As part of the built-in security of macOS Sierra, users are required to enter a password when logging onto a Mac. Security experts suggest that passwords be changed on a regular basis to make it harder for those passwords to be guessed or stolen, yet many Mac users go for years using the same passwords. Today we’ll take a look at just how easy it is to change a macOS password, as well as how to reset the password if it is lost or forgotten.Changing the Password
First, let’s look at how to change a password in macOS Sierra. Once you’ve logged onto your Mac, launch System Preferences from the Dock or by selecting System Preferences from the Apple menu. Next, click on Users & Groups, which is located at the far left of the fourth row of preference buttons. The Users & Groups preference pane appears (see image below):

The Users & Groups Preference Pane

(The Users & Groups Preference Pane)

Each Mac can have multiple users, all of whom see a separate identity, apps, and files when they log into the Mac with their password. Many Mac owners are the sole users of their device, meaning that they’re usually the user and the administrator of the device. Having the administrative “powers” means that the user can change many settings on the Mac that are out of reach for regular or guest users.

In this case, we’re only interested in the current user and changing his or her password. Click the Change Password button seen to the right of the user’s photo above, and a password change dialog appears (see image below):

Change password dialog

(Change password dialog)

Type in the existing (old) password, the new password you’ve chosen, and then type the new password again in the “Verify” field. If you can’t think of a password, clicking that key button next to “New password” brings up the Password Assistant, which we touched on briefly in this week’s earlier post about macOS Sierra Keychain. Password assistant can suggest passwords that are memorable (easily remembered), a random list of letters and numbers (not very easily remembered, but hard to guess), numbers only (tip – do not use a phone number), random (very hard to remember, includes punctuation symbols), or FIPS-181 compliant passwords (almost impossible to remember).

Password Assistant provides a visual indication of the quality of the password — that is, how hard it would be for someone else to guess that password. Green indicates that the password is high quality, yellow indicates that it’s easier for someone to guess, while red indicates a password that you shouldn’t be using.

Password Assistant

(Password Assistant)

Creating an Easily-Remembered, Hard-To-Guess Password
One mental algorithm that is popular for generating your own easily-remembered, but hard-to-guess passwords is to take two or more words, connect them with punctuation marks, and add numbers at the beginning or end. As an example, let’s say that our hypothetical Mac user changed from Olympus cameras to Canon in 2007. An easy-to-remember password could be “Olympus->Canon07”. Typing that password into Password Assistant under “Manual” shows that to be a high quality password (see image above), and it would be difficult to guess at 16 case-sensitive characters.

Other examples of this algorithm would be “2014Fishing&Beach” or “19Twins-Lorraine&Brian72”. All of these are long passwords, but fairly easy to remember as they merge a year and an event that only you (or perhaps a few loved ones) might know.

Once you’ve selected your password and entered it in both the New password and Verify fields, it’s a good idea to enter a password hint in the appropriate field. macOS Sierra uses that to jog your memory if you mistype the password. Click the Change Password button, and your old password is gone forever, replaced by the new one you just entered.

Resetting a Password Using Apple ID
It’s possible to reset a password on a Mac using an Apple ID. However, this is something that needs to be set up prior to being able to actually do it.

On the Users & Groups preference pane seen in the top screenshot in this post, you can see a lock icon with the words “Click the lock to make changes” next to it. Clicking that brings up a dialog that —  you guessed it — asks for your password so that you can actually make a system preference change. The current user’s name is already entered, you just need to type in the current password and click the Unlock button.

Once you’ve unlocked the preference pane, check the box next to “Allow user to reset password using Apple ID” (see image below), then click the lock button at the bottom of the Users & Groups preferences to prevent further changes.

Check the box allowing a user to reset password using Apple ID

(Check the box allowing a user to reset password using Apple ID)

Now, let’s say that you’ve been on a long trip for three months without your Mac, and upon your return you realize that you don’t remember what the password was. At the login screen, just keep trying to enter the password with your best guesses, and after three attempts, macOS displays a message that says that you can reset your password using Apple ID. If that message doesn’t appear, then you didn’t previously set up macOS to allow you to reset the Mac password with your Apple ID.

When it does appear, click the small arrow next to the Apple ID message, then follow the onscreen instructions that take you through entering your Apple ID and creating a new password. Once you’re done with the process, you’ll be asked to restart the Mac and log in with the new password.

Note that when you reset a password and log back into the Mac, you might see an alert message stating that the system is unable to unlock your login keychain. That’s actually something expected, since your new password and the one that was created for the login keychain no longer match. The best way to resolve this issue is to just create a new login keychain by clicking the Create New Keychain button that appears on the alert.

This may happen at other times when the system tries to use your old password from the old login keychain to perform some administrative task. If that happens, you can go back to our old friend the Keychain Access app, select “Change Password for Keychain ‘login’ ” from the Edit menu, and enter both the old and new passwords. This is the preferred method, since it retains all of the items saved in your previous macOS login keychain while using the new password. If you create a new keychain, the keychain rebuild itself each time you enter a password into an app or website, or your Mac encounters a security certificate.