Photo by Masaaki Komori
More than four years ago, Alicia Katz Pollock wrote “Five Ways to Reset a Lost Administrator Password” (17 January 2014), and through the vagaries of Google’s search algorithm, it remains our most popular article to this day. Apparently, lots of people forget their macOS passwords or need to help friends or clients who have lost their passwords.
Unfortunately, that article is long past its shelf life, so here’s a current guide to resetting an admin password in macOS 10.13 High Sierra. As before, you can accomplish this task in a variety of ways, depending on how the Mac in question was set up and what information you know.
Reset the Password from Another Admin Account
The best-case scenario is that there is another admin account on the Mac for which the password is available. If that’s true, you can log into that account and change the password for the locked account:
- Open System Preferences > Users & Groups.
- Select the locked account in the list at the left. (If necessary, click the lock at the bottom of the window and provide your admin credentials.)
- Click Reset Password.
- Enter the new password, verify it, and (optionally) include a password hint.
- Click Change Password.
The only problem with this method is if the locked-out account is logged in, you can’t modify it. The easy solution is to restart the Mac, log in with the admin account whose password you do know, and carry on from there. To forcibly log out the other user while rebooting, you have to enter an admin username and password.
If you don’t currently have an extra admin account on the Macs you take care of, it’s a good idea to create one. Just make sure it has a strong password that you’ll remember.
Reset the Password Using an Apple ID
What if there is no other admin account available? You can use the Apple ID associated with the account in question to reset the admin password, but only if these conditions are true:
- You know the Apple ID’s email address and password. If you don’t know the password, but you have access to the email address, you can reset the password at Apple’s Apple ID page.
- The “Allow user to reset password using Apple ID” checkbox in System Preferences > Users & Groups must be selected. This setting won’t appear if FileVault is enabled.
To get to the point in the login process where you can reset the password, click the question mark that appears on the right side of the password field or just try to log in three times. After the third failed login attempt, the Mac will prompt you with the password reminder, if one is set, and give you the option of resetting the password using your Apple ID.
Then enter the Apple ID email address and password and follow the onscreen instructions.
Reset the Password Using the Reset Password Assistant
If the “Allow user to reset password using Apple ID” option isn’t enabled, or the previous method doesn’t work, there’s still a way to use Apple ID credentials to reset the admin password. You’ll need to use Apple’s Reset Password assistant, which requires that you reboot into macOS Recovery and use Terminal:
- To enter macOS Recovery, restart the Mac. As it’s starting up, press and hold Command-R until you see the Apple logo, at which point you can let go.
- Once in macOS Recovery, ignore the main window and choose Utilities > Terminal, which opens a Terminal window.
- In that window, type
resetpasswordand press Return to open the Reset Password assistant.
Either way, once you’re in the Reset Password assistant, select “I Forgot My Password” and click Next.
If the account for which you wish to reset the password is a standard account, rather than an admin account, all you have to do is enter a new password.
For an admin account, you’ll instead have to enter the password for the account’s associated Apple ID. (If you don’t know it, you can click “Forgot Apple ID or password?” to move on to the Apple ID recovery process, which may require your trusted phone numbers.) Once you have entered the necessary password, you may be prompted for a two-factor authentication verification code, which will arrive on another device connected to that Apple ID. (If the Mac is your only Apple device, you should be able to receive the code from a phone call or SMS text message.) Finally, you’ll get to a screen where you can enter a new password and password hint.
What If You Use FileVault?
FileVault encrypts the Mac’s boot volume, making it readable only after the appropriate login credentials are entered, typically those of the primary admin account. The process for resetting the admin password changes a bit if FileVault is turned on because FileVault eliminates the option to reset the password with Apple ID credentials.
Fortunately, the method remains simple: enter a random password three times at the login screen, after which you’ll be prompted to reset the password using your Apple ID or recovery key.
Apple notes that you may still have trouble logging in with the new password after all this, and if so, suggests that you use the Reset Password assistant to reset the password again, using the “My password doesn’t work when logging in” option and following the subsequent instructions.
I hope your FileVault recovery key is stored in a safe place, like 1Password or LastPass! If it wasn’t saved or you can’t access it, you may want to turn off FileVault before you get into a situation where you can’t log into the Mac. In my experience, it’s easier to back up the drive, erase it, and then restore it, than it is to turn off FileVault.
Dealing with the Keychain
The keychain is an encrypted container associated with each user account that stores login credentials for apps, network servers, AirPort base stations, and Web sites accessed in Safari. It’s easy to forget about the keychain because it is typically protected by the same password used to log in to the account. As a result, resetting the password for an admin account means that you can no longer access the keychain for that account. Sorry, but there’s no way to recover that information.
After resetting the admin password and logging in again, you will likely receive an alert that macOS was unable to unlock your login keychain. Click Create New Keychain to start fresh. If you don’t receive the alert and have problems with the keychain, follow these steps to reset it:
- Open Keychain Access from
- Choose Keychain Access > Preferences and click Reset My Default Keychains, which creates a new keychain with no password.
- Log out of the account by choosing Apple > Log Out Username.
- Log back into the account to tie the account password to the new keychain.
Don’t Reset Passwords Willy-Nilly
As you can see, there are a variety of ways that you can reset a lost or forgotten admin password and regain access to a Mac, although they all depend on knowing either another admin password or an Apple ID password.
However, don’t reset an admin password unless doing so is absolutely necessary because the login keychain will be lost in the process, and that will likely cause future annoyance.
If you’re not yet in this situation, take precautionary measures now! Be sure that your Macs’ passwords and any FileVault recovery keys are stored in secure locations that you—and other trusted users—can access easily. And of course, make sure to keep regular backups, which can help you recover from a multitude of sins.