You sit down at your Windows PC and the password simply won't come to mind. It happens to everyone — and there's no need to panic. The right reset method depends almost entirely on what type of account you're signed in with: a Microsoft account, a local account, or a work or school account. Identify your account type first, and the path forward becomes clear. This guide covers Windows 11 (up to 24H2) and Windows 10, walking through every scenario: forgotten passwords, forgotten PINs, BitLocker recovery keys, and — as a last resort — factory resetting your PC.
Windows Hello (face recognition and fingerprint) users will find guidance here too. Even if you've exhausted every obvious option, read through to the end before giving up.
Table of Contents
- Step one: identify your account type
- Resetting a Microsoft account password
- Resetting a local account password
- What to do when you forget your PIN
- Resetting with a Windows installation media (advanced)
- When Windows asks for a BitLocker recovery key
- Last resort: resetting your PC to factory defaults
- Frequently asked questions
- Summary: the fastest path for every situation
Step one: identify your account type
Choosing the wrong reset method wastes time — and in some cases can make recovery harder. The single most important thing you can do before trying anything else is confirm which type of account is on your PC.
Microsoft account vs. local account vs. work or school account
Windows supports three main account types:
- Microsoft account — An online account linked to an email address such as @outlook.com, @hotmail.com, @live.com, or even a Gmail or Yahoo address. It connects to OneDrive, Microsoft 365, and the Microsoft Store. You can reset the password from any web browser, even on a different device. Windows 11 Home editions now require a Microsoft account during setup by default.
- Local account — An offline account that exists only on your PC. The sign-in screen shows a username (for example, "User" or your chosen name) rather than an email address. Because the password is stored locally, you cannot reset it through a website.
- Work or school account (Azure AD / Microsoft Entra ID) — An account managed by your company or school, typically in email format (for example, [email protected]). Even though it looks like an email address, your employer's IT department controls password resets, and your options are limited.
Reading the clues on the sign-in screen
The sign-in screen gives you several hints about which account type you have:
- An email address is displayed (for example, j*****@gmail.com) — most likely a Microsoft account
- Only a username is displayed (for example, "User" or a name you chose) — most likely a local account
- A "Password hint" link appears below the password field — local account with security questions configured
- "Sign-in options" is visible below the password field — Windows Hello (PIN, face, or fingerprint) is enrolled
Reset options at a glance
| Account type | Reset via web | Security questions | Admin can reset | Installation media |
|---|---|---|---|---|
| Microsoft account | Yes (recommended) | N/A | N/A | Caution: BitLocker |
| Local account | No | Yes, if configured | Yes, if another admin exists | Yes (at your own risk) |
| Work or school account | Depends on IT policy | N/A | Contact IT helpdesk | Not recommended |
Resetting a Microsoft account password
Microsoft account passwords are managed online, which means you can reset yours from any smartphone, tablet, or other computer — no access to the locked PC required.
Reset via the Microsoft account website
Use a smartphone, tablet, or another PC to complete the following steps:
- Open a browser and go to https://account.live.com/password/reset
- Select "I forgot my password" and click Next
- Enter the email address or phone number associated with your Microsoft account
- Complete the CAPTCHA challenge
- Choose an identity verification method (see below)
- Enter the verification code sent to you
- Set a new password
These steps are identical for Windows 11 and Windows 10. Once the reset is complete, enter the new password on your locked PC's sign-in screen.
Identity verification methods
Microsoft will ask you to verify your identity using one of the following:
- Email verification code — a six-digit code sent to your backup email address. This is the most common option.
- Text message (SMS) verification code — sent to your registered phone number
- Microsoft Authenticator app approval — if you have the Microsoft Authenticator app on your phone, you can approve the request with a single tap
If you have access to any one of these contact methods, select it and proceed.
If you have no recovery contact on file
If you never added a backup email or phone number to your account, you won't receive a verification code. In that case, use the account recovery form:
- On the password reset page, select "I don't have any of these" or "Use a different verification option"
- Choose "Get help from Microsoft" or navigate to the account recovery request
- Fill in as many details as you can: previous passwords you remember, the date the account was created, email addresses you've sent messages to, and so on
- Submit the form. Microsoft's team will review the request and email you their decision within a few days.
Recovery through this form is not guaranteed and can take time. The best preventive measure is to add at least one backup email and one phone number to your Microsoft account now, before you need them.
Applying the new password on your PC
Because a Microsoft account password is verified online, your PC must be connected to the internet when you sign in with the new password.
- If the PC isn't connected, Windows may fall back to a cached version of the old password
- Connect via Ethernet, home Wi-Fi, or your phone's mobile hotspot
- On most PCs, a network icon appears in the bottom-right corner of the sign-in screen — you can connect to Wi-Fi from there before entering your password
Resetting a local account password
A local account password is stored only on the PC, so there is no web-based reset option. Your two main avenues are security questions on the sign-in screen and resetting the password from another administrator account on the same PC.
Using security questions (Windows 11 / 10)
If you configured security questions when you created the local account, you can recover access directly from the sign-in screen:
- Type an incorrect password and press Enter
- After the "The password is incorrect" message, look for a "Reset password" link and click it
- Answer all three security questions correctly
- You'll be taken to a screen where you can enter a new password
- Enter and confirm the new password, then click Next
If the "Reset password" link doesn't appear, security questions were not configured — or Windows may be treating the account as a Microsoft account.
Windows 11 note: Windows 11 Home increasingly pushes users to sign in with a Microsoft account during setup, so it's possible your account is a Microsoft account even if you thought it was local. Check whether an email address appears on the sign-in screen to confirm.
Resetting from another administrator account
If another administrator account exists on the same PC, you can use it to reset the forgotten password.
Option A: Computer Management (GUI)
- Sign in to the other administrator account
- Right-click Start and open Computer Management
- In the left panel, expand Local Users and Groups, then click Users
- Right-click the affected username and choose Set Password…
- Read the warning and click Proceed, then enter and confirm the new password and click OK
Option B: Command Prompt with net user
- Sign in to the other administrator account, then right-click Start and open Windows Terminal (Admin) or Command Prompt (Admin)
- List existing accounts:
net user - Set the new password, replacing username and newpassword with your own values:
net user username newpassword - If you see "The command completed successfully," the reset is done
Windows 11 Home note: Computer Management may not show Local Users and Groups on Windows 11 Home editions. Use the net user command instead.
When there is no other administrator account
Without another admin account and without security questions, your options narrow significantly:
- Installation media method (advanced) — covered in the next section. It involves temporarily replacing a system file and should be treated as a last resort before factory reset.
- Factory reset — available from the sign-in screen in most cases. Details in the final sections below.
What to do when you forget your PIN
Windows 10 and 11 let you sign in with a 4–6 digit numeric PIN (or a more complex alphanumeric PIN). A PIN is a separate credential from your password, and resetting it follows a different path.
"I forgot my PIN" — resetting via your Microsoft account password
If your PC uses a Microsoft account, you can reset a forgotten PIN as long as you remember your Microsoft account password:
- On the sign-in screen, click "I forgot my PIN" (shown below the PIN entry field)
- When prompted, click Continue
- Enter your Microsoft account password to verify your identity
- Once verified, a screen appears to set a new PIN
- Enter and confirm your new PIN, then click OK
If the "I forgot my PIN" link isn't visible, click Sign-in options and switch to the password method (the key icon), then sign in with your Microsoft account password and reset the PIN from Settings afterward.
Fully removing and recreating your PIN (Settings → Sign-in options)
If you're already signed in to Windows, you can manage your PIN from Settings:
- Open Start → Settings (the gear icon)
- Go to Accounts → Sign-in options
- Click PIN (Windows Hello) to expand it
- Windows 11: click "I forgot my PIN" or Remove → verify with your Microsoft account password → set a new PIN
- Windows 10: click Remove → confirm the removal → click Add to set a new PIN
Signing in with Windows Hello biometrics and then resetting your PIN
Forgot your PIN but have face recognition or fingerprint set up on the same device? You can use those to get in:
- On the sign-in screen, click Sign-in options
- Select the face recognition or fingerprint icon
- Look at the camera or place your finger on the sensor to sign in
- Once you're in, go to Settings → Accounts → Sign-in options to set a new PIN
Resetting with a Windows installation media (advanced)
When security questions aren't set up and there's no other administrator account, there is still a way in — but it requires some technical confidence. This method boots your PC from a Windows installation USB drive and temporarily replaces a system file to open a command prompt with administrator privileges on the sign-in screen. Follow every step carefully, and restore the original file immediately after you've reset your password. Proceed at your own risk.
Booting from a USB installation drive
- On a different PC, download the Windows 11 or Windows 10 Media Creation Tool from Microsoft's website and create a bootable USB drive (8 GB or larger)
- Insert the USB drive into the locked PC
- Power on the PC and press the key for your boot menu as the manufacturer logo appears — commonly F2, F8, F10, F12, or Del (varies by manufacturer)
- Select the USB drive as the boot device
- When the Windows Setup screen appears, do not click "Install now"
Opening Command Prompt and replacing utilman.exe with cmd.exe
From the Windows Setup screen, launch a command prompt:
- Press Shift + F10 — a command prompt window opens
- Verify which drive letter Windows is installed on (it's often D: when booted from USB, not C:):
dir C:\Windows\System32\utilman.exe
If the file isn't found, try D:, E:, and so on until you locate the Windows folder. - Back up utilman.exe (the Ease of Access Center executable):
copy C:\Windows\System32\utilman.exe C:\Windows\System32\utilman.exe.bak - Replace utilman.exe with cmd.exe:
copy /y C:\Windows\System32\cmd.exe C:\Windows\System32\utilman.exe - Reboot the PC:
wpeutil reboot
Changing the password with the net user command
- Remove the USB drive so the PC boots normally to the Windows sign-in screen
- Click the Ease of Access icon in the bottom-right corner of the sign-in screen (the figure-of-a-person icon)
- Instead of the Ease of Access Center, a Command Prompt with administrator privileges opens — because you replaced the executable in the previous step
- List the accounts on the PC:
net user - Set the new password, replacing username and newpassword with your own values:
net user username newpassword - Close the Command Prompt and sign in with your new password
Restoring the original file after you're done
Leaving utilman.exe replaced is a significant security risk — anyone at the sign-in screen could open an admin Command Prompt without a password. Restore the original file as soon as you're signed in.
- Right-click Start and open Windows Terminal (Admin) or Command Prompt (Admin)
- Restore the backup:
copy /y C:\Windows\System32\utilman.exe.bak C:\Windows\System32\utilman.exe - Delete the backup file:
del C:\Windows\System32\utilman.exe.bak
BitLocker considerations
If BitLocker drive encryption is enabled on the PC, you'll be prompted to enter a BitLocker recovery key when the command prompt opens during setup. Without that key, you cannot access the drive and cannot proceed with the steps above. See the BitLocker section below for how to retrieve your recovery key.
When Windows asks for a BitLocker recovery key
Many modern Windows 11 and 10 devices — especially laptops and Surface devices — have BitLocker drive encryption enabled automatically at the factory. If you encounter a BitLocker recovery key prompt during any of the procedures above, here's how to find your key.
Finding your recovery key in your Microsoft account
If the PC was signed in to a Microsoft account, the BitLocker recovery key was most likely backed up to Microsoft's servers automatically:
- On a different device, go to https://account.microsoft.com/devices/recoverykey
- Sign in with the Microsoft account that was used on the locked PC
- Find the PC in the device list and click Show recovery key
- The 48-digit numeric recovery key is displayed
- Enter this key in the BitLocker recovery screen on the locked PC
Azure AD / Microsoft Entra ID-managed devices (work PCs)
On corporate-issued PCs managed through Azure AD or Microsoft Entra ID, the BitLocker recovery key is held by your organization's IT department — not by you. Contact your company's IT helpdesk and ask them to provide the recovery key for your device.
What happens if you don't have the recovery key
Without the recovery key, the data on a BitLocker-encrypted drive is inaccessible by design. That's the whole point of encryption.
- If the key was never saved to a Microsoft account, printed, or stored on a USB drive, recovery is effectively impossible
- You can still factory reset the PC — doing so will allow Windows to run again, but all data on the encrypted drive will be permanently lost
- This is why Microsoft recommends always keeping a copy of your recovery key in your Microsoft account, on a USB drive, or on a printed sheet stored somewhere safe
Last resort: resetting your PC to factory defaults
When every other option has failed, resetting Windows brings the PC back to a working state. Whether or not your personal files survive depends on which reset option you choose and whether BitLocker is involved.
Accessing "Reset this PC" from the sign-in screen
Windows 10 and 11 allow you to reset the PC without ever signing in:
- On the sign-in screen, click the Power icon in the bottom-right corner
- Hold the Shift key and click Restart
- When the "Choose an option" screen appears, select Troubleshoot
- Choose Reset this PC
- Select a data option and follow the on-screen instructions
This method requires the Windows Recovery Environment (WinRE) to be intact. If BitLocker is enabled, you may be asked for the recovery key partway through the process.
Keep my files vs. Remove everything
The reset wizard presents two options:
- "Keep my files" — Preserves files in your Documents, Pictures, Desktop, and similar user folders, while removing all installed apps and resetting Windows settings. The sign-in password is also reset. You'll need to reinstall all your applications after the reset.
- "Remove everything" — Wipes all user data and performs a clean reinstall of Windows. Use this when selling or disposing of a PC.
If you're keeping the PC, "Keep my files" lets you resolve the password problem while retaining your documents. However, if the account tied to the PC is a Microsoft account, Windows will ask you to sign in with that Microsoft account after the reset — so you'll still need to reset the Microsoft account password separately if you can't remember it.
Setting a new password after the reset completes
When the reset finishes, Windows launches its initial setup experience:
- Microsoft account users: sign in with the password you reset earlier via the Microsoft account website
- Setting up a new local account: choose an offline account option during setup, then enter a new username and password
- Take this opportunity to set up security questions for the local account — this gives you a quick recovery path the next time you forget your password
Frequently asked questions
What is a Password Reset Disk?
A Password Reset Disk is an official Windows feature that lets you save recovery information to a USB drive in advance. You create one through Control Panel → User Accounts → Create a password reset disk. If you ever forget your local account password, you can insert that USB drive on the sign-in screen and follow the prompts to reset it.
The key word is in advance: you must create the disk before you forget your password — it can't help you retroactively. It also only works with local accounts; Microsoft accounts are always reset through the web. One useful property: even if you change your password later, the same USB drive remains valid for future resets.
Should I use third-party tools like Ophcrack?
Tools like Ophcrack claim to crack or bypass Windows passwords, but we don't recommend them for several reasons:
- The NTLM password hashes used in Windows 10 and 11 are extremely slow to crack — realistically, modern passwords won't be cracked in a reasonable timeframe
- Even on your own PC, using such tools may be treated as unauthorized access under local laws
- Downloading these tools from unofficial sources carries a real risk of malware
The legitimate methods in this guide cover the vast majority of real-world scenarios. Try them first.
Forgot the password on a work PC — what do I do?
For company-issued PCs managed through Azure Active Directory, Microsoft Entra ID, or on-premises Active Directory, contact your company's IT helpdesk. This is not just the recommended approach — it's the only one that won't violate your organization's security policies.
- IT administrators can reset your password remotely in minutes
- Attempting to reset or reinstall Windows on a managed device without IT's knowledge may trigger a security alert or void your device warranty
- The BitLocker recovery key is also held by IT, so any attempt to boot from external media will hit a wall anyway
Can I retrieve my files without signing in?
In many cases, yes:
- Microsoft account users: any files synced to OneDrive can be downloaded from onedrive.com on any device — no access to the locked PC needed
- Local account, BitLocker off: removing the hard drive or SSD and connecting it to another PC (via a USB enclosure) usually lets you read the files directly, without signing in to any account
- BitLocker enabled, no recovery key: the drive is encrypted and the data is inaccessible — full stop
Tips for never forgetting your password again
- Add a backup email and phone to your Microsoft account — go to account.microsoft.com → Security → Security info. This is the single most impactful thing you can do.
- Set up security questions for local accounts — Settings → Accounts → Sign-in options
- Use a password manager — Bitwarden, iCloud Keychain, and similar tools store your passwords securely and fill them in automatically
- Use a PIN or Windows Hello biometrics — signing in daily with a PIN or fingerprint means you rarely need to type the full password, reducing the chance of forgetting it
- Back up your BitLocker recovery key — saving it to your Microsoft account is the easiest option; printing a copy and storing it safely is a good backup plan
Summary: the fastest path for every situation
The right reset method depends on your account type and what access you still have. Use the list below to jump straight to your situation:
- Forgot your Microsoft account password → Open https://account.live.com/password/reset on any device and follow the prompts. This is the fastest and most reliable path as long as you have internet access.
- Forgot your local account password and have security questions → Enter any wrong password, then click "Reset password" on the sign-in screen and answer your security questions.
- Forgot your local account password and another admin account exists → Sign in to the admin account and use Computer Management or the net user command to set a new password.
- Forgot your PIN → Click "I forgot my PIN" on the sign-in screen and verify with your Microsoft account password.
- Local account, no admin, no security questions → Use the installation media method (utilman.exe replacement). If BitLocker is on, you'll need the recovery key first.
- Nothing else has worked → Reset the PC from the sign-in screen. Choose "Keep my files" to preserve your documents if BitLocker is not enabled.
- Work or school PC → Call your IT helpdesk. This is the only option that keeps you on the right side of your organization's security policy.
The single best thing you can do right now — while you still have access to your PC — is to add a backup email address and phone number to your Microsoft account, set security questions on any local accounts, and confirm your BitLocker recovery key is saved somewhere safe. Five minutes of preparation today can save hours of frustration later.
