Rescue Macs with lost admin passwords using Reset Password utility

Erik Eckel offers the solution to one of the most common Mac support questions -- how to reset a lost or forgotten user account password.

It's one of the most common Mac support calls my consulting office receives: how to crack the original password supplied when a Mac was first deployed. Because so many users utilize only a single primary user account, and set their Macs to automatically log in when booting, the password is ultimately forgotten. But then critical system updates or new application installation is held up because no one remembers the initial password entered when Setup Assistant was originally run.

Recovery from such a scenario is simple. Apple includes a Reset Password utility on the Mac OS X Install DVD that shipped with the computer.

Using the Reset Password utility

Begin by booting the Mac while depressing the C key. Then insert the Mac OS X Install DVD. The Mac OS X Installer will start. Click Utilities and choose Reset Password.

The Reset Password utility will open. Specify the volume containing the user account you wish to reset (by default most main Mac volumes are named Macintosh HD) and from the supplied user account drop-down menu, select the primary account that is inaccessible. Next you must enter and re-enter a new password within the provided fields, then click Save.

If you wish to reset permissions and access control lists (ACLs) for the user's Home folder, click the Reset button. Then exit the Mac OS X Installer and restart the Mac.

Require greater security?

Mac users particularly worried about security can prevent the Reset Password utility's use by leveraging the Firmware Password utility. Mac users can configure a firmware password and prevent others from starting the computer using a boot DVD or secondary operating system.

To enable Apple's Firmware Password, start from the Mac OS X Install DVD as with the Reset Password utility. Click Utilities and choose Firmware Password Utility. For Mac OS X Leopard and Snow Leopard users, the Firmware Password application will open. Check the box for Require Password To Start This Computer From Another Source. Enter the password within the Password field and enter the password a second time within the Verify field, then click OK. Confirm the operation, click the lock to prevent more changes and choose Quit to close the window.

Note that the method's not foolproof. Any local administrator user can log back on to the system and reverse the setting. Anyone with physical access to the computer can also circumvent the process, and removing the drive and connecting it to another system would likely result in the system's data being compromised.