Skip to main content
This guide applies to Mac computers

About Password Reset

Resetting a macOS user password requires different approaches depending on whether FileVault disk encryption is enabled. When FileVault is enabled, you’ll need the FileVault recovery key to reset passwords. When FileVault is disabled, you can use macOS Recovery to reset passwords directly.

How It Works

Password reset works differently based on FileVault status. With FileVault enabled, the startup disk is encrypted and macOS isn’t running at the login screen, so remote password reset isn’t possible. You must use the FileVault recovery key at the login window or in macOS Recovery. Without FileVault, you can use Terminal in macOS Recovery to reset passwords directly.
When using Passport, there are specific steps to follow when resetting passwords. For more information, see the Managing Passwords with Passport article.

If FileVault 2 is Enabled

If FileVault is turned on and you have a FileVault recovery key, you can use that key to reset the password at the FileVault login window or in macOS Recovery.

FileVault Login Window

At the FileVault login window, use the following steps to reset the password with your FileVault recovery key.
1

Click question mark

Click the question mark next to the password field. You may see a password hint (if you set one) or one of the following messages:
  • Restart and show password reset options
  • Reset it using your Apple ID
  • Reset it using your recovery key
2

Enter wrong password three times (if needed)

If you do not see a reset message or question mark, enter an incorrect password up to three times and look again for the question mark or arrow next to the message.
3

Click recovery key option

When the option to reset using your recovery key appears, click it (or the arrow next to the message).
4

Enter FileVault recovery key

Enter the FileVault recovery key in uppercase, including the hyphens.
5

Follow on-screen instructions

Follow the on-screen instructions to set a new password.
6

Log in with new password

Log in with the new password. You may need to reset the keychain after logging in.

macOS Recovery

If you are unable to reset the password at the FileVault login window, boot the Mac into macOS Recovery.
  • Apple silicon: Turn on your Mac and continue to press and hold the power button until you see the startup options window. Select the gear icon labeled Options, then click Continue.
  • Intel processor: Turn on your Mac and immediately press and hold Command (⌘)-R until you see an Apple logo or other image.
If you’re asked to select an admin user you know the password for, click Forgot all passwords? and proceed as described below.
1

Enter FileVault recovery key

Enter your FileVault recovery key.
2

Click Reset Password

When prompted to reset your password, click Reset Password.
3

Select user

Select a user to reset the password for.
4

Exit after authentication

After successfully authenticating, click Exit.
5

Restart Mac

Choose Apple menu > Restart. Password reset is now complete, so you don’t need to take additional steps.

Why can’t Iru Endpoint just reset the password remotely?

FileVault works by encrypting the full startup disk of the Mac. When you are at the FileVault login window, the macOS startup disk is not yet unlocked. Therefore macOS is not yet running or connected to the internet to receive any MDM or agent communication. To find the FileVault recovery key:
1

Access Device Action Menu

On the device record for the Mac, click the Device Action Menu.
2

View FileVault recovery key

From the drop-down, select View FileVault2 recovery key.

If FileVault 2 is not Enabled

If FileVault is not turned on, you can use Terminal in the recovery partition to reset an account password.
1

Boot into macOS Recovery

Boot your device into macOS Recovery.
  • Apple silicon: Turn on your Mac and continue to press and hold the power button until you see the startup options window. Select the gear icon labeled Options, then click Continue.
  • Intel processor: Turn on your Mac and immediately press and hold Command (⌘)-R until you see an Apple logo or other image.
2

Open Terminal

Once you see the macOS Utilities window, choose Utilities from the menu bar, then choose Terminal.
3

Run resetpassword command

In Terminal, type resetpassword and press Return.
4

Deactivate Mac

At the Reset Password window, click Deactivate Mac, then click Deactivate to confirm.
5

Handle Activation Lock (if needed)

If you see an Activation Lock window, enter your Apple ID email and password, then click Next.

If You Can’t Log In After a Password Reset

If you can authenticate at the FileVault login window but are then asked to log in again at the standard login window, the local account may be locked due to incorrect password attempts. It can be unlocked via MDM.

Select the Unlock User Account Command

1

Access Device Action Menu

On the device record for the Mac, click the Device Action Menu.
2

Select Unlock user account

From the drop-down, select Unlock user account.

Unlock User Account

1

Enter account short name

Enter the short name of the account to unlock. (Check the Details page for a list of usernames.)
2

Unlock user account

Click Unlock User to send the command.