Reset a macOS User Password

By Lisa DeGrace

Learn how to reset a local account password in macOS

If FileVault 2 Is Enabled

If FileVault is turned on and you have a FileVault recovery key, you can use that key to reset the password.

  1. At the FileVault login window, keep entering an incorrect password until you see the message that you can reset your password using your FileVault recovery key. 
  2. Click the arrow icon next to that message; the password field should now request a recovery key.
  3. Enter the FileVault recovery key. (The letters in that key should be all uppercase; include the hyphens).
  4. Follow the instructions presented to reset the recovery password. 
  5. When logging back in, you may need to reset your keychain. 
Why can't Kandji just reset the password remotely?
FileVault works by encrypting the full startup disk of the Mac. When you are at the FileVault login window, the macOS startup disk is not yet unlocked. Therefore macOS is not yet running or connected to the internet to receive any kind of MDM or agent communication.

To find the FileVault recovery key:

  1. On the device record for the Mac, click the More button (ellipses).
  2. From the dropdown, select View FileVault2 Recovery Key.

If FileVault 2 Is Not Enabled

If FileVault is not turned on, you can use Terminal in the recovery partition to reset an account password. 

  1. Boot your device into macOS Recovery.
    • Apple silicon: Turn on your Mac and continue to press and hold the power button until you see the startup options window. Select the gear icon labeled Options, then click Continue.
    • Intel processor: Turn on your Mac and immediately press and hold Command (⌘)-R until you see an Apple logo or other image.
  2. Once you see the macOS Utilities window, choose Utilities from the menu bar, then choose Terminal.
  3. In Terminal, type resetpassword and press Return.
  4. A Reset Password Assistant window will open; follow the onscreen instructions to reset the password.

If You Can't Log In After a Password Reset

If you can authenticate at the FileVault login window but are then asked to log in again at the standard login window, the local account may be locked due to incorrect password attempts. It can be unlocked via MDM.

Select the Unlock User Account Command

  1. On the device record for the Mac, click the More button (ellipses).
  2. From the dropdown, select Unlock User Account.

Unlock User Account

  1. Enter the short name of the account to unlock. (Check the Details page for a list of usernames)
  2. Click Unlock User to send the command.