how to restore disappeared saved passwords after changing local user login password

after a lot of ultimately not super-useful research, here is what I ultimately did which recovered the passwords I was after:

back up the data in the user account manually

as admin, completely delete the user account and delete all its folders

as admin, recover the full account from time machine

as admin, recreate the account while re-using the folders generated from time machine

login to the account

observe that the passwords are now there

manually re-merge data in the manual backup

Thanks to all who took the time to read my posts and try to help!

This is very hopeful! I just checked the Library box on View Options and also did "chflags nohidden ~/Library" in the Terminal for good measure. I can see the Library folder in my Home folder. But when I Enter Time Machine it's now shown. I'm researching what else I can do to hopefully make it show up if it's really there.

Edit:

defaults write com.apple.finder AppleShowAllFiles TRUE

killall Finder

seems to have done the trick of showing the Library folder which is, in fact, in the Time Machine backup.

I'm able to recover the login.keychain-db and metadata.keychain-db files using time machine as you suggest, but using "Keychain Access" shows that the web form passwords aren't in there.

Comparing with another user account on the same mac, it appears that web form passwords are actually stored in a keychain named "Local Items" which does not appear as a .keychain-db on disk. Reading on the web it seems that this keychain is somehow (perhaps?) backed by a sqlite db stored in keychain-2.db. I can retrieve that file from time machine as well, but now it's a matter of how to read it because it doesn't seem to simple load into "keychain access" as an ordinary keychain...

Thanks again for your follow-ups. Unfortunately Time Machine does not appear to backup the ~/Library folder, so it doesn't keep track of the Keychains. This seems like a surprising design choice to me, but so it appears to go.

Thanks for your response! I do see files names login_renamed_1.keychain-db in my ~/Library/Keychains. Viewing that file inside of the "keychain access" app doesn't seem to show the web form filling fields I am missing though...

Thanks for taking the time to read and respond. I want to hope that those passwords are still somewhere because I don't know if a recovery process is entirely possible for all of them.

Do you happen to know if there's a chance that they might be backed up somewhere? Perhaps the point you are making in your response is that they are deliberately deleted.

got it thanks. actually I just looked at the dates on that file and it seems like it's an older file predating the password change event.

the one file that does have a date on the day when I changed the password is called "user.kb". I guess that's not a keychain. I see few pages online about what this is. any chance it might hold some hope? there's also an SOSAccountSettings.pb from the following day.

I see a 10+ yr old thread about how to read passwords out of those files but it has some shady looking download links to a "ul.to" redirector...

How do I get passwords out of keychain-2.… - Apple Community

It would be great to know if people believe this is safe and/or if it still might work after all these years.

Certainly it would be ideal if there were some Apple standard way of reading that .db instead...

no unfortunately "Add Keychain..." doesn't do anything on that file...