I factory reset my iPhone and set it up from new which caused the notification 'Update Apple ID settings' to appear on both my iPhone and my Mac. After asking for my apple ID password it then asked for my iPhone passcode on my phone and my Mac password on my Mac. I have reset my phone a few times in the last few months due to various issues and have never been asked for these local passwords before.
The exact message on my Mac read 'the password you use to unlock this mac will also be used to access saved passwords and other sensitive data you store in iCloud'. The message was coming from the settings app.
Why is this happening? Is there any reason why Apple needs these passwords?
I have read things about this being something to do with iCloud Keychain but I have never had keychain on. Just want to know if this is something that is supposed to happen as it seems a bit odd to me.
Best Answer
With new hardware and new OS - Apple can entangle the local device password and keychain to cryptographically log in to your iCloud account / AppleID account without needing your password once the setup and initial hand shake to sign in with that iCloud/AppleID is completed.
This confuses a lot of people since they are expecting to enter an iCloud password and not the local admin credentials. This change is across watchOS, TVOS, iPadOS, iOS and macOS.
This also can be prompted when you do a setup / transfer:
I feel this is much more secure overall since it mitigates if you have a key logger and if you lose control of your local admin - this means someone can't use Keychain Access to reveal your iCloud password - it just reveals a secure token that works with one device and can't be abused to download your iCloud data from another device.