When iCloud Keychain stops working (No more Safari passwords) - Mojave

I'm buying tickets for an event and suddenly there's no password autocomplete in Mojave Safari. Safari Preferences Passwords shows 3-4 entries, but my Apple passwords shows on my iOS devices and my Monterey Air. It's just Mojave that has lost all its iCloud/keychain access.

A good reminder that if you want to use Apple Passwords as a 1Password replacement you need to export a static backup (and this must be automated). The Cloud is where data goes to die.

A found a relevant 2016 Apple Discussion post which would be Mojave era. So I wonder if it's a Mojave bug. The fix there was from "Linc Davis" a "Level 10" with 209K points [1]

Please take these steps to resynchronize the iCloud keychain. Your keychain on iCloud and your other Apple devices won't be affected. Take Step 2 only if Step 1 doesn't solve the problem.

Step 1

Back up all data.

Open the iCloud pane in System Preferences and uncheck the Keychain box. You'll be prompted to delete the local iCloud keychain. Confirm—the data will remain on the servers. Then re-check the box. Follow one of the procedures described in this support article to set up iCloud Keychain on an additional device. Test.

Step 2

If you still have problems, uncheck the Keychain box again and continue.

Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C: 

~/Library/Keychains

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.

A folder named "Keychains" should open. Inside it is a subfolder with a long name similar to (but not the same as) this:

           421DE5CA-D745-3AC1-91B0-CE5FC0ABA128

The above is only an example; yours will have a different name of the same general form. Drag the subfolder (not the Keychains folder) to the Trash.

Restart the computer, empty the Trash, and re-enable iCloud Keychain.

Toggling Keychain off and on didn't seem to do anything so I figured I'd check in the morning. Before I checked though I did review my passwords in Monterey. For *reasons* (this happens way too often) I had to reenter my iCloud credentials there but I was also asked the usual iCloud keychain questions -- provide passcodes for my other machines.

Then I looked at my Mojave machine and Safari had my passwords again.

Maybe the fix was toggling Keychain and waiting a bit, but I'm suspicious that something happened somewhere in iCloud that required me to do the iCloud Keychain authentication dance from a Mac -- and Mojave couldn't do it.

Again, if you use Apple Passwords as your sole repository you need a non-iCloud backup.

- fn -

[1] No profile info, has participated in 97K threads. Either insane or an Apple staff pseudonym.

What happens when you have an Apple ID without an email address and you change it? (And much more about Apple ID hell.)

I'll provide some back story below, but it's tedious and a bit ranty so I'll put the most useful stuff up front.

For *reasons* (see below) I have had an Apple ID associated with iTunes, App Store, physical Apple Store, hardware and other purchases for about 20 years. For other *reasons* almost lost to memory the username has not been a valid email address for most of those years. Until recently it had an associated email address it would forward to but Apple changed things sometime in the past two years and that stopped working.

I'm simplifying.

We will call this Apple ID username "bob@mac.com". I will use alice@icloud.com and dan@me.com for my new Store Apple ID ("Media & Purchases") and my longstanding iCloud Apple ID respectively.

Once bob@mac.com stopped forwarding I no longer received notifications related to Apple Discussions or emails related to charges. Since bob@mac.com was the store Apple ID for my family (this was the practice in early iTunes days) our children (now adult) used it for purchases. Simplifying a lot and omitting family details the lack of email meant no monthly statements -- so I didn't spot a scam subscription - among other things.

I knew I had to fix this but I dreaded the side-effects. I'd already tried undoing the shared store Apple ID and ran into disaster; I had to reverse that attempt. I had to fix the Apple ID invalid email problem first.

Before Apple broke forwarding for the Apple ID "bob@mac.com" I had used "alice@icloud.com" as a forwarding address. Although there was no clue in the Apple ID online configuration tool, I knew alice@icloud.com was still entangled with bob@mac.com (see below, this post goes on for a long time but still omits much).

Ok, so far? I gets a bit simpler then you can skip the back story.

Anyhow ... when Apple broke forwarding they seem to have introduced the ability to change an Apple ID userid - such as bob@mac.com. I believe, though I can't find any documentation, that the visible username with the form of an email address (ex: bob@mac.com) is an alias for an unchanging hidden identifier (maybe a GUID). 

After some thought I decided the cleanest approach would be to change my Store Apple ID visible username from bob@mac.com to alice@icloud.com (I knew the two were entangled, see below). It's easy to make this change from appleid.apple.com. When I did this I was not asked to confirm that alice@icloud.com was a valid email address I owned. All I got was an email sent to to alice@icloud.com saying the change had been made.

After I made the change I found the following. I expect other changes as Apple's different systems synchronize and update (I will update this as I learn more, I expect to learn of problems from family members later today):

1. I cannot login to the Apple ID or anywhere using bob@mac.com but the two factor notification dialog still says bob@mac.com (this may change).
2. I think I may have more control over Apple ID two-factor, I can add/remove trusted devices, remove from account, and I can add a second trusted phone number. I still can't add a backup email address; that is available on some other Apple IDs I have
3. Apple Discussions is intact. When I login with alice@icloud.com I show as "member since June 23, 2003".
4. Mail sent to bob@mac.com still fails, there's no redirect.
5.  iTunes on Mojave: asks me to sign in and displays new alice@icloud.com. Says session expired, asks again. Purchase history intact.
6. Media & Purchases on iPhone showed new iCloud address and I had no trouble with updating apps.

In addition, Messages in my personal dan@me.com iCloud stopped working! It turns out "Messages" has legacy associations with the old Apple Store ID used with iMessage before Apple implemented iCloud. I got this error message

Messages in iCloud not available as iCloud and iMessage accounts do not match. (Messages in iCloud is not available because iCloud and iMessage accounts are different.)

There's a fix here but it's not the one I needed. When I looked at Messages on my iPhone it showed only my Phone number, the Apple IDs were all absent. When I tried to enter an Apple ID it showed my store Apple ID; I chose "use other Apple ID" and entered my personal iCloud Apple ID. That worked and it immediately restored all my send/receive message list. I could then reenable messages in iCloud.

It didn't fully work on Mojave iMessages though. I reenabled using iCloud Messages in preferences there and about an hour or two later it seemed to start working (though uploading messages to iCloud is still ongoing.)

That concludes the current record of changes to date. So far it has been less of a problem than anticipated, but it's early days. I will add other issues as they emerge. Then I can return to the herculean tasks of moving family members off of a shared Media & Purchases account.

Below are details for the benefit of someone searching who finds this post. They are related older items that I will summarize in outline.

----------- additional details ---------------

As noted above years ago I had alice@icloud.com as forwarding email for the Apple ID bob@mac.com. The address bob@mac.com had no associated email because of complex changes Apple made in migrating from free iTools to not-free .Mac to MobileMe. [1][2]

When I finally realized I wasn't getting Apple media purchase statements for bob@mac.com I began investigating what had happened to the old alice@icloud.com iCloud account. I found it was deactivated. I was able to reenable it. That's when things got weird. Remember (if you read above) that there was no longer anything I the Apple ID settings for bob@mac.com that showed alice@icloud.com.

Once I reenabled alice@icloud.com with a new password I found that:

• Both alice@icloud.com and bob@mac.com worked as usernames for the same bob@mac.com Apple ID.
• The password for the bob@mac.com Apple ID had changed to match the alice@icloud.com password. [This actually took a day to propagate to iTunes purchases]
• Both alice@icloud.com and bob@mac.com showed the same iCloud services (mail, etc).
• bob@mac.com was still not a valid email address. 

fn -

[1] https://en.wikipedia.org/wiki/MobileMe#.Mac

Originally launched on January 5, 2000, as iTools, a free collection of Internet-based services for Mac OS 9 users, Apple relaunched it as .Mac on July 17, 2002, when it became a paid subscription service primarily designed for Mac OS X users. Apple relaunched the service again as MobileMe on July 9, 2008, now targeting Mac OS X, Microsoft Windows, iPhone, and iPod Touch users.

On February 24, 2011, Apple discontinued offering MobileMe at its retail stores, and later from resellers.[2] New subscriptions were also stopped. On October 12, 2011, Apple launched iCloud to replace MobileMe for new users, with current users having access until June 30, 2012, when the service was to cease.

... The original collection of Internet software and services now known as iCloud was first called iTools, released on January 5, 2000, and made available free of charge for Mac users.

Services offered by iTools included the first availability of @mac.com email addresses, which could only be accessed through an email client (e.g. the Mail app); iCards, a free greeting card service; iReview, a collection of reviews of popular web sites; HomePage, a free web page publishing service; the first version of iDisk, an online data storage system; and KidSafe, a directory of family-friendly web sites.

.Mac[edit]
As costs rose, most particularly due to iDisk storage space, the wide demand for @mac.com email accounts, and increasing support needs, iTools was renamed .Mac on July 17, 2002, as a subscription-based suite of services with a dedicated technical support team.[25]

... Existing iTools accounts were transitioned to .Mac accounts during a free trial period that ended on September 30, 2002. This move generated a mixed reaction among Mac users, some believing .Mac was overpriced...

[2] eWorld https://en.wikipedia.org/wiki/EWorld

. Yesterday the password for App Store was different from password for Apple ID but today they seem to be same. I think they are two different systems that update every few hours...

 · Feb 19

Today it appears there is a single Apple ID with two usernames and one password. One username has iCloud services but is nowhere displayed in Apple ID information. twitter.com/jgordonshare/s…

... If you change a phone's Store ID to match the phone's iCloud ID  you cannot update all their apps with their iCloud ID password. You need to use the old Store ID password. Even when family sharing is in play...

... I have a hunch that Apple has an internal ID for users separate from the username (email form) displayed with their Apple IDs and Store IDs and iCloud IDs and that is what they use in FairPlay. 

The AT&T / Apple eSIM activation fee scam: $30 "discount" and a $30 activation fee

This is what you see when you go to buy an iPhone from Apple these days and pay full price:

You can choose "Connect to a carrier now" or "Connect on your own later". In this case they are the same price. 

If you choose "Connect on your own later  there's no additional fee. You swap the SIM card from your old phone and go.

If you choose "Connect to a carrier now" you will get an unlocked phone but it has an eSIM. It will also be "activated"; when that happens the eSIM is enabled and the old SIM card is disabled. Carriers charge a fee for activation. For AT&T it's $30.

So in this cases you pay $1,100 for the iPhone and there's a hidden fee of $30 from AT&T if you go the eSIM route. (I suspect if you switch a phone from SIM to eSIM you will also be charged $30.)

Sometimes Apple may choose to list the "Connect to a carrier now" with a "carrier discount" of $30. In this case they'll display the cost of the phone with the discount applied; the "Connect on your own later" will be $30 more. But if you choose the cheaper option you will get charged the $30 from your carrier. So Apple is .... lying about the price. Apple probably gets a kickback from the carrier,

Just choose "Connect on your own later" and pay the real price up front.

Twitter version:

AT&T's various fees, including this one.

Update 9/11/2022: For a semester in Italy we converted my daughter's physical SIM to an eSIM using the iOS convert to eSIM feature. Our next bill will tell us if there was a fee associated with the conversion.

Impressions of the Eero 6

In retrospect my AirPort Extreme was probably flaky for a while. It's hard to diagnose router failure issues, but my son complained his iPad Zwift app was disconnecting. I was getting corrupted Synology Time Machine backups after years of good results. Then the router started to power down spontaneously. It was 6 years old and the power supply had failed.

We bought an Amazon Eero 6.

Before I talk about the various issues and surprises, let me see this is one of the more fun purchases I've made in a while. It's a huge pain to move all our various devices over to the new primary and "Guest" (where untrustworthy hardware connects) networks, but it's delightful to see 5 WiFi bars everywhere. Including the MyQ garage opener -- which is at least 50 feet from our home. (That's how we open the garage door when it's less than 15F and the external battery powered device doesn't work.) I have one device by the Comcast router, one on the middle floor towards the garage, and one basically hidden beneath the ground floor serving the basement and side patio.

Why did I buy the Eero?

1. Microsoft doesn't make a router, so the least evil tech giant was unavailable.
2. Apple doesn't make a router, so my very Evil master was unavailable.
3. That left Google, Amazon and the small ones (Linksys) who may not last very long and thus can't keep the patches coming.
4. I read that Eero does a good job of updating its devices.
5. Google is maximal Evil. I'm in the midst of a long painful divorce from Google Apps and Google Drive and I really don't want anything more from Google.
6. Amazon could get me a Eero 6 threesome within 8 hours of ordering it. It came at 6am. I felt the fangs of my Prime Parasite dig deeper into my core.

What were the surprises?

• Some older equipment will not connect to an Eero 6. The problem seems to be that the Eero has one SSID with two frequencies; my old AirPort had separate 2.4 and 5 GHz SSIDs. Devices that can only handle 2.4GHz may not work. We ran into two problems [see update below]:

1. SONY Playstation 4 (SONY's link no longer works of course): Go to Settings > Network > Setup Internet Connection > Use Wi-Fi > Easy. Select the SSID (wifi network name) but don't choose it! Now press the Options button on the controller. Select the 2.4GHz band. (When I tried 5GHz I got an obscure error message.)
2. Samsung television: It simply won't connect. Samsung has some tips I've not explored, I could try updating the firmware. Google found some Reddit discussions but that site crashed at the moment. (This TV is behaving a bit oddly, so there may be other issues.)

• The Eero 6 has two ethernet ports on the base unit. It's hard to tell from Eero's dreadful web site but I believe the Eero 6 Pro has ports on peripheral nodes too. I needed one for the Synology NAS and one to the Comcast modem. Given that not all devices work with the Eero it would be nice to have parts on each station -- I could then hardware devices that don't work with Eero wifi.
• The Eeros are smaller than I expected.
• The Eero app crashes every time I try to assign a device to a profile. I suspect it can't handle the ethernet address swapping of modern iPhones. It's amazing that's not fixed.
• If you want to use the parental control features on iOS devices you need to turn off the ethernet swapping. This will make it easier for vendors to track your use however.
• Amazon tries to upsell subscriptions to services including a security package. This is really annoying and it keeps doing it even after initial decline. Be careful not to accidentally subscribe to anything. You don't get filtering or website controls without the extra monthly fee, other routers provide those for free (but they usually don't work well or at all with modern connectivity).

The easiest way to swap routers is to keep the network names and passwords the same. I couldn't do that for reasons, so I get the tedium of reconnecting very old devices to WiFi.

Update 2/27/2022: Pause 5 GHz to allow older devices to connect

I read an Amazon review saying there was a way to pause 5G to allow older devices to connect! I haven't tried on the TV yet. It's an obscure feature:

Settings -> Troubleshooting -> My Device won't connect -> My device is 2.4 GHz only -> Temporarily pause 5 GHz.

There are some other features buried in troubleshooting, including Health Check.

1Password WiFi broke with my new iPhone - how I fixed it (for now)

I pay about $4 or so every month to 1Password because I have not yet been able to replace it. Reason enough to dislike them, but there's worse. 

We use 1Password's legacy WiFi sync with 1Password 7. It dates from the days that 1PW was merely mediocre. It was flaky and annoying but it mostly worked. We didn't have to put our lives into the hands of company that could be hacked or acquired at any time (China, Russian ... who wouldn't want those yummy credentials?). Even now that we pay monthly (not yearly, because I plan to leave) we still use WiFi sync.

Every so often we get this:

WiFi sync is deprecated and unsupported now, but there is still a troubleshooting page. Check WiFi, restart everything, restart router, toggle WiFi sync on/off, etc. That usually works, but this time was different. Nothing worked.

I'd just replaced my iPhone 8 with an iPhone 13 Pro, so I had a hunch what was wrong. [1] There was something broken in the authentication process between my phone and the MacBook running the desktop version of 1Password. I needed a button that said "reset authentication" -- but that doesn't exist. I could delete 1Password and reinstall, but it had been a few weeks since my last sync. Who knows what I'd changed. I didn't want to lose everything.

This is what I did:

1. I saved copies of things I knew I'd changed to a local text file
2. I discovered iOS 1Password has a backup/restore feature and I could transfer that to a Mac by iTunes. You can actually unzip the backup and browse it in SQLite, including the database schema (I think passwords are encrypted though).
3. After I saved my backup to my Mac I deleted and reinstalled 1Password. As I'd guessed this allowed me to sync again. (Bad Bug 1Password Inc. But you don't care.)
4. I then went back to my Mac, copied the backup using iTunes back to my iPhone, then did a restore on the iPhone
5. I then did sync again.

It's not quite as simple as that. I had to quit and restart 1Password a few times. At one point 1PW for iOS was only showing me sync options for Dropbox! Somehow, after some restarts and tweaks it seemed to sync. Did it all sync properly? I have no idea. For now it's no worse than it ever was.

Once Apple Passwords get the notes feature (holds secret questions) we'll migrate to a hacked together approach of Apple Passwords and a shared Secure Note and I'll finally be done with 1Password.

Update: looks like the process lost my authenticator codes.

[1] I dread iPhone swaps. I try to do them no more than every 5 years. All kinds of pain happens.

Can you edit photos in Halide App? (No, you can't)

Halide is a popular image app. I've had it for a while but only with my iPhone 13 Pro did it feel worth using. The manual focus in particular came in handy.

Then I went to edit my image and I couldn't figure out how to do it. I'm not the only one, Google captures the common question but the responses are useless. The Halide app description and web site don't help with figuring out how to edit. I tried all kinds of gestures and swipes and taps and holds...

Yeah, you can't. It's not a photo editor. All the adjustments are like doing manual setup on an SLR for Raw or HEIC or JPEG.  You have to edit in a different app (including iOS photos). Halide is a replacement for Camera.app, not for Photos.app.

In retrospect it makes sense, but it confused the heck out of me. It doesn't help that the Halide user guide has a weird chapter on editing.

Google isn't what it once was, but maybe one day it will use this post to answer the common questions.

Surprising things in my upgrade from an iPhone 8 to an iPhone 13 Pro (mostly bad)

 This is what surprised me:

1. The 13 Pro is  chunk. Compared to the i8 it feels heavy and big. It's thicker than I expected.
2. The lenses poke out a lot. It needs a case to lie flat. Which makes it even chunkier. I ordered the mag safe compatible Spigen clear case.
3. There's still a bug in the update process. Settings may get stuck on Update Apple ID Settings. I had to power down and restart. Definitely annoying.
4. You can order generic or carrier preset (Connect to Carrier). If you order Connect to Carrier your carrier will charge you a $30 activation fee and you get an eSIM phone. If you order without the carrier preset you need do do a SIM swap but there's no activation fee. When the carrier charges a "discount" Apple shows this as the phone price even though the actual price is $30 higher. So I'd call this one a joint Apple/Carrier scam. The advantage of a physical SIM is that you can move your number to a new phone if needed, the disadvantage is that someone who has your phone can also do that (and defeat some 2 factor protection).
5. After you insert the SIM card you can convert to eSIM! The option shows up in Cellular for AT&T. Your physical SIM card will be deactivated, so you can't use a backup cell if your phone dies. I suspect if you did this your carrier would charge you a $30 activation fee.
6. It took about an hour to do phone-to-phone swap but installing all my apps looks like it will take quite a while.
7. I needed to read the manual -- especially about the camera. The zoom control is kind of cool. The transfer didn't respect my settings for compatible (JPEG, not HEIC) or Live Photo off. I had to reapply.
8. There's no documentation at all with the iPhone. Not even the simplest pamphlet identifying the buttons. Everything is in an email sent in advance of the phone.
9. It ships with a USB-C to Lightning cable. Weirdly I thought it was an adapter and I needed to buy one. So I have two. I'm sure I'll find a user for it. I bought the Anker USB-C mini-charger.
10. The app install seemed to start but not progress. A restart didn't help. I was over 10 devices with my Apple ID so I removed my old phone. I then installed a new app from the App Store. Eventually apps started to complete.
11. It ran hot for the first day or two.
12. I share as part of the family, but "Find My" said it couldn't find me. I had to tweak my profile in Find My and specify my new phone as my location source.
13. I went to use Apple Pay and there were no cards! Turns out Apple Pay/Wallet cards are not part of the iCloud backup. That included a transit card with an account balance. On the other hand my pending event tickets ("passes") and expired passes were restored. However, when I clicked to add new cards iOS offered to restore cards used in past! The Apple Card and the Transit card (with balance) restored immediately, I had to enter the 3/4 digit 'secret' code for the other cards.
14. Handoff (clipboard sharing) stopped working. This might have been related to my other Apple ID issues; also I'm doing it between Mojave and iOS 13 and that's a stretch. Still, the Apple ID problems are old and it worked before, so I'll call this an update bug. I had to sign out of iCloud on both my iPhone and Mac and sign back in to restore it. (I also signed out of Store ID on my iPhone.) Of course since I'd signed out of iCloud I had to restore my Apple Wallet cards again. And download a zillion photos again.
15. Authenticator style apps often don't backup properly. So you need to redo them all.
16. It's very easy to accidentally trigger the 911 code with my car adapter. I turned off the emergency dial feature.
17. 1Password 7 WiFi sync stopped working. My theory is I need to regenerate some private key but that's not supported. The company no longer supports WiFi sync so I'm kind of screwed here. [I figured out something close to a fix.]
18. The zoom, low light image enhancement, and Find Objects features are nice, but the iPhone 13 Pro is actually not all that big an improvement over the iPhone 8.

Contents of email sent with iPhone 13 Pro:

Guides to Get You Started Setting up your new iPhone Watch and learn with video guides from Apple Support. Read step-by-step guides at your own pace. How to transfer data to your new iPhone › How to back up your iPhone ›

iPhone Activation How do I activate my iPhone? Once you have your iPhone, activation is simple. Turn on your iPhone by pressing and holding the side button for a few seconds. Then follow the onscreen instructions to set it up. To activate this iPhone on your employer’s plan or a prepaid plan, you may need to contact your carrier, or—if your workplace employs more than 25 people—your employer. If you didn’t choose a carrier when you bought this iPhone, you’ll need to contact a carrier or insert your own SIM card. Older SIM cards may not work on a 5G network. You may need a new SIM card from your carrier. Do I need a SIM card? iPhone 13 models activate on eSIM. With eSIM, no physical SIM card is needed to connect to a cellular data plan, though you will need Wi-Fi for setup. If you would like a physical SIM card, you can reach out to your carrier. iPhone 12 and earlier models may arrive with a physical SIM card already installed depending on your choice of carrier.