Occasionally, a user may attempt to change their password and encounter the following prompt:
This prompt appears when the user's Secure Token has been broken, which can occur when the user's password is reset.
Note: The sysadminctl tool may report that the Secure Token status is enabled, even though it is broken.
Restoring the user's Secure Token will allow them to change their password.
If another user account is present on the device with a valid Secure Token, see the KB article SecureToken within GoLive - Users to learn how to restore the affected user's Secure Token.
If no other accounts on the device have a Secure Token, see our KB article Fixing broken Keychains (Secure Tokens) using Recovery Mode.