The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

What to Do When You’ve Lost Your Mac’s Password

Aired on April 20, 2017

  • Did you actually forget your password?
  • Resetting your password through Apple ID.
  • Resetting your password with another administrator account.
  • Using the terminal in recovery mode to reset the user password.
  • If you’re using FileVault, you have other options.

Keeping good password protection on your Mac is something everyone should do — especially if you use a MacBook in public, away from home. It’s the first line of defense against unauthorized entry to your machine; without it, anyone who gets their hands on your machine – physically or across a network – will have immediate access to all your files. However, putting a password on your Mac does create a worrisome possibility: what happens if you forget the password?

Losing access to your computer is not only frustrating, it can be seriously stressful if you need the data on its hard drive. Luckily, there are a variety of things you can try to get back inside if you’ve forgotten your password. On today’s episode of The Checklist, we’re looking at password recovery methods. The exact procedure that will work for you depends on the way you’ve set up your system. We’ll also discuss some potential ideas for avoiding this problem in the future. Let’s start with some of the basic built-in recovery and reset methods.

Did you actually forget your password? The first thing to do is to make sure you’ve actually forgotten the password. This one sounds simple, But if you keep entering what you think is the correct password but it just won’t work, it’s worth checking a few basic things first. With something as routine as logging into your machine, it’s easy to miss subtle things that could cause you to enter an incorrect password.

Does the password field show the “caps lock” symbol? Everyone’s hit that key accidentally before, and you might not notice the icon in the password field. Double check that you’re entering every character of the password correctly. If you don’t remember it at all, try checking the password hint you may have created during setup. A hint could be enough to jog your memory and allow you to enter the right password.

In some cases, you can log in with the password used for the Apple ID associated with your iCloud account. Before you begin any other recovery methods, try this first. Apple notes on its help website that if you’ve recently changed your password, you may be able to log in with your old one first; from then on, the newer password will be your key to unlocking your Mac. If you’re still unable to log in — or if you really don’t know your password at all anymore — it’s time to move on to your first steps in the recovery process.

Resetting your password through Apple ID. During your attempts at entering your password, did the prompt change to include a message about resetting it via your Apple ID? There’s a good chance that when you were trying the wrong password earlier, your Mac asked if you wanted to reset your password using Apple ID. If that didn’t happen, try entering several passwords now. If you still don’t see that message, resetting with Apple ID won’t be an option for you. You have to have previously linked your macOS user account to your Apple ID for that to work. If you did do that and resetting with Apple ID is an option, here’s what you do: First… click on the area next to the message.

Your Mac should now show you another login prompt, this time for your Apple ID or iCloud credentials. If you still remember this information, enter it into the box now. Once Apple authenticates this info, your Mac will allow you to reset the local user account password immediately. It’s that easy. Once you reach this stage, we suggest you take the opportunity to create a password hint to help prevent this situation from occurring again in the future. After resetting your password, you can log in to your Mac as you normally would. There is an additional step you’ll need to take for this method and all the others we’ll discuss — but we’ll cover that a little later.

If you haven’t linked your Apple ID to your user account, there are still other ways to try recovering access. This next option is helpful if you aren’t an administrator of the machine, or if another user also has administrator privileges.

Resetting your password with another administrator account. Logging in to another admin account is the next option. If you don’t have those credentials, ask the user who does; once you login as the admin user go straight to the System Preferences window. On this menu, locate the “Users & Groups” options and click on it to open. Now look for the padlock icon, which Apple uses to show functionality that requires further authentication. Click on the padlock and you’ll receive a prompt to enter the admin login information one more time. After you’ve supplied these credentials, you’ll see a list of all the Mac’s users.

Select your username. Click on the “Reset Password” button now displayed in the window. Once again, you will be able to immediately reset the password while creating a helpful hint at the same time. After specifying this info, you can click “Change Password” and then log out of the admin account. You should now be able to log in to your account as normal.

Are you the only admin on the machine? There are still a few options left, but they’re slightly more technical than these first two. If you’re still trying to find a way past your password, you can try to use the terminal (Mac’s command prompt) in one of several ways. Luckily, the first one is easy enough for anyone to try.

Using the terminal in recovery mode to reset the user password. If the previous methods haven’t worked or if you just want to solve the problem quickly, you can go “old school” and use the Terminal to reset your password. Start by rebooting the machine; during the startup procedure, hold down the Command and R keys. Your Mac will boot into the macOS recovery mode (you can stop pressing the Command and R keys at this time).

Click on the Utilities menu, then select the Terminal. You now have an open command line interface window. Now type “resetpassword” — that’s all one word and all lowercase. You’ll get a prompt to choose your boot drive (if you have more than one), and then your specific user account. After selecting it, the utility asks you to enter a new password for the user, similar to the previous methods. Once you’ve reset the login, you can reboot the machine again and return to your account.

There are other options in the Terminal, too, including creating a new administrator account and more. However, these require several longer commands. Sticking to the “resetpassword” method is the simplest and most effective trick.

There are some times when these methods won’t work at all, though. If you’ve enabled Apple’s full-disk FileVault encryption, you’re going to have to rely on a few methods specific to that situation. Because your hard drive is now encrypted, Apple disables these basic reset methods; otherwise, it would be too easy for a thief or another malicious party to gain access to your data. If you know your FileVault password, though, you can unlock the ability to reset passwords on the boot drive through the Disk Utility application. This takes us to Item Five on the list:

If you’re using FileVault, you have other options. If you’ve encrypted your disk, wait one minute at the login screen. When you receive a message that you can press the power button to reboot into the Recovery mode, turn your Mac off via the button. Turn it back on again, and you will soon receive the FileVault password reset assistant. You can choose “I forgot my password,” at which point you will need to supply your FileVault details to authenticate yourself. Once you do, you can access the same reset process we’ve already described. As you can see, there are many roads that all lead to this same destination.

Do you remember your Recovery Key? Your recovery key is a special code created by FileVault when you encrypted the disk and which you should keep written down in a safe place. If you know your key, you can also reset the password directly from the login screen. Fail the password prompt three times, and FileVault will offer to allow you to use the key. Click on the arrow that appears, supply the Recovery Key in the new field, and proceed to change your password.

Now for that final step we mentioned earlier. After using any of these methods, you might encounter a worrying message the next time you log in to your account. Your Mac might tell you that it couldn’t unlock or access your login keychain. Don’t worry — you haven’t lost any critical data in the reset process. Loss of access to the keychain just occurs because the system cannot match your new user password to the old one. It’s quick and easy to make a new one and regain access to your keychain. If you receive the alert, the system should present you with a “Create New Keychain” button. Press that, and you’re finished.

If you don’t see the alert, you should reset the keychain manually. You’ll find the necessary utility, called Keychain Access, in “Utilities” under the Applications folder. Find the Preferences button and click on “Reset My Default Keychain.” You’ll need to enter your brand-new password now. Afterwards, log out and back in again to finish resetting your keychain. Now all the necessary passwords match, and you can continue using your Mac as you normally would.

Don’t let the frustration (or the panic) of forgetting your Mac’s login password get in the way of finding a solution that works. The options we’ve just discussed all have excellent reliability and will let you access your account again without too much hassle. However, if you’re still experiencing problems even after trying all those steps, Apple advises users to contact them directly for additional help. We do want to remind our listeners, though, that Apple won’t be able to break FileVault encryption if you’ve lost your recovery key and password. At that point, re-installation of the operating system is the only real option left.

To keep it from coming to that, try to keep your login password memorable to you – but not as simple as “1-2-3-4-5”; remember you don’t want someone to guess your password easily, you still want to keep your Mac secure. When using FileVault, always keep your recovery key in a safe place you can easily remember — storing it in a safe deposit box at your bank is a good idea. With the right precautions, you can avoid this situation — but if you do forget, at least you’ll know the potential solutions.

That covers everything to do with password recovery; as always, thanks for joining us for this episode of The Checklist. We’ll be back again next week with more.

If you’d like more information on this topic, or if there’s a specific one you’d like to see us cover on a future episode, send us an e-mail at checklist@securemac.com!

Share on Facebook2Tweet about this on TwitterShare on Google+0Email this to someonePrint this page