Please take these steps to resynchronize the iCloud keychain. Your keychain on iCloud and your other Apple devices won't be affected. Take Step 2 only if Step 1 doesn't solve the problem.Step 1Back up all data.Open the iCloud pane in System Preferences and uncheck the Keychain box. You'll be prompted to delete the local iCloud keychain. Confirm—the data will remain on the servers. Then re-check the box. Follow one of the procedures described in this support article to set up iCloud Keychain on an additional device. Test.Step 2If you still have problems, uncheck the Keychain box again and continue.Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:~/Library/KeychainsIn the Finder, selectGo ▹ Go to Folder...from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.A folder named "Keychains" should open. Inside it is a subfolder with a long name similar to (but not the same as) this:421DE5CA-D745-3AC1-91B0-CE5FC0ABA128The above is only an example; yours will have a different name of the same general form. Drag the subfolder (not the Keychains folder) to the Trash.Restart the computer, empty the Trash, and re-enable iCloud Keychain.
Sunday, March 13, 2022
When iCloud Keychain stops working (No more Safari passwords) - Mojave
Sunday, March 06, 2022
What happens when you have an Apple ID without an email address and you change it? (And much more about Apple ID hell.)
I'll provide some back story below, but it's tedious and a bit ranty so I'll put the most useful stuff up front.
For *reasons* (see below) I have had an Apple ID associated with iTunes, App Store, physical Apple Store, hardware and other purchases for about 20 years. For other *reasons* almost lost to memory the username has not been a valid email address for most of those years. Until recently it had an associated email address it would forward to but Apple changed things sometime in the past two years and that stopped working.
We will call this Apple ID username "email@example.com". I will use firstname.lastname@example.org and email@example.com for my new Store Apple ID ("Media & Purchases") and my longstanding iCloud Apple ID respectively.
Once firstname.lastname@example.org stopped forwarding I no longer received notifications related to Apple Discussions or emails related to charges. Since email@example.com was the store Apple ID for my family (this was the practice in early iTunes days) our children (now adult) used it for purchases. Simplifying a lot and omitting family details the lack of email meant no monthly statements -- so I didn't spot a scam subscription - among other things.
I knew I had to fix this but I dreaded the side-effects. I'd already tried undoing the shared store Apple ID and ran into disaster; I had to reverse that attempt. I had to fix the Apple ID invalid email problem first.
Before Apple broke forwarding for the Apple ID "firstname.lastname@example.org" I had used "email@example.com" as a forwarding address. Although there was no clue in the Apple ID online configuration tool, I knew firstname.lastname@example.org was still entangled with email@example.com (see below, this post goes on for a long time but still omits much).
Ok, so far? I gets a bit simpler then you can skip the back story.
Anyhow ... when Apple broke forwarding they seem to have introduced the ability to change an Apple ID userid - such as firstname.lastname@example.org. I believe, though I can't find any documentation, that the visible username with the form of an email address (ex: email@example.com) is an alias for an unchanging hidden identifier (maybe a GUID).
After some thought I decided the cleanest approach would be to change my Store Apple ID visible username from firstname.lastname@example.org to email@example.com (I knew the two were entangled, see below). It's easy to make this change from appleid.apple.com. When I did this I was not asked to confirm that firstname.lastname@example.org was a valid email address I owned. All I got was an email sent to to email@example.com saying the change had been made.
After I made the change I found the following. I expect other changes as Apple's different systems synchronize and update (I will update this as I learn more, I expect to learn of problems from family members later today):
- I cannot login to the Apple ID or anywhere using firstname.lastname@example.org but the two factor notification dialog still says email@example.com (this may change).
- I think I may have more control over Apple ID two-factor, I can add/remove trusted devices, remove from account, and I can add a second trusted phone number. I still can't add a backup email address; that is available on some other Apple IDs I have
- Apple Discussions is intact. When I login with firstname.lastname@example.org I show as "member since June 23, 2003".
- Mail sent to email@example.com still fails, there's no redirect.
- iTunes on Mojave: asks me to sign in and displays new firstname.lastname@example.org. Says session expired, asks again. Purchase history intact.
- Media & Purchases on iPhone showed new iCloud address and I had no trouble with updating apps.
Messages in iCloud not available as iCloud and iMessage accounts do not match. (Messages in iCloud is not available because iCloud and iMessage accounts are different.)
There's a fix here but it's not the one I needed. When I looked at Messages on my iPhone it showed only my Phone number, the Apple IDs were all absent. When I tried to enter an Apple ID it showed my store Apple ID; I chose "use other Apple ID" and entered my personal iCloud Apple ID. That worked and it immediately restored all my send/receive message list. I could then reenable messages in iCloud.
It didn't fully work on Mojave iMessages though. I reenabled using iCloud Messages in preferences there and about an hour or two later it seemed to start working (though uploading messages to iCloud is still ongoing.)
That concludes the current record of changes to date. So far it has been less of a problem than anticipated, but it's early days. I will add other issues as they emerge. Then I can return to the herculean tasks of moving family members off of a shared Media & Purchases account.
Below are details for the benefit of someone searching who finds this post. They are related older items that I will summarize in outline.
----------- additional details ---------------
As noted above years ago I had email@example.com as forwarding email for the Apple ID firstname.lastname@example.org. The address email@example.com had no associated email because of complex changes Apple made in migrating from free iTools to not-free .Mac to MobileMe. 
When I finally realized I wasn't getting Apple media purchase statements for firstname.lastname@example.org I began investigating what had happened to the old email@example.com iCloud account. I found it was deactivated. I was able to reenable it. That's when things got weird. Remember (if you read above) that there was no longer anything I the Apple ID settings for firstname.lastname@example.org that showed email@example.com.
Once I reenabled firstname.lastname@example.org with a new password I found that:
- Both email@example.com and firstname.lastname@example.org worked as usernames for the same email@example.com Apple ID.
- The password for the firstname.lastname@example.org Apple ID had changed to match the email@example.com password. [This actually took a day to propagate to iTunes purchases]
- Both firstname.lastname@example.org and email@example.com showed the same iCloud services (mail, etc).
- firstname.lastname@example.org was still not a valid email address.
Services offered by iTools included the first availability of @mac.com email addresses, which could only be accessed through an email client (e.g. the Mail app); iCards, a free greeting card service; iReview, a collection of reviews of popular web sites; HomePage, a free web page publishing service; the first version of iDisk, an online data storage system; and KidSafe, a directory of family-friendly web sites.
As costs rose, most particularly due to iDisk storage space, the wide demand for @mac.com email accounts, and increasing support needs, iTools was renamed .Mac on July 17, 2002, as a subscription-based suite of services with a dedicated technical support team.
 eWorld https://en.wikipedia.org/wiki/EWorld
. Yesterday the password for App Store was different from password for Apple ID but today they seem to be same. I think they are two different systems that update every few hours...
· Feb 19
Today it appears there is a single Apple ID with two usernames and one password. One username has iCloud services but is nowhere displayed in Apple ID information. twitter.com/jgordonshare/s…
... If you change a phone's Store ID to match the phone's iCloud ID you cannot update all their apps with their iCloud ID password. You need to use the old Store ID password. Even when family sharing is in play...
... I have a hunch that Apple has an internal ID for users separate from the username (email form) displayed with their Apple IDs and Store IDs and iCloud IDs and that is what they use in FairPlay.
Saturday, March 05, 2022
The AT&T / Apple eSIM activation fee scam: $30 "discount" and a $30 activation fee
This is what you see when you go to buy an iPhone from Apple these days and pay full price:
If you choose "Connect to a carrier now" you will get an unlocked phone but it has an eSIM. It will also be "activated"; when that happens the eSIM is enabled and the old SIM card is disabled. Carriers charge a fee for activation. For AT&T it's $30.
So in this cases you pay $1,100 for the iPhone and there's a hidden fee of $30 from AT&T if you go the eSIM route. (I suspect if you switch a phone from SIM to eSIM you will also be charged $30.)
Sometimes Apple may choose to list the "Connect to a carrier now" with a "carrier discount" of $30. In this case they'll display the cost of the phone with the discount applied; the "Connect on your own later" will be $30 more. But if you choose the cheaper option you will get charged the $30 from your carrier. So Apple is .... lying about the price. Apple probably gets a kickback from the carrier,
Just choose "Connect on your own later" and pay the real price up front.
AT&T's various fees, including this one.
Update 9/11/2022: For a semester in Italy we converted my daughter's physical SIM to an eSIM using the iOS convert to eSIM feature. Our next bill will tell us if there was a fee associated with the conversion.