- Joined
- Jan 1, 2009
- Messages
- 15,507
- Reaction score
- 3,867
- Points
- 113
- Location
- Winchester, VA
- Your Mac's Specs
- MBP 16" 2023 (M3 Pro), iPhone 15 Pro, plus ATVs, AWatch, MacMinis (multiple)
Bit of background: My wife needed a newer MBP to replace her ten-year old one. I got an Apple Refurbished MBPr 15" Mid-2015. Used Migration Assistant to move everything over to her new system. Seemed to go well. The new one wanted to set up 2FA at iCloud, so we did that and it seemed to be working.
(cue the foreboding music background)
Then the new system gave a notification that the new system needed an update to the OS (it was 10.13.3, needed to go to 10.13.5). I went to the store, authorized the update and expected it to go swimmingly. However, at the reboot it popped up a panel requesting the "iCloud Security Code" and showing six little boxes. Note that it wasn't asking for an authorization code, but an "iCloud Security Code." I tried several things but nothing worked and nothing had come in on her iPhone or mine with any codes, nor did anything arrive on the old MBP. So, totally stuck, I called Apple support. Got a nice lady who spent over a hour with me trying to sort it out. She had never heard of "iCloud Security Code" either. In the end, the issue seemed to be that somehow 2FA was not finalized on the new MBP or maybe at Apple, and given that it was a system update, security kicked in and wanted the second factor that had been sent to some account somewhere, named "iCloud Security Code." (Research later on disclosed that the code was used by Apple before 2FA and for some reason because the new machine was stuck in 2FA-nowhere-land the system defaulted to wanting this old code that it thought it had sent to us, but which, in fact, we can find no record of ever receiving.)
What we think was wrong was that something in the keychain was wonky and the only way we could recover from the impossible situation was to reset the keychain and let it start all over. However, resetting the keychain meant that all of her Safari-saved passwords are gone, too. Royal PITA.
I went to the old MBP, looked at Safari and the passwords are there, but I cannot figure out how to export them or where the passwords are filed. Given that they disappeared because of the decision to reset keychain, I suspect they are in the keychain database somewhere, but Keychain Access does not allow exporting of passwords. At least I couldn't find out how to do that. A search on the 'net discloses that export only works for certificates, not passwords.
So, one possible way to move the keychain is to copy the file from ~/Library/Keychains on the old system to the new, but I am concerned that the settings on the new one that are associated with the new one through the reset function will be overwritten, putting us back into the same situation of needing an "iCloud Security Code" that nobody knows what is. I also saw that it is possible to copy the keychain from ~/Library/Keychains (named login.keychain) to a USB drive and then in Keychain Access on the new one import some items, but Apple's article doesn't make it clear if the passwords will be imported or just the certificates. And on her old machine ~/Library/Keychains/login.keychain-db isn't there, and one article says that is the place Safari passwords are stored. There are two numbered folders in the ~/Library/Keychains folder and in each of them is a file named keychain-2.db. One of them has a Date Modified of Today, which sort of implies that it is the current file, but there is no equivalent numbered file on the new one, so I don't think I can copy from one to another from those files. I bring that up because one website said that what needs to be copied over is the db file and not the login.keychain file.
Finally, we have NOT turned on iCloud Keychain sync because it's not clear where the "source" for the sync would be. I searched and cannot find an explanation of what happens when you turn on Keychain sync in iCloud. Does the MBP overwrite the iPhone? Can I turn on Sync on the old MBP and the new MBP and if so, which will overwrite the other? Or do they somehow merge? I found no clue to what happens anywhere on the web.
So, can any wizard here tell me if it is possible to migrate her Safari passwords to the new system? I suppose we could open the old and new MBPs side-by-side and type in each of them on the new, but it would be tedious to the extreme. What will happen if I turn on keychain syncing on both old and new MBP?
(cue the foreboding music background)
Then the new system gave a notification that the new system needed an update to the OS (it was 10.13.3, needed to go to 10.13.5). I went to the store, authorized the update and expected it to go swimmingly. However, at the reboot it popped up a panel requesting the "iCloud Security Code" and showing six little boxes. Note that it wasn't asking for an authorization code, but an "iCloud Security Code." I tried several things but nothing worked and nothing had come in on her iPhone or mine with any codes, nor did anything arrive on the old MBP. So, totally stuck, I called Apple support. Got a nice lady who spent over a hour with me trying to sort it out. She had never heard of "iCloud Security Code" either. In the end, the issue seemed to be that somehow 2FA was not finalized on the new MBP or maybe at Apple, and given that it was a system update, security kicked in and wanted the second factor that had been sent to some account somewhere, named "iCloud Security Code." (Research later on disclosed that the code was used by Apple before 2FA and for some reason because the new machine was stuck in 2FA-nowhere-land the system defaulted to wanting this old code that it thought it had sent to us, but which, in fact, we can find no record of ever receiving.)
What we think was wrong was that something in the keychain was wonky and the only way we could recover from the impossible situation was to reset the keychain and let it start all over. However, resetting the keychain meant that all of her Safari-saved passwords are gone, too. Royal PITA.
I went to the old MBP, looked at Safari and the passwords are there, but I cannot figure out how to export them or where the passwords are filed. Given that they disappeared because of the decision to reset keychain, I suspect they are in the keychain database somewhere, but Keychain Access does not allow exporting of passwords. At least I couldn't find out how to do that. A search on the 'net discloses that export only works for certificates, not passwords.
So, one possible way to move the keychain is to copy the file from ~/Library/Keychains on the old system to the new, but I am concerned that the settings on the new one that are associated with the new one through the reset function will be overwritten, putting us back into the same situation of needing an "iCloud Security Code" that nobody knows what is. I also saw that it is possible to copy the keychain from ~/Library/Keychains (named login.keychain) to a USB drive and then in Keychain Access on the new one import some items, but Apple's article doesn't make it clear if the passwords will be imported or just the certificates. And on her old machine ~/Library/Keychains/login.keychain-db isn't there, and one article says that is the place Safari passwords are stored. There are two numbered folders in the ~/Library/Keychains folder and in each of them is a file named keychain-2.db. One of them has a Date Modified of Today, which sort of implies that it is the current file, but there is no equivalent numbered file on the new one, so I don't think I can copy from one to another from those files. I bring that up because one website said that what needs to be copied over is the db file and not the login.keychain file.
Finally, we have NOT turned on iCloud Keychain sync because it's not clear where the "source" for the sync would be. I searched and cannot find an explanation of what happens when you turn on Keychain sync in iCloud. Does the MBP overwrite the iPhone? Can I turn on Sync on the old MBP and the new MBP and if so, which will overwrite the other? Or do they somehow merge? I found no clue to what happens anywhere on the web.
So, can any wizard here tell me if it is possible to migrate her Safari passwords to the new system? I suppose we could open the old and new MBPs side-by-side and type in each of them on the new, but it would be tedious to the extreme. What will happen if I turn on keychain syncing on both old and new MBP?