Skip to content

How to reset Mac passwords

Headshot of Andrea Pepper, SimpleMDM writer and MacAdmin
Andrea Pepper|October 31, 2024
generalnewbanner
generalnewbanner

So, you’ve found yourself in the shoes of every admin who’s ever touched a Mac — your end user forgot their local user account password on their Mac. Not to fret! We got you.

Here are a few ways to reset a Mac password, and they’re pretty damn quick.

IdP considerations

Before you start, consider whether your company uses an identity provider (IdP) or single sign-on (SSO) solution. These systems may sync device user passwords with the provider, such as PSSO through Microsoft Entra, Okta, etc.

IdP password policies are the primary source of truth in these scenarios, and you should always aim to keep the local Mac user account password the same as the user's current IdP password.

Due to the startup disk's offline nature, you always need to enter the old IdP account password into the login window on the Mac one last time, even after you change the IdP password online. The user account must log in and connect to the internet to sync with the new password. 

There are two ways to update a password: changing and resetting.

Change password

  • Always choose this option first if you’re able.

  • Do this step within the user account System Settings.

  • You need to know the old password. 

  • Changing the password maintains the login keychain.

Reset password

  • This is the nuclear option for when the original password is lost and irretrievable.

  • Resetting a password affects the original login keychain and populates a new instance of the login keychain with a new password.

How to change a Mac password

If you remember your current password and simply need to update it, you can do so within the user interface.

Self service

Every time you reset a password, immediately log out of that account and log back in with the new password.

Users & groups

  1. Open System Settings.

  2. Go to Users & Groups.

  3. Tap the i button next to your user icon.

  4. In the pop-up, click Change next to Password.

  5. Another pop-up populates.

  6. Enter the fields:

    • Old Password

    • New Password

    • Verify New Password

    • Password Hint (optional)

  7. Click Change Password.

Touch ID & password

  1. Open System Settings.

  2. Go to Touch ID & Password.

  3. Click Change under Password.

  4. A pop-up should appear.

  5. Enter the fields:

    • New Password

    • Verify New Password

    • Password Hint (optional)

  6. Click Change Password.

reset pw 1

Any org-set password requirements reflect as a checkbox when each requirement is met in the new password.

How to reset a Mac password

Depending on your situation and setup, there are several methods for resetting a user account password.

Admin account

The simplest way to reset a password for a locked-out user across various scenarios is to log into another admin account on the affected machine. Whether in person or remotely, follow these steps to change the Mac password.

  1. Log in to an admin account on the affected machine.

  2. Open System Settings.

  3. Go to Users & Groups.

  4. Click the i button next to the user.

  5. In the pop-up, click Reset next to Password.

  6. Enter your admin user credentials.

  7. Enter the fields:

    • New Password

    • Verify New Password

    • Password Hint (optional)

  8. Click Reset Password.

Apple Account

Setup

First, make sure the Apple Account option is enabled:

From an admin account:

  1. Go to System Settings.

  2. Click on Users & Groups.

  3. Click the i button next to a user account.

  4. Turn on Allow user to reset password using Apple Account.

Screenshot showing the "Allow user to reset password using Apple Account" option in System Settings > Users & Groups >i.

Login window

After three failed password attempts within the login window (or just clicking Enter three times), you’ll see a small pop-up that says, “If you forgot your password, you can…Restart and show password option.” Then, follow these steps:

Screenshot showing the "If you forgot your password, you can…Restart and show password option" pop-up.
  1. Click the arrow next to Restart. 

  2. The computer reboots and opens to Recovery with a pop-up window asking users to log in with their connected Apple Account.

  3. Enter the user's Apple ID credentials.

  4. After the credentials are successfully entered, Apple sends the user an MFA code for the Apple ID.

  5. Enter the code.

  6. After the verification code, a pop-up window titled Reset Password asks you to choose a user to reset the password for.

  7. Enter the fields:

    • New Password

    • Verify New Password

  8. Click Next.

  9. Click Restart.

  10. Log in to the user account using the new password.

For more details on resetting with Apple ID, see Apple’s Tutorial.

Using FileVault recovery key

What is a FileVault recovery key?

A FileVault recovery key is a unique code generated when you enable FileVault, Apple's disk encryption feature for macOS. If you forget your login password, it unlocks your drive and serves as a backup method to regain access to your encrypted data.

  • At the login screen, if you see an option to enter a recovery key, click it.

  • Input your FileVault key to reset the password and follow the prompts.

When you first turn on FileVault within the System Settings on a Mac, you’ll see the following prompt:

Screenshot showing the prompt that displays when first turn on FileVault: "Your iCloud account can be used to unlock your disk and reset your password if you forget it."

To enable FileVault for the first time:

  • Go to System Settings.

  • Under Privacy & Security.

    • Click FileVault.

    • Click Turn On.

The pop-up window asks if you want to set up your iCloud account to reset your password using an automatic FileVault recovery key. Alternatively, you can create a manual alphanumeric recovery key and bypass using any Apple Account altogether.

The manual FileVault key removes an Apple Account from the equation and directly gives you the key you'll need to unlock the account.

If you take the manual key, you are responsible for saving, remembering, and maintaining it whenever you or your users need it.

As an organization, the easiest way to utilize FileVault recovery keys is to escrow them directly to your mobile device management platform.

How to find the FileVault Recovery Key with SimpleMDM 

If you escrow your FileVault keys to an MDM like SimpleMDM, you can find the device’s unique FileVault recovery key by looking at the device information page.

  1. Log into SimpleMDM.com.

  2. Under Devices > Search the serial number of the affected device.

  3. Click the device.

  4. On the Info tab > under Security > FDE Recovery Key.

Screenshot showing the security section of the device information page in the SimpleMDM.

Loading...


Need secure management? Try SimpleMDM free for 30 days to unlock streamlined Apple device management and robust security features. 

Headshot of Andrea Pepper, SimpleMDM writer and MacAdmin
Andrea Pepper

Andrea Pepper is an Apple SME MacAdmin with a problematic lack of impulse control around a software update prompt. When not poking at machines, Pepper enjoys being a silly goose in sunny Colorado with her two gigantic fluffer pups.

Related articles