In Yosemite, Apple has changed the default type of password for a new User account on a Mac. I often call a User password a "computer" password, because most of my clients have just one User and to log into their computer, they enter a password. There can be more Users, and different kinds of Users. When sharing a computer with someone (usually a family member), you can have completely different environments if you have multiple Users. The dock, desktop background color, the arrangement of files and folders on the desktop, can all look very different. And different Users have different files as well. If you turn on Fast User Switching is System Preferences > Users & Groups, you will see the name of the current User in the menu bar right next to the time. 

Anyway, Apple has always asked you to create a password with any new User, and to create a new User with a new computer (unless you migrate one in from another source). In Yosemite, Apple still allows you to do that, but suggests you use an iCloud password. This requires you use an Apple ID password for your User password. 

The first time this became a problem for me was when I was asked to work on an iMac that the owner had forgotten the User password for. For many years, we could boot into an installer for the operating system to access a Password Reset Utility. Since Lion (10.10.7), we can now just boot to the Recovery Partition and go into Terminal (Apple's Unix command line) and enter a command to open that same Password Reset Utility. After resetting the password, if there are no stronger security features engaged, we, as techs, have control of the computer. 

The Password Reset Utility doesn't work with an Apple ID (iCloud) password. Why is that a problem? Tech support is usually time-sensitive. If there is not a true emergency, there is often a sense of urgency. Of course, this issue goes away rather quickly when the Apple ID password is known. When it is not known, the alternative is to reset the Apple ID password, usually at appleid.apple.com. Before that can happen, we have to identify the Apple ID user name. This is usually, but not always, an email address. Many of us have accumulated more than one Apple ID over the years, and the user login window, when requesting an Apple ID password, does not show the user name. 

Let's say you have tracked down the Apple ID user name and have gone to appleid.apple.com to change the password. Things can go wrong at this point as well. You have the choice to send out an email to reset the password or answer security questions. If you choose email, the address it goes out to may be unknown to you. If your user name is not an email address, then it is not obvious where the email will go. But even if it is, if you have put another email address in, as a recovery address, it will go that that address. You may no longer have access to either email address.

So you are back at appleid.apple.com and you choose to answer security questions instead. You may find that you don't know the correct answers for a variety of reasons. You may not be capitalizing the words correctly, spelling them correctly, or you may not remember the correct answers. Even your birthdate may be wrong. This has happened several times with my clients over the years. So unless you have written down your recovery email address and your security questions when you recreated them, you may be stymied. And if you did all that, you probably already know your password, so you don't need to be resetting it.

I highly recommend you don't use an Apple ID as your User password. And if you have, change it to use a "separate" password. In writing this blog, I realized that Apple may have wanted to make it harder to reset User passwords. If I am your tech, you want me to be able to reset your password in certain situations. But in some cases you might not. Either way, don't just set up an iCloud password for your new User. Decide how you want to handle the password for yourself.