Today seems to be an issue with the Apple ID system related to Apple ID passwords. It all started when the developer web site told me my password expired... (what?)
I encountered a strange "you must reset your password, it has expired" message on what I **thought** was developer.apple.com. I dutifully tried to use the link and it took me to My Apple ID where I tried to login and it failed. I got up to get a cup of coffee, then came back. Somehow I managed to try a couple more times and fail, then I decided to go to start over, typed in
http://appleid.apple.com and try again. This time my login (from my keychain) worked! Interestingly enough, once logged in, there was no notification that I had to change my password. Chalking it up to another Apple product SNAFU, I went on.
Then I got to thinking "What if I was just scammed and someone captured my password?!" I looked into my history. Nothing nafarious there, but it is easy enough to remove history items with JavaScript from a web site so...
Better safe than sorry, so I decided to change my Apple ID password. And THAT is when the "ship" hit the fan... and here is why you do NOT want to use your Apple ID password for your Mac. It is about as smart as dumping a can of Coke into your Mac. Here's why...
After thinking a little bit, I figured out another password that I could type 50 million times a day for Apple login junk and changed it. And because I am using two factor authentication, I have all of these $#^%$ manually generated app passwords that have to be generated at the My Apple ID site. Deep breath, time to generate all new passwords for all the apps on the iPhone, iPad and Mac. I think I would rather chew up a mouth full of tinfoil... But it gets worse.
I start to generate the passwords for the Mac... I generate a password, then I open FaceTime, it has the password blank, I paste it in, good to go. I go back to My Apple ID site and generate another. It generates it and I enter the password in the next app.
Then the Apple ID site fritzs and displays the main appleIid.apple.com page displays in the area where all the password functions were just showing. On top of that, it logs me out. SNAFU. Ok, I log in again using the new Apple ID password at https://appleid.apple.com and generate two more, and it fritzes again. Bear in mind that I saved the new Apple ID password into the keychain and it worked 4 times now on My Apple ID with my new Apple ID.
I go back to the silly root of the site https://appleid.apple.com and try to login again. Isn't it nice to have your password in your keychain? Yep, it just worked the last time but now it won't work. (feeling of dread, gravity just increased, oh god... After all my Apple ID and password are my login to my Mac) I blink and think "now wait, it is being entered by the Keychain system and it just worked a moment ago! Maybe something is wrong in the stored password in the keychain?"
I check my Keychain and interstingly enough, to unlock and see the password on the password storage for https://appleid.apple.com still requires the old Apple ID password on my Mac. (Remember, my Apple ID & password is synced to my Mac login) Aren't they suppose to be synchronized? Yep... but for some reason, 20+ minutes into this, no sync. Chalk it up to another Apple sync problem... but wait, there's more..
So I scratch my head, wonder what is going on, try and login again at the https://appleid.apple.com and of course I am now locked out of the account. Go to iforgot.apple.com it says, so I do. Enter my Apple ID, ok. It offers two options, one is to use my two factor device and "Lost your Recovery Key". I mean seriously, they make you print that stupid thing and in this day and age, you end up using it as a coaster or take notes on it and throw it away. Paper. Right. So I try the two factor device option, and it takes the code and then asks me for my Apple ID password so I can recovery my Apple ID password. What the .... REALLY? What rocket scientist at Apple decided that recovery of your Apple ID password would require you to remember your Apple ID password. Oh, hold on, they are at "1 Infinite Loop". Of course you shoud need to know your password so you can reset your password because you have forgotten your password. 😕😠
Then it dawns on me... getting locked out of my account and having Apple forget my password could be really reallly bad. What if it does manage to sync my Mac's login with whatever IT thinks is my new password? OMG. (My Apple watch shows my pulse at 113 while I am sitting)
So I go back to the keychain and try and open the web form password item and see the password for https://appleid.apple.com and guess what, the old Apple ID password is no longer working in my Mac. I try again, very carefully typing my old Apple ID password that just worked a little bit ago to see the new password that was stored on my keychain under the web form password item for https://appleid.apple.com . Nope. So I very very carefully try the new Apple ID password... Nope. Apple's sync worked for once and now I am really hosed as it sync'd some kind of garbage password instead of my new password apparently.
Lets think, the password changed on the Apple system to the new password. I used the new password at the https://appleid.apple.com site and it worked 4 times easily. I saw/confirmed the password as it was stored for the https://appleid.apple.com inside the "web form password" item in my keychain... just before Apple synced the change to my Mac. Now nothing is working... including and especially the Mac keychain. What does that mean?
It means boys and girls, that when the screen saver kicks in (like when I have to get up and go to the bathroom), I completely lose access to my Mac. It means that since my disk is encrypted, if I had not had TimeMachine backing up, I would have lost everyting due to Apple. It means that had I not had another admin level account on my system "just because", I would be relegated to a full machine rebuild from scratch taking hours and hours ... most of a day when it is all said and done. (I still might, it remains to be seen).
Just before my Apple Watch registered 113 beats per minute, I had raced to make a copy of my login keychain which holds 325 of my most important pieces of infomration. Maybe it was backed up at 0634 hrs in time machine, maybe I can't open that copy, who knows.... so I grab a copy of that too...
You never truely own coffee, you only lease it. It is apparently time to lose access to my Mac and start my day of agony.
Lesson learned NEVER NEVER use your Apple ID as your Mac Login. NOT EVER.