Mac Keychain Locked or Corrupt? Here's How to Fix It

You log in fine, but every minute or so a dialog appears: “macOS wants to use your confidential information stored in ‘login’ in your keychain. Please enter the keychain ‘login’ password.” You type your login password. The dialog closes, then comes back ten seconds later. Or Safari starts asking for every saved website password. Or Mail can’t reach Gmail because it can’t read its OAuth token from Keychain.

This is the classic out-of-sync Keychain problem, and it usually has a clear cause: your login password and your login Keychain password drifted apart. Let’s fix it.

How Keychain works on macOS

Your Mac has multiple keychains:

• login keychain — created at first login, stores the bulk of your saved passwords, certificates, and tokens. Located at ~/Library/Keychains/login.keychain-db.
• iCloud Keychain — synced to other Apple devices. Stored separately and can hold different items.
• Local Items / iCloud — newer macOS versions use this for the synced layer.
• System keychain — system-wide certs and Wi-Fi passwords. /Library/Keychains/System.keychain.

The login keychain is unlocked when you log in by feeding it your account password. If that password ever drifts out of sync — typically because you changed your account password somewhere other than the standard System Settings flow — the login keychain stays locked, and every app that needs a saved credential prompts you.

The repeating “enter the keychain login password” prompt

The exact dialog:

“macOS wants to use your confidential information stored in ‘login’ in your keychain. Please enter the keychain ‘login’ password.”

This means the login keychain is locked and macOS is asking for its password (which should match your login password but doesn’t anymore).

Fix 1: Type your old account password

If you remember your previous account password, try it. If it works, the keychain unlocks and you can update the keychain password to match your new account password:

1. Open Keychain Access (Applications → Utilities).
2. Right-click the login keychain in the sidebar → Change Password for Keychain “login”.
3. Enter the old (now-unlocking) password.
4. Set the new password to match your current login password.

The dialog stops appearing.

Fix 2: Reset the login keychain

If you don’t remember the old password (or it never worked):

1. Keychain Access → Preferences → Reset My Default Keychains.
2. Authenticate with your current login password.
3. macOS creates a fresh login keychain.

You’ll lose every saved password, Wi-Fi network, and OAuth token from the old keychain. Apps will prompt you to log in again on next use. iCloud Keychain entries (synced from other devices) sync back automatically.

If the menu option isn’t available in your macOS version:

mv ~/Library/Keychains/login.keychain-db ~/Library/Keychains/login.keychain-db.OLD

Restart. macOS creates a fresh login keychain on first login.

Skip the manual huntSweep clears the cruft that triggers most of these errors — caches, logs, leftover daemons. Download Sweep free →

“Keychain not found” or “Keychain is corrupt”

The full text is usually:

“The keychain ‘login’ is corrupt or has been tampered with.”

or

“An error occurred while attempting to read or write to the keychain.”

These are filesystem-level problems with the keychain database file.

1. Make a backup. Move ~/Library/Keychains/login.keychain-db somewhere safe.
2. First Aid in Disk Utility can fix the underlying disk if errors are storage-level.
3. Repair via Keychain Access:
   • Older macOS: Keychain Access → Keychain First Aid (under the Keychain Access menu).
   • Newer macOS: this menu was removed; use Reset My Default Keychains instead.
4. Recover items manually. If you have the backup .keychain-db file from before corruption, you can re-import it via Keychain Access → File → Add Keychain.

Keep the old data when resetting

If you reset the login keychain but want to recover specific entries from the old one:

1. After reset, open Keychain Access.
2. File → Add Keychain.
3. Navigate to your renamed login.keychain-db.OLD.
4. Enter the old password (you’ll need it).
5. The old keychain mounts as a separate keychain in the sidebar.
6. Drag specific items into the new login keychain to migrate them.

If you don’t know the old password, the data is unreadable. Encrypt-by-design.

”Keychain doesn’t exist”

If apps complain a keychain doesn’t exist (sometimes specific to the iCloud keychain):

1. System Settings → your name → iCloud → Passwords & Keychain. Toggle off, wait, toggle on.
2. macOS recreates the iCloud Keychain locally and syncs from your other devices.

If you have no other Apple devices, iCloud Keychain must be re-bootstrapped from your verification code or trusted phone.

Wi-Fi passwords keep prompting

Wi-Fi credentials live in the System keychain, not login. If macOS keeps asking for Wi-Fi passwords:

1. Keychain Access → System keychain in sidebar.
2. Find the network entry. Right-click → Delete.
3. Reconnect to the network and re-enter the password.

If the System keychain itself is having problems:

sudo security unlock-keychain /Library/Keychains/System.keychain

Enter your admin password. This unlocks the system keychain manually.

Diagnose AND clean in one appSweep finds the buildup behind the error and clears it. Try Sweep free →

Specific apps that misbehave

Mail can’t connect because of Keychain

Mail caches OAuth tokens in Keychain. If those go bad:

1. Mail → Settings → Accounts → select the account → uncheck “Enable this account.”
2. Re-check it. Mail will re-authenticate and write a fresh token.

For Gmail and Office365 specifically, this is the cleanest fix.

Safari prompts for every site password

Safari pulls from iCloud Keychain. If the iCloud keychain is unlocked but Safari doesn’t see entries:

1. System Settings → your name → iCloud → Passwords & Keychain → toggle off and on.
2. Quit and relaunch Safari.

If still failing, sign out of iCloud entirely and back in.

Slack, Notion, or other apps prompt for OAuth on every launch

These apps store session tokens in the login keychain. A fresh login keychain wipes them — that’s expected; just re-authenticate once and the new token is saved.

When two-factor or Apple ID is involved

Some keychain operations require Apple ID re-verification:

1. Make sure you’re signed in to your Apple ID in System Settings.
2. Have a trusted device (iPhone, iPad, another Mac) nearby for the verification code.
3. iCloud Keychain especially benefits from a recent successful sync to another device — it can re-bootstrap your Mac from there.

Avoid the password drift problem

The root cause of most repeating Keychain prompts is changing your account password without updating the keychain. To prevent this:

• Change your password through System Settings → Users & Groups → Change Password. This updates both your account password and the login keychain password atomically.
• Don’t change your password via passwd in Terminal — it changes the account password but not the keychain.
• Don’t change your Apple ID password and assume your login Keychain follows. The login keychain password is local and separate from your iCloud account password unless you set up Apple Login.

If you suspect an upcoming password reset will desync things, update both manually first.

When you’ve genuinely lost the keychain password

Sometimes the data is gone. If:

• You can’t remember your old account password.
• You don’t have a backup.
• iCloud Keychain doesn’t have the entries you need.

Then those entries are unrecoverable. The encryption that protects keychain data is doing its job. Reset, re-enter what you can, and treat the lost entries as gone.

What about iCloud Keychain across devices?

If you have iCloud Keychain enabled on an iPhone, iPad, or another Mac, much of your common data syncs there. Resetting the login keychain on this Mac and re-enabling iCloud Keychain syncs the data back. This is the soft-landing scenario for most users — only data that only lived on this Mac is lost.

When it’s worth calling Apple

For most keychain issues, the fixes above handle it. Apple Support is the right call when:

• You can’t sign in to your Apple ID at all and need account recovery.
• The keychain damage extends to system-wide certificates that block macOS itself.
• You’re managing a Mac for a deceased family member and need access to their account.

Day-to-day keychain issues are rarely deep enough to need Apple’s help. Reset the login keychain, accept the small loss of saved passwords, and move on.

The Keychain is doing one job — keeping your secrets encrypted — and most of its scary error states come from the password handle drifting out of sync. Fix the handle and the system trusts itself again.