Fixing broken Keychains ( Secure Tokens ) using Recovery Mode

Written By CTS IT Care Team

Updated at July 27th, 2024

Broken Secure Token or Keychain may result in weird behaviors running administrative actions, such as approving macOS updates, installing applications or enabling FileVault. 

Resetting the password in Recovery Mode will grant the user a SecureToken.


Resolution

Step 1: Boot into Recovery

Turn off the device in question and follow the steps below. Be sure to follow the steps relevant to this device's processor type.
 
Intel -
  1. Press the power button on the device
  2. Begin holding Command + R until the recovery screen appears

Silicon (M1, M2, M3) -

  1. Press and hold the power button until you see a screen with the system volume and the options button.
  2. Select "Options" and then click continue

 

Step 2: Open resetpassword via Terminal

Once the device boots into Recovery Mode, open Terminal from the Utilities dropdown and type in resetpassword, and click enter. After this click on the window behind the Terminal window. 

resetpassword_1_.gif
 

Important: Please only follow the process for either 3A or 3B. If you were unsucessful with 3A, try 3B after a restart. 

 

 

Step 3: Reset Password(s)

 

Step 3A (Option 1): Reset Single Account

Select any Admin user you know the password for, enter the password, click Continue. Now select the user you'd like to change the password for and click Next. From here enter in the password you'd like this user to have and click Next and then Restart. 
Knowing_an_Admin_password.gif
 

Step 3B (Option 2): Reset All Accounts

Click Forgot all Passwords and set a new password for every user on the device, making a note of the password you set for your user. (The other passwords can be anything and reset via Go-Live as long as you're okay with them not being able to log into them via the FileVault login page)Then click Restart

Not_Knowing_an_Admins_password.gif