I'm not sure if we should be worried… Mom does not change passwords for her iMac system login, nor do I, but when I went to update some software this morning, the password doesn't work, nor can I login at Keychain repair. I opened Keychain Access and see that a file named Apple Persistent State Encryption – application password – was modified on April 2, 2015. I know she worked on the computer on the 3rd, but don't know if she tried to update software or do anything that would have called for a password.
Is it remotely possible her computer has been compromised and someone changed her system login password?? If so, is there any back door I can use to repair?
+++
Follow up: I was attempting to update an Epson printer driver and M/S Office. I did some further searching here on AskDifferent and found a helpful answer about rebooting and changing the admin password in Utility/Terminal mode. I did so and was able to change the password — altho when I restarted the computer, Keychain would only load with the old password (the one that didn't work to permit the software updates). Go figure. I think we are now good. Many thanks!
Best Answer
What is "Apple Persistent State Encryption"
So that one is normal.
As for your password, no one can change it without knowing the old password. If you have set up your log in with Apple ID assistance you can use it to recover your password. Read more here.