Recover Apple Keychain
speckx
77 points
28 comments
March 30, 2026
Related Discussions
Found 5 related stories in 44.4ms across 3,471 title embeddings via pgvector HNSW
- Apple Just Lost Me syx · 444 pts · March 25, 2026 · 42% similar
- Remotely unlocking an encrypted hard disk janandonly · 112 pts · March 05, 2026 · 41% similar
- South Korean Police Lose Seized Crypto by Posting Password Online WarOnPrivacy · 72 pts · March 01, 2026 · 39% similar
- Microsoft Authenticator to nuke Entra creds on rooted and jailbroken phones azalemeth · 22 pts · March 11, 2026 · 39% similar
- My MacBook keyboard is broken and it's insanely expensive to fix TobiasBerg · 129 pts · March 29, 2026 · 37% similar
Discussion Highlights (12 comments)
xd1936
It Just Works™... until you don't want to take the default option. I'm sure your average user would just be SoL if going through this same experience.
zapkyeskrill
Good information to have. I was surprised by step 2 though (rm login.keychain-db). How can you be absolutely sure it doesn't contain anything important and you won't need it later? I'd probably opt for a more defensive action here and just rename it (like the original reset did).
nabbed
Based on this description, it sounds like someone walking past your unattended desk and bent on disrupting your day but not stealing your data, could enter in a garbage password into the lock screen a few times and lock you out of your own laptop. I guess the same also works for cloud accounts as well. I remember, back in the mid-2000s, trying to log into my hotmail account (never having failed to log in before) and getting a "locked out due to too many bad passwords". So someone, only knowing my user account name (which was the same as my email address), locked me out of my own account. The problem was, I couldn't remember what my recovery accounts were (I eventually figured it out).
dpark
Is there really no supported model for this scenario? Surely the point of an iCloud backup is that you can restore from the cloud rather than do a local hack to try to regain access to locked keychain db. What happens if you just set up the device as a new machine and login to your iCloud like normal?
fastaguy88
Apple Keychain has a number of old bugs that have caused me to have to resort to this strategy several times. The most common problem is having a secure note that you can open, but then immediately disappears (closes). Copying over an older keychain database can sometimes solve the problem.
bigiain
> Still, I had assumed there might be some kind of master key that would handle this automatically during a password reset. This assumption, by a clearly technical person, is a fundamental problem that keeps "the rest of the world" locked in to centralised services where that is true, and where that master key can be used against them by law enforcement, fascist regimes, and surveillance capitalists.
dwaite
You can also just open the old keychain using the old password.
oneplane
There is a lot of documentation from Apple on how all of this works, but this is indeed expected behaviour. A way to make this smoother would have been: 1. Doing the password reset 2. Reboot straight back into recovery 3. Update your new password back into your old password 4. Boot into macOS, your default keychain will unlock but you'll still have to re-authenticate to iCloud since your machine-user identity combo will no longer match with what iCloud expects. (not sure if this is part of Octagon Trust, but there are various interesting layers to this) Check the escalation path of key revocation for example where you don't just have longer time delays but also stricter environments where new attempts can be made (near the end): https://support.apple.com/en-gb/guide/security/sec20230a10d/... There are a number of much more in-depth technical guides and specs, but just listing out random articles (or the Black Hat talk(s)) would probably rob someone of a nice excursion into platform security.
JSR_FDED
Forgetting what the password is because you always just use the fingerprint reader…that’s why for elderly family members I nowadays set it up not to use the fingerprint any more. I thought they’d be annoyed but funnily enough they experience it as a sense of agency, that they are the one unlocking the computer and are in charge of it.
m463
This is one of those articles that either people will stumble upon when they are up a creek without a paddle... or... something 100 ai slop articles will poorly summarize in their "11 ways to recover your icloud data" article.
Brajeshwar
I kinda feel uncomfortable with the comfort of Touch ID. So, I tend to type Passwords once in a while to keep my muscle memory, especially for key accounts, which are the entry points to other Passwords (Apple, 1Password, Google, etc.). These days, I believe that the only reason one does not get such misfortunes of being hacked/attacked, is that most of us are not important enough to get the attention of any external threats. Hence, mostly luck more than actually being secure. I have been working towards a process/pattern, as a last resort, to be able to walk out of anything and have backup options when misfortunes strikes or my luck runs out. I don’t even know the path yet.
znnajdla
Is there a way to sync passkeys out of Apple Passwords / Keychain? I dread an iCloud lockout.