How to Change Your Microsoft Account Password (Step-by-Step)
Your Microsoft password is the key to everything — Outlook, OneDrive, Xbox, Microsoft 365, and Windows itself. Whether you've forgotten it, suspect it's been compromised, or just want a security refresh, changing it is straightforward once you know which path applies to your setup.
What Counts as a "Microsoft Password"?
Before diving into steps, it helps to clarify what you're actually changing. Microsoft uses a single account system — one email address and password that works across all Microsoft services. This is your Microsoft Account (MSA).
However, there's an important distinction:
- Microsoft Account password — the online credential tied to your email (e.g., @outlook.com, @hotmail.com, or any email you registered with Microsoft)
- Windows local account password — a password stored only on your PC, not connected to Microsoft's servers
- Work or school account password — managed by an organization through Azure Active Directory (Azure AD) or Microsoft Entra ID
The steps to change each one are different. Getting this wrong is the most common source of confusion. 🔑
How to Change a Personal Microsoft Account Password
This applies to most home users — anyone signed in with a personal email.
From the Microsoft Account Website (Any Device)
- Go to account.microsoft.com
- Sign in if prompted
- Select Security from the top navigation
- Click Change my password
- Enter your current password, then your new one twice
- Click Save
This method works from any browser — desktop, phone, or tablet — and the change takes effect across all your connected devices and services immediately.
From Windows Settings (Windows 10 / 11)
If you're signed into Windows with your Microsoft Account:
- Open Settings → Accounts → Sign-in options
- Under Password, click Change
- You'll be redirected to verify your identity first (often via email or authenticator app)
- Follow the prompts to set a new password
Note: Windows may ask you to update your PIN or Windows Hello setup after a password change, since those are linked to your account credentials.
How to Change a Windows Local Account Password
If your PC isn't connected to a Microsoft Account — you'll see your username only, not an email, at sign-in — you have a local account. Changes here stay on that device only.
- Open Settings → Accounts → Sign-in options
- Under Password, click Change
- Enter your current password, then your new password and a hint
- Click Next → Finish
You can also do this through Control Panel → User Accounts → Change your password, which some users find more familiar.
How to Reset a Forgotten Microsoft Account Password
If you can't remember your password at all:
- Go to account.microsoft.com and click Sign in
- Enter your email, then click Forgot my password
- Choose a verification method — Microsoft will send a code to your backup email, phone number, or authenticator app
- Enter the code and follow prompts to create a new password
Recovery options matter here. If you haven't set up a backup email or phone number, the recovery process becomes significantly harder. Microsoft may ask security questions or require you to verify your identity through a longer account recovery form.
Work or School Accounts: A Different Process 🏢
If your Microsoft login is through an employer, university, or organization, your password is not managed at account.microsoft.com. It's controlled by your organization's IT department.
Common paths for these accounts:
- Your organization may have a self-service password reset (SSPR) portal — often at a company-specific URL
- Some organizations use aka.ms/sspr (Microsoft's built-in SSPR tool)
- Others require you to contact IT directly or change the password on a domain-joined machine
Whether self-service resets are available — and how they work — depends entirely on what your IT team has configured. If you're unsure, your organization's help desk is the reliable starting point.
Factors That Affect How This Works for You
| Variable | Why It Matters |
|---|---|
| Account type (personal vs. work vs. local) | Determines which portal or settings panel applies |
| Recovery info on file | Affects whether you can self-reset or need account recovery |
| Device type (Windows, Mac, mobile) | Changes where to find settings menus |
| Multi-factor authentication (MFA) enabled | Adds a verification step but also adds protection |
| Single Sign-On (SSO) through an org | Means your IT policy controls password rules and reset options |
Password Requirements and Best Practices
Microsoft enforces minimum password requirements — typically at least 8 characters, mixing letters, numbers, and symbols — though organizational accounts may have stricter rules set by IT policy.
General best practices that apply regardless of account type:
- Avoid reusing passwords across services
- Use a passphrase (a string of unrelated words) rather than a short complex password — longer is stronger
- Enable two-step verification on your Microsoft Account if you haven't already — this is separate from your password but dramatically reduces the risk of unauthorized access
- Update your recovery information (backup email, phone) before you need it
The Variable That Changes Everything
The right process depends entirely on which type of Microsoft account you're working with and what recovery options you have in place. A personal account holder with a backup phone number on file can reset in two minutes. A work account user with no SSPR configured has a completely different experience. Someone who's never set up recovery options faces a more involved identity verification process.
Those variables — account type, recovery setup, and organizational policy — are what make this a question with more than one answer.