Keychain and multiple different passwords; no sync

Question

Keychain and multiple different passwords; no sync

I found about 14 different entries in my "passwords" dialog box of Safari Preferences, all for the same userID. Several were for id.apple.com, several for iforgot.apple.com, several for daw.apple.com, and several others for various other apple.com subdomains. There were several different passwords for the exact same subdomain, and no indication as to which one was the most recent. So it does no good to look it up!

This is a real PIA if when logging in, 3 authentications show up as "from this site" all with different passwords. I thought that when you changed a password, that would remove ALL the other password entries for that subdomain in the "Passwords" dialog box in Safari Preferences, but apparently not.

And getting these to sync across to the phone is another hassle. They just don't sync, even though I have iCloud Keychain turned on anywhere I can find it. So I wind up with totally blank userID and password fields on the phone for a site that fills in perfectly on the Mac. And of course, I don't "know" the password because that's what iCloud Keychain is supposed to be for! And I can't "look it up" because the Mac is at home and I'm not.

Finally, does anyone know why logging into iCloud isn't done by the Keychain? And iTunes Store? Neither of these EVER fills in the password from my Keychain. And did anyone ever try to enter those xxx-yyy-zzz-www type passwords on a phone? You'll be admitted to the nuthouse after 2 or 3 times doing that, shifting between upper case, lower case, the hyphen, and the numbers. Arghhhhhh...

Why doesn't this work? It's a good idea.

See discussion here: Re: What is daw.apple?

Mac mini, macOS Sierra (10.12.1)

Posted on Nov 29, 2016 1:33 PM

Reply

Answer 1

Best reply

deejerydoo

Level 1

24 points

Nov 29, 2016 9:39 PM in response to Harold Holbrook

I have noticed that this doesn't appear to be working sensibly too. I have just seen the following scenario:

1. Using Safari password manager (Apple Keychain integrated).

2. Reset the Apple ID password for the user using heir iforgot.apple.com subdomain.

3. Safari password manager asks me if I want to update the changed password for iforgot.apple,com, to which I respond YES.

4. Go back to log into the users Apple ID and Safari password manager is still using the old password. So, I have to be aware that the domain I just changed the password for was iforgot.apple.com and that the current domain I'm trying to authenticate to is appleid.apple.com. However, Safari password manager isn't aware that they are actually the same credentials, being used across subdomains.

Whilst this is technically understandable and technically reasonable; from an every-day user perspective, the user has just changed their Apple ID and yet their Safari password manager is telling them their password is incorrect. Leading to confusion. Now multiply this by the other multiple subdomains that are used by Apple, that also appear in the password manager (Keychain) and you have a recipe for user password confusion on a grand scale.

Essentially, this is down to Apple failing to get Safari/Keychain to correctly handle syndicated authentication across their subdomains, sensibly. A fairly basic concept that the richest technology company on the planet has no good reason to fail to get working better than it is, other than using the ignorance of its customers to avoid the cost of fixing this failure in their systems.

Reply