Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
A locked gate.

Photo by Masaaki Komori

3 comments

Three Ways to Reset a Lost Admin Password in High Sierra

More than four years ago, Alicia Katz Pollock wrote “Five Ways to Reset a Lost Administrator Password” (17 January 2014), and through the vagaries of Google’s search algorithm, it remains our most popular article to this day. Apparently, lots of people forget their macOS passwords or need to help friends or clients who have lost their passwords.

Unfortunately, that article is long past its shelf life, so here’s a current guide to resetting an admin password in macOS 10.13 High Sierra. As before, you can accomplish this task in a variety of ways, depending on how the Mac in question was set up and what information you know.

Reset the Password from Another Admin Account

The best-case scenario is that there is another admin account on the Mac for which the password is available. If that’s true, you can log into that account and change the password for the locked account:

  1. Open System Preferences > Users & Groups.
  2. Select the locked account in the list at the left. (If necessary, click the lock at the bottom of the window and provide your admin credentials.)
  3. Click Reset Password.
  4. Enter the new password, verify it, and (optionally) include a password hint.
  5. Click Change Password. Resetting a password in System Preferences.

The only problem with this method is if the locked-out account is logged in, you can’t modify it. The easy solution is to restart the Mac, log in with the admin account whose password you do know, and carry on from there. To forcibly log out the other user while rebooting, you have to enter an admin username and password.

Logging out other users to reboot a Mac.
If you have to log out an admin account whose password you don’t know, you can use the name and password of another admin account to do so.

If you don’t currently have an extra admin account on the Macs you take care of, it’s a good idea to create one. Just make sure it has a strong password that you’ll remember.

Reset the Password Using an Apple ID

What if there is no other admin account available? You can use the Apple ID associated with the account in question to reset the admin password, but only if these conditions are true:

  • You know the Apple ID’s email address and password. If you don’t know the password, but you have access to the email address, you can reset the password at Apple’s Apple ID page.
  • The “Allow user to reset password using Apple ID” checkbox in System Preferences > Users & Groups must be selected. This setting won’t appear if FileVault is enabled. The setting to reset your password with your Apple ID.

To get to the point in the login process where you can reset the password, click the question mark that appears on the right side of the password field or just try to log in three times. After the third failed login attempt, the Mac will prompt you with the password reminder, if one is set, and give you the option of resetting the password using your Apple ID.

Resetting a password from the login screen.
To reset your macOS account’s password with your Apple ID, start by clicking the circled triangle in the popover.

Then enter the Apple ID email address and password and follow the onscreen instructions.

Reset the Password Using the Reset Password Assistant

If the “Allow user to reset password using Apple ID” option isn’t enabled, or the previous method doesn’t work, there’s still a way to use Apple ID credentials to reset the admin password. You’ll need to use Apple’s Reset Password assistant, which requires that you reboot into macOS Recovery and use Terminal:

  1. To enter macOS Recovery, restart the Mac. As it’s starting up, press and hold Command-R until you see the Apple logo, at which point you can let go.
  2. Once in macOS Recovery, ignore the main window and choose Utilities > Terminal, which opens a Terminal window.
  3. In that window, type resetpassword and press Return to open the Reset Password assistant.

Either way, once you’re in the Reset Password assistant, select “I Forgot My Password” and click Next.

The Reset Password assistant.

If the account for which you wish to reset the password is a standard account, rather than an admin account, all you have to do is enter a new password.

For an admin account, you’ll instead have to enter the password for the account’s associated Apple ID. (If you don’t know it, you can click “Forgot Apple ID or password?” to move on to the Apple ID recovery process, which may require your trusted phone numbers.) Once you have entered the necessary password, you may be prompted for a two-factor authentication verification code, which will arrive on another device connected to that Apple ID. (If the Mac is your only Apple device, you should be able to receive the code from a phone call or SMS text message.) Finally, you’ll get to a screen where you can enter a new password and password hint.

What If You Use FileVault?

FileVault encrypts the Mac’s boot volume, making it readable only after the appropriate login credentials are entered, typically those of the primary admin account. The process for resetting the admin password changes a bit if FileVault is turned on because FileVault eliminates the option to reset the password with Apple ID credentials.

Fortunately, the method remains simple: enter a random password three times at the login screen, after which you’ll be prompted to reset the password using your Apple ID or recovery key.

Apple notes that you may still have trouble logging in with the new password after all this, and if so, suggests that you use the Reset Password assistant to reset the password again, using the “My password doesn’t work when logging in” option and following the subsequent instructions.

I hope your FileVault recovery key is stored in a safe place, like 1Password or LastPass! If it wasn’t saved or you can’t access it, you may want to turn off FileVault before you get into a situation where you can’t log into the Mac. In my experience, it’s easier to back up the drive, erase it, and then restore it, than it is to turn off FileVault.

Dealing with the Keychain

The keychain is an encrypted container associated with each user account that stores login credentials for apps, network servers, AirPort base stations, and Web sites accessed in Safari. It’s easy to forget about the keychain because it is typically protected by the same password used to log in to the account. As a result, resetting the password for an admin account means that you can no longer access the keychain for that account. Sorry, but there’s no way to recover that information.

After resetting the admin password and logging in again, you will likely receive an alert that macOS was unable to unlock your login keychain. Click Create New Keychain to start fresh. If you don’t receive the alert and have problems with the keychain, follow these steps to reset it:

  1. Open Keychain Access from /Applications/Utilities.
  2. Choose Keychain Access > Preferences and click Reset My Default Keychains, which creates a new keychain with no password. Resetting macOS keychains.
  3. Log out of the account by choosing Apple > Log Out Username.
  4. Log back into the account to tie the account password to the new keychain.

Don’t Reset Passwords Willy-Nilly

As you can see, there are a variety of ways that you can reset a lost or forgotten admin password and regain access to a Mac, although they all depend on knowing either another admin password or an Apple ID password.

However, don’t reset an admin password unless doing so is absolutely necessary because the login keychain will be lost in the process, and that will likely cause future annoyance.

If you’re not yet in this situation, take precautionary measures now! Be sure that your Macs’ passwords and any FileVault recovery keys are stored in secure locations that you—and other trusted users—can access easily. And of course, make sure to keep regular backups, which can help you recover from a multitude of sins.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Three Ways to Reset a Lost Admin Password in High Sierra

Notable Replies

  1. The Terminal version appears to be different—and more secure—than with previous versions of macOS. Heretofore the password assistant merely required you to select an account and you could create a new password. As well, when you logged in the the new password you could convert the old keychain if you remembered the old password. Of course, if you don’t remember the old password, as is usually the case if you are creating a new one, then you have to create a new keychain. Which might not be a bad idea if you want to delete accumulated chuff: Old passwords you don’t use any more. Then you’ll have to return to your current secure accounts and create new keychain entries for them, when prompted. High Sierra seems a bit harder to get in to.

  2. Thanks for the article. Is there a way to reset the keychain password without losing all the stored info? I know admin user account and keychain passwords, but they are no the same (I changed admin account password several OS versions ago but that change never happened to keychain password). Is the keychain password machine specific? Asynchrony may be an artifact of the fact that I share keychain in iCloud settings, and I don’t want to mess that up.

  3. Yes, you can use Keychain Access.app to change a keychain’s password if you know the current password; select the keychain, go to the Edit menu. You should have multiple keychains listed, ‘login’ is probably the one you want to change but there are probably others.

    The keychain’s password is within the keychain file, it’s not machine specific.

Join the discussion in the TidBITS Discourse forum

Participants