So, you’ve found yourself in the shoes of every admin who’s ever touched a Mac — your end user forgot their local user account password on their Mac. Not to fret! We got you.
Here are a few ways to reset a Mac password, and they’re pretty damn quick.
IdP considerations
Before you start, consider whether your company uses an identity provider (IdP) or single sign-on (SSO) solution. These systems may sync device user passwords with the provider, such as PSSO through Microsoft Entra, Okta, etc.
IdP password policies are the primary source of truth in these scenarios, and you should always aim to keep the local Mac user account password the same as the user's current IdP password.
Due to the startup disk's offline nature, you always need to enter the old IdP account password into the login window on the Mac one last time, even after you change the IdP password online. The user account must log in and connect to the internet to sync with the new password.
There are two ways to update a password: changing and resetting.
Change password
Always choose this option first if you’re able.
Do this step within the user account System Settings.
You need to know the old password.
Changing the password maintains the login keychain.
Reset password
This is the nuclear option for when the original password is lost and irretrievable.
Resetting a password affects the original login keychain and populates a new instance of the login keychain with a new password.
How to change a Mac password
If you remember your current password and simply need to update it, you can do so within the user interface.
Self service
Every time you reset a password, immediately log out of that account and log back in with the new password.
Users & groups
Open System Settings.
Go to Users & Groups.
Tap the i button next to your user icon.
In the pop-up, click Change next to Password.
Another pop-up populates.
Enter the fields:
Old Password
New Password
Verify New Password
Password Hint (optional)
Click Change Password.
Touch ID & password
Open System Settings.
Go to Touch ID & Password.
Click Change under Password.
A pop-up should appear.
Enter the fields:
New Password
Verify New Password
Password Hint (optional)
Click Change Password.
Any org-set password requirements reflect as a checkbox when each requirement is met in the new password.
How to reset a Mac password
Depending on your situation and setup, there are several methods for resetting a user account password.
Admin account
The simplest way to reset a password for a locked-out user across various scenarios is to log into another admin account on the affected machine. Whether in person or remotely, follow these steps to change the Mac password.
Log in to an admin account on the affected machine.
Open System Settings.
Go to Users & Groups.
Click the i button next to the user.
In the pop-up, click Reset next to Password.
Enter your admin user credentials.
Enter the fields:
New Password
Verify New Password
Password Hint (optional)
Click Reset Password.
Apple Account
Setup
First, make sure the Apple Account option is enabled:
From an admin account:
Go to System Settings.
Click on Users & Groups.
Click the i button next to a user account.
Turn on Allow user to reset password using Apple Account.
Login window
After three failed password attempts within the login window (or just clicking Enter three times), you’ll see a small pop-up that says, “If you forgot your password, you can…Restart and show password option.” Then, follow these steps:
Click the arrow next to Restart.
The computer reboots and opens to Recovery with a pop-up window asking users to log in with their connected Apple Account.
Enter the user's Apple ID credentials.
After the credentials are successfully entered, Apple sends the user an MFA code for the Apple ID.
Enter the code.
After the verification code, a pop-up window titled Reset Password asks you to choose a user to reset the password for.
Enter the fields:
New Password
Verify New Password
Click Next.
Click Restart.
Log in to the user account using the new password.
For more details on resetting with Apple ID, see Apple’s Tutorial.
Using FileVault recovery key
What is a FileVault recovery key?
A FileVault recovery key is a unique code generated when you enable FileVault, Apple's disk encryption feature for macOS. If you forget your login password, it unlocks your drive and serves as a backup method to regain access to your encrypted data.
At the login screen, if you see an option to enter a recovery key, click it.
Input your FileVault key to reset the password and follow the prompts.
When you first turn on FileVault within the System Settings on a Mac, you’ll see the following prompt:
To enable FileVault for the first time:
Go to System Settings.
Under Privacy & Security.
Click FileVault.
Click Turn On.
The pop-up window asks if you want to set up your iCloud account to reset your password using an automatic FileVault recovery key. Alternatively, you can create a manual alphanumeric recovery key and bypass using any Apple Account altogether.
The manual FileVault key removes an Apple Account from the equation and directly gives you the key you'll need to unlock the account.
If you take the manual key, you are responsible for saving, remembering, and maintaining it whenever you or your users need it.
As an organization, the easiest way to utilize FileVault recovery keys is to escrow them directly to your mobile device management platform.
For more FileVault resources, see:
How to find the FileVault Recovery Key with SimpleMDM
If you escrow your FileVault keys to an MDM like SimpleMDM, you can find the device’s unique FileVault recovery key by looking at the device information page.
Log into SimpleMDM.com.
Under Devices > Search the serial number of the affected device.
Click the device.
On the Info tab > under Security > FDE Recovery Key.
Loading...
Need secure management? Try SimpleMDM free for 30 days to unlock streamlined Apple device management and robust security features.