Resetting the password in Recovery Mode is a needed resolution for a few scenarios, but the primary reason we suggest this workflow is when a user is unable to decrypt FileVault and log in with a known-good password.
If you are looking to address exactly that, please first have the user try an older password. FileVault will only accept the SecureToken password, and if the user's password was reset improperly, the new password will not be registered with SecureToken, per se. More information on troubleshooting FileVault. Upon resetting the password in Recovery Mode, the user will be granted a SecureToken.
If the older password doesn't work, continue with the following which requires booting up into Recovery Mode. There are 2 options for Step 3.
- Knowing an Admin user password (Could be a temporary Admin created via Go-Live and cannot be the same user you're trying to reset the password for)
- Reset and change all the passwords on the device without needing Admin credentials (but they will create the password for any admins on the device).
For the following instructions, complete step 3a or step 3b, not both.
Step 1: Boot into Recovery Mode
Turn off the device in question and follow the steps below. Be sure to follow the steps relevant to this device's processor type.
Macs with Intel Processors
- Press the power button on the device
- Immediately press and hold Command + R until the recovery screen appears
Macs with Apple Silicon
- Press and hold the power button until you see a screen with the system volume and the options button.
- Select "Options" and click continue
Step 2: Reset password
Once the device boots into Recovery Mode, open Terminal from the Utilities dropdown and type in resetpassword, and click enter. After this click on the window behind the Terminal window.
Step 3: Option A
Select the temporary Admin user you know the password for, enter the password, click Continue. Now select the user you'd like to change the password for and click Next. Enter in the new password, click Next, and then Restart.
Step 3: Option B
Click Forgot all Passwords. If the device has an Apple Account signed in you will be presented with a deactivate Mac message. Click deactivate Mac, then click deactivate to confirm (if not already connected to WiFi use the WiFi icon on the top right to connect). If you see an Activation Lock window, enter your Apple Account information, then click next.
Set a new password for every user on the device, making a note of the password you set for your user (The other passwords can be anything and reset via GoLive as long as you're okay with them not being able to log into them via the FileVault login page). Then click Restart