solutions to this issue, as you are actually being hacked.

Call your Internet Carrier ASAP, Go Offline with all of your devices, and plug in directly to the cable from the router, to make all changes to passwords necessary, and on all devices while off line.

Once done, go back online so that all the new passwords can resolve with your devices and kickoff the person hacking you.

Cover all Computer Cameras, unless in use, for your own safety.

Best of Luck getting rid of your Hacker!

[gtr]

On 2018-09-02 18:41:07 +0000, Jolly Roger said:

>> Hi Everyone,
>>
>> I'm praying for a reliable response to this issue, which I still
>> cannot find online regarding the "identityservicesd wants to use the
>> "login" keychain password; which even as the Admin, if you don't have
>> this password, you can't access your computer.
>>
>> This is actually a hack into your router system. Through your normal
>> router services. They hacked your personal login.
>

> No it isn't, and no "they" didn't. gtr (the original poster who asked
> this question) has already confirmed that he originally had his user
> account password and login key chain password set to an empty string.

> Then he later changed the user account password, but *didn't* set the

> login key chain password to the same thing. And that is why he was being
> asked to provide the login key chain password each time he rebooted his
> computer.
>
> Stop spreading alarmist sensational bullshit misinformation. You're not
> helping anyone. Bullshit posts like this from clueless idiots is why I
> usually ignore posts from Google Groups.

I tore my hair out for awhile, but this is true: I set all my related
passwords to the same thing and life went on its merry way. All this
"hacking the router" stuff, that's really a sci-fi wet dream, right?

[kitti...@gmail.com]

LOL YOU MUST BE A HACKER, SO MAKES SENSE!!!!

Why on earth are you so bitter and angry if you're not???

So if you aren't, First Off, stop with all the crap!

I’ve already confirmed with my Provider within this interim that my Router was actually hacked, so don’t comment on what you don’t know! Or I guess stop commenting on what you do to others.

I appreciate you answering the question, but all the rest of the BS, completely unnecessary!

My permissions have been changed, yet I’m the Admin, I’d been locked out of one of my main computers, so stop being an ASS and just be helpful. If you can't be helpful without being condescending, then just don't bother.

Oh, and thanks for your help, on behalf of others who may need it, but who didn’t need all the rest of your condescending Bullshit!

[Savageduck]

On Sep 2, 2018, Jolly Roger wrote
(in article <fv2p63...@mid.individual.net>):

> On 2018-09-02, kitti...@gmail.com<kitti...@gmail.com> wrote:

> > Hi Everyone,
> >
> > I'm praying for a reliable response to this issue, which I still
> > cannot find online regarding the "identityservicesd wants to use the
> > "login" keychain password; which even as the Admin, if you don't have
> > this password, you can't access your computer.
> >
> > This is actually a hack into your router system. Through your normal
> > router services. They hacked your personal login.
>

> No it isn't, and no "they" didn't. gtr (the original poster who asked
> this question) has already confirmed that he originally had his user
> account password and login key chain password set to an empty string.
> Then he later changed the user account password, but *didn't* set the
> login key chain password to the same thing. And that is why he was being
> asked to provide the login key chain password each time he rebooted his
> computer.
>
> Stop spreading alarmist sensational bullshit misinformation. You're not
> helping anyone. Bullshit posts like this from clueless idiots is why I
> usually ignore posts from Google Groups.

<https://support.apple.com/en-us/HT201609>

--

Regards,
Savageduck

[gtr]

OH MY GOD! OH MY GOD! TRY TO TAKE DEEP BREATHS! My situation was
cited above, then a smooth transition into a hollywood hacker movie.
What your nameless provider does or doesn't tell you about what did or
didn't happen has nothing to me. Nor does this thread. Have a nice
day.

Oops, I mean: OH MY GOD! OH MY GOD! HAVE A NICE DAY!!!!

[Tim McNamara]

On Sun, 2 Sep 2018 13:59:59 -0700 (PDT), ki...@noreasontobeashit.com
<kitti...@gmail.com> wrote:

> LOL YOU MUST BE A HACKER, SO MAKES SENSE!!!!

Actually, you're the one not making sense.

> I’ve already confirmed with my Provider within this interim that my
> Router was actually hacked, so don’t comment on what you don’t know!
> Or I guess stop commenting on what you do to others.

Your router may have been hacked- there are tens of thousands out there
that are vulnerable- but that has nothing to do with what was asked
about identityservicesd. That is a legitimate resident program (called
a "daemon") that is part of the Apple operating system. Its parent
process is launchd. Sounds like you've got a Keychain problem with your
Mac, there are workarounds that may help. Or go to a Genius Bar and
get the good folks there to give you a hand.

Best of luck.

[Tim McNamara]

On Sun, 02 Sep 2018 15:49:19 -0700, Savageduck
<savageduck1@{REMOVESPAM}me.com> wrote:
>
><https://support.apple.com/en-us/HT201609>

And bob's yer uncle. Boom.

[Your Name]

If these two sayings:

Bob's your uncle.
and
I'll be a monkey's uncle.

are both true, does that mean Bob is a monkey?? ;-)

[Savageduck]

On Sep 2, 2018, Your Name wrote
(in article <pmiirj$ij2$1...@gioia.aioe.org>):

If both were true it means that you are Bob, and you are intensely aware of
our evolutionary heritage.

--

Regards,
Savageduck

[John McWilliams]

And if neither are true, it doesn't mean I am not Bob. I am not Bob for
other reasons.

[Savageduck]

On Sep 3, 2018, John McWilliams wrote
(in article <pmkbgs$6r0$1...@dont-email.me>):

While I have been called many things, I certainly am not, and never have been
Bob, though by coincidence I once had an uncle Bob. As to my family
relationship to an unidentified monkey via a common primate ancestor, ...that
is still being studied.

--

Regards,
Savageduck