Reset a macOS User Password

Learn how to reset a macOS Local Account password.

If FileVault 2 is Enabled

If FileVault is turned on and you have a FileVault Recovery Key, you can use that key to reset your password.

  1. At the FileVault Login Window, keep entering an incorrect password until you see the helper message that you can reset your password using your FileVault Recovery Key. 
  2. Click the arrow icon next to the message, the password field should now request a Recovery Key.
  3. Enter the FileVault Recovery Key (The Recovery Key should be all upper case and include the hyphens).
  4. Follow the instructions presented to reset the recovery password. 
  5. When logging back in, you may need to reset your Keychain. 

Why can't Kandji just reset the password remotely? 

FileVault works by encrypting the full startup disk of the Mac. When you are at the FileVault Login Window, the macOS startup disk is not yet unlocked, therefore macOS is not yet running & connected to the internet to receive any kind of MDM or Agent communication. 

Where can I find the FileVault Recovery Key

Learn where to retrieve the FileVault Recovery Key for a device in Kandji

  1. On the device record for the Mac, select the ellipses.
  2. From the Device Action Menu dropdown, select view FileVault Recovery Key.



If FileVault 2 is not Enabled

If FileVault is not turned on, you can use Terminal in the recovery partition to reset an account password. 

  1. Restart or turn on the Mac, then immediately press and hold down the Command + R  keys.
  2. Once you see the macOS utilities window, choose Utilities from the menu bar then choose Terminal.
  3. In Terminal type resetpassword then press Return on the keyboard.
  4. The Reset Password Assistant window will open, follow the onscreen instructions to reset the password.


Still unable to log in after a password reset? 

If you are able to authenticate at the FileVault Login Window, but then are asked to log in again at the standard login window, the local account may be locked due to incorrect password attempts and will need to be unlocked for further attempts via MDM.

Select the Unlock User Account Command

  1. On the device record for the Mac, select the ellipses.
  2. From the Device Action Menu dropdown, select Unlock User Account.


Unlock the User Account

  1. Enter the Username of the account to unlock.
    (Check the details page for a list of usernames)
  2. Select the Unlock User button to send the command.