Back in late October I wrote 5 Mac OS X Security Tips You May Not Be Using, where I make the case to use a password on your account to log into your Mac.
How to reset your lost Mac password
But what about if you forget that password? The situation may be frustrating to say the least. You know your data is there, but for your life, you cannot remember what's your password and you're not able to access your own Mac. The feeling could be so frustrating that it could become anger.
First things first: DO NOT PANIC. If you loose your cool you may end up doing something you may regret later, like wiping clean your boot drive.
The good news is that in most cases*, if you have physical access to your Mac, you can reset your account password. In fact, you can reset any account password on your Mac in most cases*.
The "Easy Way"
The easy way is by logging into your Mac with another admin account, and from there resetting your other account's password.
- Log in to the Mac with an account that has administration privileges.
- From the System Preferences select "Users & Groups".
- From the list of users on the left, select the user you want to reset their password. If you cannot select a user, make sure you unlock the padlock at the bottom left of the Users & Groups system preferences.
- In the Password tab, click "Reset Password". This will provide you the opportunity to enter a new password and verify it, as well as entering a password hint.
Currently logged in as myself and able to reset the OS X Trainer account's password.
Having said the above, I recognize that the chances of having more than one admin account on your Mac are slim. If this option is not available, follow the Command Line method below.
The Command Line Method
This method is a bit more involved and requires you to type precise commands on the command line prompt, so I'd recommend you print this out. I've included screenshots of what you'd expect so see on screen for your reference.
Some general notes before you start:
- Be patient as you may need to try a couple of times if you make a mistake, so avoid getting frustrated. If for any reason this doesn't work, start over and make sure what you see on your screen looks similar to what you see on my screenshots.
- Make sure you enter the commands as they appear below. Use the screenshots as visual reference, specially when it comes to spaces. If there is a typo the commands won't work and you'll have to try again.
- Mind you that in the command line your only interface with the Mac is the keyboard, so your mouse, trackpad or other pointing devices will not work while in Single User mode.
Ready? Let's get started!
1. Boot up the Mac in Single User mode
Reboot your Mac and as soon as you hear the boot chime hold the Command-S keys. If you don't hear the boot chime probably the volume on your Mac was turned down prior to rebooting or you have something plugged in to the audio output, like a headset or earbuds. Booting holding Command-S will not show the typical Mac interface, but rather you'll see a series of text messages showing you the boot process. After a few seconds of scrolling text, you'll end up at the command line prompt, which looks like this:
You should see :/ root# at the bottom of the screen. That is the the command line prompt and the white rectangle is the cursor.
2. Mount the system drive with writing access so we can modify its contents
Enter the following text and hitting the Return key on your keyboard:
mount -uw /
Type the command as it appears and press the Return key on your keyboard after the slash.
3. Load Open Directory
If you're running OS X 10.6 Snow Leopard or earlier, skip this step. But if you're using 10.7 (Lion), 10.8 (Mountain Lion), 10.9 (Mavericks), 10.10 (Yosemite), or newer, then type the following long command:
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
Press Return on your keyboard after this command.
This will load Open Directory giving us access to the users on the system, but if it worked, the Mac will not give you any feedback.
4. Find the short name of the account to reset
Next you'll have to find out the short name of the user you need to reset. If you already know the short name of your account, you can skip this step. To find out the short names of the users on the system enter the following command:
ls -l /Users
The -l modifier will show each entry as one line, making it a bit easier to read.
You will see a list of all the users on the Mac and hopefully it would be clear to you which is the one you want to reset its password next. Note the spelling of the short name for the account you want to reset the password; you'll use it in the next step.
In my example you can see my "fschiavo" and "osxtrainer" users listed.
5. Set a new password.
Here's where you actually set a new password using the "Directory Service" command line utility and the path to the user account noted in step 4. Enter the following command:
dscl . -passwd /Users/shortname password
And replace "shortname" with the account name you noted in step 4 and "password" with what you want to set. For example, if the user I want to modify is "osxtrainer", and the new password I want to set is "N3wY3ar2015" it would look like this (note the dot and space after "dscl" and space):
dscl . -passwd /Users/osxtrainer N3wY3ar2015
Here the "osxtrainer" account is getting "N3wY3ar2015" as the new password.
If you get the following message you can disregard it:
launchctl: Couldn't stat("/System/Library/LaunchDaemons/com.apple.DirectoryServicesLocal.plist"): No such file or directory nothing found to load
6. Restart the Mac from the command line.
Simply enter the reboot command:
After you hit Return after the reboot command your Mac should restart.
Once the Mac boots up again you should be able to log in to the account you just reset using the password you entered in step 5.
You'll be asked to create a new login keychain.
If for any reason the password you tried to set in step 5, start over by rebooting and following from step 1 again.
As soon as you try to log in with the new password you will be prompted to reset the "login keychain". Since you don't have the original password for the login keychain, click "Create New Keychain".
* Note: If you used FileVault 2 to encrypt the disk, you will not be able to reset your administration password unless you're able to decrypt the disk with another admin account. If you cannot unlock FileVault 2, your only recourse will be to format the hard drive, losing all its data, and installing a fresh OS.
** If you don't know that Firmware or EFI Password is, don't worry about this note. But if you used Firmware Password to set an EFI password to only allow booting from the internal storage device you will first need to enter the firmware password before you boot in Safe Mode. If you don't remember the Firmware Password or you cannot dismiss the Firmware Password dialogue, you will need to take your Mac to an Apple Authorized Service Provider (like your local Apple Store if one exists). Refer to this tech note: http://support.apple.com/en-us/HT203409