Broken Secure Token or Keychain may result in weird behaviors running administrative actions, such as approving macOS updates, installing applications or enabling FileVault.
Resetting the password in Recovery Mode will grant the user a SecureToken.
Resolution
Step 1: Boot into Recovery
Turn off the device in question and follow the steps below. Be sure to follow the steps relevant to this device's processor type.
Intel -
- Press the power button on the device
- Begin holding Command + R until the recovery screen appears
Silicon (M1, M2, M3) -
- Press and hold the power button until you see a screen with the system volume and the options button.
- Select "Options" and then click continue
Step 2: Open resetpassword via Terminal
Once the device boots into Recovery Mode, open Terminal from the Utilities dropdown and type in resetpassword, and click enter. After this click on the window behind the Terminal window.
Important: Please only follow the process for either 3A or 3B. If you were unsucessful with 3A, try 3B after a restart.
Step 3: Reset Password(s)
Step 3A (Option 1): Reset Single Account
Select any Admin user you know the password for, enter the password, click Continue. Now select the user you'd like to change the password for and click Next. From here enter in the password you'd like this user to have and click Next and then Restart.
Step 3B (Option 2): Reset All Accounts
Click Forgot all Passwords and set a new password for every user on the device, making a note of the password you set for your user. (The other passwords can be anything and reset via Go-Live as long as you're okay with them not being able to log into them via the FileVault login page). Then click Restart