And The Password Is...

Reset your password

Use the steps below to reset your password from any trusted iPhone, iPad, iPod touch, or Mac. You can also use a friend or family member's iPhone, iPad, or iPod touch. If that doesn't work, you may not be signed into iCloud on an eligible device or have two-factor authentication enabled for your Apple ID. Follow these steps instead.

And The Password Is.. Password

This tool is for educational purposes only. Recommendations made by this tool to improve password strength are generally safe but not infallible. Any password submitted here is not stored or transmitted. We can help you reset your password and security info. First, enter your Microsoft account and follow the instructions below.

On your iPhone, iPad, or iPod touch

And The Password Is From Game Show

To see the password that will be saved, click Preview. If there are multiple passwords on the page, click the Down arrow. Choose the password you want saved. If your username is blank or incorrect, click the text box next to 'Username.' Enter the username you want saved. If you want to save a different password, click the text box next to.

  1. Go to Settings.
  2. Tap [your name] > Password & Security > Change Password.
  3. If you are signed into iCloud and have a passcode enabled, you will be prompted to enter the passcode for your device.
  4. Follow the onscreen steps to update your password.

On your Mac

With macOS Catalina:

  1. Choose Apple menu  > System Preferences, then click Apple ID.
  2. Click Password & Security.
  3. If you're asked to enter your Apple ID password, click 'Forgot Apple ID or password' and follow the onscreen instructions. You can skip the final steps below.
  4. Click Change Password. Before you can reset your Apple ID password, you'll be required to enter the password you used to unlock your Mac.

With macOS Mojave, High Sierra, or Sierra:

  1. Choose Apple menu  > System Preferences, then click iCloud.
  2. Choose Account Details.
  3. If you're asked to enter your Apple ID password, click 'Forgot Apple ID or password' and follow the onscreen instructions. You can skip the final steps below.
  4. Click Security > Reset Password or Change Password. Before you can reset your Apple ID password, you'll be required to enter the password you used to unlock your Mac.

Use a trusted phone number, trusted email, or a recovery key

In some cases, you may be able to reset your password using a trusted phone number and trusted email. If you use a recovery key for account security, you can use it to help reset your password on your iPhone, iPad, or iPod touch. Learn more about using a recovery key.

If you can't access any of your devices

You can reset your Apple ID password on a friend or family member's iPhone, iPad, or iPod touch using the Apple Support app or the Find My iPhone app.

Use the Apple Support app

To reset your password using the Apple Support app on a friend or family member's iPhone, iPad, or iPod touch with iOS 12 or later, the device owner will need to download the Apple Support app.

Ask the device owner to open the App Store on their iPhone, iPad, or iPod touch, then search for Apple Support and download the app. Then open the Apple Support app and follow these steps:

  1. Under Topics, tap Passwords & Security.
  2. Tap Reset Apple ID password.
  3. Tap Get Started, then tap 'A different Apple ID.'
  4. Enter the Apple ID that you need to reset the password for.
  5. Tap Next, then follow the steps on your screen until you receive confirmation that your Apple ID password is changed.

Any information that you enter will not be stored on the device.

Use the Find My iPhone app

If your friend or family member uses iOS 9 through 12 and they can't download the Apple Support app, use the Find My iPhone app instead.

  1. Open the Find My iPhone app.
  2. When a Sign In screen appears, make sure the Apple ID field is empty. If you see someone else's user name, erase it.
  3. Tap Forgot Apple ID or Password, then follow the onscreen steps.

Don't see a Sign In screen? Tap Sign Out. After you sign out, make sure the Apple ID field is empty. Then tap Forgot Apple ID or Password, and follow the onscreen steps.

If you tried the previous steps or live in a country or region where Support App is not available, you can still reset your password and regain access to your account with account recovery. In some cases, you might have the option to speed up the account recovery process or reset your password immediately by verifying a six-digit code sent to your primary email address. Learn more about account recovery.

If you can't change or reset your password

If you tried the previous steps and were unable to change or reset your password, you may not be signed into iCloud on an eligible device or have two-factor authentication enabled for your Apple ID. You'll need to try these steps instead.

Accounts with or without security questions

  1. Go to your Apple ID account page and click 'Forgot Apple ID or password.'
  2. Enter your Apple ID. Did you forget your Apple ID?
  3. Select the option to reset your password, then choose Continue.
  4. Choose how to reset your password:
    • If you have an account with security questions set up, you can select 'Answer security questions' and follow the rest of the steps.
    • To get email instead, select 'Get an email.' To reset your password, use the email that we send to your primary or rescue email address. Didn't get the email?
    • If asked for a Recovery Key, use the steps for two-factor authentication or two-step verification instead.

After you reset your password, you'll be asked to sign in again with your new password. You also might need to update your password in Settings on your devices.

Accounts with two-step verification

  1. Go to your Apple ID account page and click 'Forgot Apple ID or password.'
  2. Enter your Apple ID, select the option to reset your password, then choose Continue. Did you forget your Apple ID?
  3. Enter your Recovery Key for two-step verification.*
  4. Choose a trusted device.* We'll send your device a verification code.
  5. Enter the verification code.
  6. Create a new password, then select Reset Password.

After you reset your password, you'll be asked to sign in again with your new password. You also might need to update your password in Settings on your devices.

Is..

* If you permanently lost your Recovery Key or access to your trusted device, you can't change your password.

Get more help

  • To reset your password, you need to know the email address for your Apple ID. Don't know the email address for your Apple ID?
  • If you still can't sign in with your Apple ID and password, make sure that you entered the correct Apple ID. In most cases, your Apple ID is also the primary email address of your Apple ID account.
  • In some cases, you might be able to speed up the account recovery process or reset your password immediately by verifying a six-digit code sent to your primary email address.
  • Still need help? Contact Apple Support.
-->

Applies to

  • Windows 10

Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password?On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like t758A! could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than a password, it's how it works.

Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password.

The Password Is Game Show

PIN is tied to the device

One important difference between a password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!

Even you can't use that PIN anywhere except on that specific device. If you want to sign in on multiple devices, you have to set up Hello on each device.

PIN is local to the device

A password is transmitted to the server -- it can be intercepted in transmission or stolen from a server. A PIN is local to the device -- it isn't transmitted anywhere and it isn't stored on the server.When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.

Note

For details on how Hello uses asymetric key pairs for authentication, see Windows Hello for Business.

PIN is backed by hardware

The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.

User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can't be stolen in cases where the identity provider or websites the user accesses have been compromised.

The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.

PIN can be complex

The Windows Hello for Business PIN is subject to the same set of IT management policies as a password, such as complexity, length, expiration, and history. Although we generally think of a PIN as a simple four-digit code, administrators can set policies for managed devices to require a PIN complexity similar to a password. You can require or block: special characters, uppercase characters, lowercase characters, and digits.

What if someone steals the laptop or phone?

To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user's biometrics or guess his or her PIN—and all of this must be done before TPM anti-hammering protection locks the device.You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins.

Configure BitLocker without TPM

  1. Use the Local Group Policy Editor (gpedit.msc) to enable the following policy:

    Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup

  2. In the policy option, select Allow BitLocker without a compatible TPM, and then click OK.

  3. Go to Control Panel > System and Security > BitLocker Drive Encryption and select the operating system drive to protect.Set account lockout threshold

  4. Use the Local Group Policy Editor (gpedit.msc) to enable the following policy:

    Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy > Account lockout threshold

  5. Set the number of invalid logon attempts to allow, and then click OK.

Why do you need a PIN to use biometrics?

Windows Hello enables biometric sign-in for Windows 10: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can't use your preferred biometric because of an injury or because the sensor is unavailable or not working properly.

If you only had a biometric sign-in configured and, for any reason, were unable to use that method to sign in, you would have to sign in using your account and password, which doesn't provide you the same level of protection as Hello.

Related topics