Can someone please just lay out an understandable process for fixing this, step by step. Apple should do it immediately, but if anyone can help it would be very appreciated
It’s not a big deal unless you don’t trust people who have access to your Mac. However to really be safe (at the risk of inconvenience) you can lock the login keychain in keychain access. Launch that app (you can use spotlight) and on the left panel there’s a login keychain, amongst others. Right click to lock it.
You will be asked for a password for all autocomplete name/passwords kept in keychain. (The remember me on the website itself wont be affected).
If they can pay about $3 Billion for Beats- a "me too" rental service that also sold crappy headphones and speakers, they can afford to pay better bounties for bugs and hire more people to suit their stuff.
You realize that became Apple Music, right? /eyeroll
"1) the person trying to steal your passwords has to first have access to your Mac."
So don't give your Mac to the hacker... Problem solved! ;-))
In most cases anyone with access to the Mac can reset the admin password using the recovery partition. Once you have the admin password you can reset the Keychain password. On the other hand File Vault recovery can be a bit problematic.
You obviously have not tried to reset a keychain password that is not the same as the login password.
Comments
You will be asked for a password for all autocomplete name/passwords kept in keychain. (The remember me on the website itself wont be affected).