Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I Know My Password Is Right, But I Can’t Sign In. What Do I Do?

What to consider when the system thinks otherwise.

If your password won't work and your secret questions are different, it's pretty clear what's happened and what you need to do.

Carefully typing your password

Question: Hi, my password has been the same for the last 10 years and suddenly I get a message that says password incorrect, what the hell? After a few attempts, it blocked all attempts and the question it asks is not what I filled in when I signed up. It asks me for my first dog’s name and I know that I did not fill that in. What do I do, do I just go to Gmail as most of my friends did when Hotmail started with their nonsense?!

I hear this one frequently: “I know my password is correct and yet it doesn’t work.”

This isn’t “nonsense” at all. What you think is your password isn’t your password.

It’s pretty clear what’s happened, so I’ll refer you to a number of my previous articles that might apply.

Update: there’s also a Google security change that might impact you if you use a desktop email program to access you Gmail account.

Become a Patron of Ask Leo! and go ad-free!


But my password is correct!

If you’re absolutely certain you’re entering the right password and username and your password still is not accepted, then it’s no longer the correct password. Somehow the password was changed — most likely by someone else. You need to treat it as a hacked account and attempt to regain access. Then you need to secure your account to make sure this doesn’t happen again.

First, the obvious

Please don’t be offended — but take the time to make certain that you’re typing in the password you think you are. Perhaps type it into Notepad so you can see it, and then copy/paste it into the password field of the site or app.

CAPS LOCK is your enemy here, and it’s common to hear back from people who are somewhat embarrassed that it was the problem.

Also, please confirm that you’re typing the username or email address in properly. For example, if you type in the wrong email address as the user name, your correct password will not be the correct password for some other (or non-existent) account.

It’s (probably) a hack

If your typing is accurate and your user name is correct, the most likely scenario is that your account has been hacked.

Someone guessed or otherwise got your password and then changed it. Having done so, they also changed the recovery information — like your first dog’s name — associated with your account.

The password you’re convinced is correct is no longer the password to your account.

Hotmail (or, these days) is doing exactly the right thing: it’s telling you your password is incorrect because your password is incorrect.

What to do next

Your account is no longer your account. Your next step is to attempt to recover it. Email Hacked? 7 Things You Need to Do NOW covers the steps you need to take as soon as possible.

One of the more important points from that article is reiterated in Is Changing My Password Enough? The answer is no. Particularly since you’ve apparently had your recovery information changed, if you do regain access to your account, you need to review absolutely everything about it.

While I don’t have high hopes, if you’re having trouble, you can try reaching out to Microsoft’s customer service. How Do I Contact Customer Service? discusses your options.

And, for the record, I cannot help you directly. Would You Please Recover My Password? My Account Has Been Hacked or I’ve Forgotten It explains why, and reiterates what you need to do instead.


Once you’ve either recovered your account or created a new one, focus on keeping this from happening again.

12 Steps to Keep from Getting Your Account Hacked has an important and complete list of steps you need to take to prevent account loss.

Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet includes a more global list of steps to take to keep yourself safe online.

I will say that the fact you used the same password for 10 years probably didn’t help. That can make it easier for a hacker. Especially if you use the same password on other accounts (very bad idea), now would be the time to change it everywhere else also.

Do this

Start by doing everything you can to prevent this from happening again. Having your email account hacked is a pain, and can result in quite a bit of inconvenience and data loss.

Then, consider using a different account with better support options. You get what you pay for with free services, particularly when it comes to customer service and account recovery. Are Free Email Services Worth It? discusses the risks you run when using free services.

Finally, subscribe to Confident Computing, my weekly newsletter, for more tips and advice to keep your accounts and everything else secure. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio


50 comments on “I Know My Password Is Right, But I Can’t Sign In. What Do I Do?”

  1. To prevent this from happening in the future if you have a Hotmail or other account, there is what almost amounts to a silver bullet. Set up a recovery code from Microsoft and with this code, you will be able to recover a hacked account or get into it if it has been locked for another reason. I say almost a silver bullet because I don’t think you’d be able to use it if the hacker has requested a new one but I think it’s unlikely a hacker would go that far.

    People badmouth Microsoft email accounts but this recovery code feature probably makes it the most bulletproof of all the freemail providers. Their bad reputation is mainly because of serious shortcomings in the past which they’ve rectified.

    • The “recovery” program is the only reason you are able to log I to microsoft. Microsoft, Google Facebook, etc are all doing the same thing. With me it’s about synching all my devices and I won’t so they change my password and make it hard to get anything done. I’ve been battling these guys for over 10 years. E bay is the worst with all their analytics, and algorithms. they cause that a 5 minute listing turned a into over an hour looking up all the names, models, country of origin 5 times over, material, color, here’s the real laugh the “theme” which they make a requirement for me, I look at other listings and they have none of it! I will say that Microsoft is the easiest to deal with, of course they wrote the program. They take away my settings when I do something they don’t want me to and it gets wrote off as a virus. I had hundreds of giif these companies do not like thgabites of my family photos taken, never to return. They even delete programs I pay for. I paid for spybot and received 4 separate apps, which were very thorough. A week later all I have is the Microsoft shell that does nothing.

  2. Is there a “not free” email service, that is not related to the CURRENT Internet service Provider (SP ?
    A main reason of using “free email services” is having to change ISP.

  3. Poor article saying the user is wrong when I am correct. I had the account for a long period of time with the same password. Changed the password recently. The app is telling me the password is incorrect. I tried installing through another account and still tells me its wrong. I try to set up a new account just for the app and still tells me the account password is incorrect.

    • I changed the password on my phone recently because of strange things happening. I write my password before I enter it. I have never made a mistake since I’ve been writing them up until about 6 months ago. Little by little it kept getting worse. Now it never accepts my password and I refuse to keep playing that childish game. It seems like a punishment some times, I visit a site that is not on their list of “allowed” web sites. Does this sound familiar?

  4. Another thing to consider is that whatever you are trying to sign into has changed something on their end and you need to re-create your account.

    I had this happen the other day. I’ve been accessing weather(dot)com for longer than I can remember.
    The other day when I attempted to access it I was hit either disabling my ad blocker or signing in. Since I knew I had an account, I tried to sign in. no luck. After several attempts, I used the “forget password” link to reset my password. I was asked for my e-mail address so they could send me the reset link. I waited over an hour; no e-mail so I decided to recreate my account using my same e-mail address. Bingo! It work. If my account still was in their record, it probably would have said something about “that e-mail is in use”.
    So THEY deleted my account without my knowledge (this is not the first time TWC has done that!).

  5. This is a rare cause but just happened to me. I tried to log on to my mortgage site that I’ve been using for about a year with no problem. The last time I tried I got the “wrong username or password” error message although I knew everything was correct from LastPass. Long story short, the company had changed website providers & didn’t carry over any customer login information. I was told by their customer support that I needed to reregister my account again with the new website. After that everything was okay. It would have been helpful if the company had notified their customers of the change.

  6. My password works to log into my google account, but it doesn’t work to log into my computer. I am using an HP Chromebook. I can browse as a guest but can’t get into my computer. I know my password is correct. I suppose I could try variations on my password but how many tries do I get before I’m locked out completely?

    • Make absolutely certain that the email address specified for logging in to your Chromebook is exactly correct. Also make sure the device is connected to Wi-Fi. If not, and there was a password change, you might need to use the previous password to sign in, then correct the Wi-Fi setup to work.

  7. I wish it were just an incorrect password issue in my case, but I can prove it’s not just an incorrect password issue. I can easily prove this by using the ISP’s webmail portals and successfully logging in with the exact same passwords that Apple “Internet Accounts” rejects on 1 Macbook Pro. This works when I’m typing or doing a copy/paste. Plus I have 4 other Apple Devices all using the same email setup and those have not been throwing up incorrect password screens – I just get the email. It’s clearly a problem with the Mail application or issues in iCloud just not accepting the passwords to email for just 1 of my devices. I suppose I’ll keep looking for a solution or call Apple for assitance.

  8. It has absolutely happened to me that I knew for sure I had entered the correct password AND I also had saved the password on Google password manager and it turned out Google “remembered” the same password I did. Still didn’t work.

    So I clicked the “forgot password” and changed my password (i.e., the site emailed me with the link to do so) and the BRAND NEW password wouldn’t work. No, I didn’t type it incorrectly, and if THAT’s your answer, you’re simply wrong. And that site allowed me to make the password visible, so I could look at it and compare it to the password I had just set up before clicking “submit”.

    I.e., it’s a problem with the system, not with me typing the wrong password.

    Saying it doesn’t happen isn’t correct. It happens.

  9. I can’t login on Facebook today using the same password I was using yesterday neither I can reset nor I can get any notifications about what’s happening

  10. This article is not correct. Google loves to tell you that your password is wrong, when it is in fact correct. I have two factor authentication setup, and for some reason they don’t ask me what it is. Google is a massive pain with the password. I know for sure what it is, and they won’t log me in.

    • That sounds like a conspiracy theory. Gmail has a billion and a half users. If what you said were true, we’d be getting hundreds of complaints from Ask Leo! readers. Google has no desire to harm their reputation by deliberately locking people out of their accounts.

  11. I agree with Steve R. The exact same thing happened to me yesterday as well. I’ve been using the same passwords for a year now and Google will not auto-populate all of my saved passwords for some reason! Something is going on with the “Saved Password” feature. I’m not very techie so I’m not quite sure what to do. Please help!

    TX Darling

  12. What this article does not take into consideration is that sites sometimes WANT you to change your password periodically. So they make it look as if you are entering the incorrect password because, essentially, they think it is out of date. It has happened to me on many occasions. I really wish they would just be up front, like some are, and tell you that instead of making it look as if the error is yours.

  13. Well, logging in with smartphone or other laptops works, but on some other devices logging in does not work. Password is correct, because I am using a password manager and all devices are synced. Password is correct. But facebook is just plain shit and won’t let me log in on some devices. No specific reason, just facebook being shit.

    • I don’t know what the problem could be with your devices, but I’ve found Facebook to be the buggiest website I’ve ever visited. With the billions they are making, you’d think they’d work on their bugs. You can get away with that when you are a monopoly.

    • Try to change your password by where it works and put them manually.

      I can tell you Facebook is buggy though. It try to be secured but end up insecure in many cases.
      No it’s not conspiracy theory though lol. Facebook ask me to change password around 60+ times now. There’s one period that it ask me EVERYDAY. I know that no one hack me as I didn’t rotate the password, didn’t use any system to generate or remember it. No anonymous comments and I just use Facebook to view game news and comment. I think Facebook attempt to outsmart something and I use traffic tracker tool in my pc. I login in many device with browser (pc, notebook, 2 mobiles), not it apps. So it may think I’m different person by any of their fail algorithm. I starts to increment my password though because I’ve nothing to lose. I don’t want this kind of failed security.

      Another problem is, they try to detect you. If you use multiple account. It’s happen to me once. I’ve another account which I rarely use*. I login it (different password). It show my main account instead. I even try to login the main account and logout again, then re-login sub. It’s still the same. But I can login sub-account in private/incognito mode or another browser. So I delete all Facebook data from the browser. That fix it. I’m a programmer myself. So I know a lot of case are nonsense from the user. But I really freak out when this shit happened (it’s only once though). This is really security flaw. This should not possible for normal login system. Why they can this mess up? But this is reality which I test though and though a lot before wipe website data.
      So don’t ever login Facebook in netcafe at all. Even if someone didn’t keylogger you, no attempt to hack you. But Facebook just provide your account for them if this occur lol.

      *Nothing sinister motive. I just need to comment a few on politic (which I rarely do) and I don’t want it to interfere with my game profile, just that.

      • The problem you are having with Facebook sounds like it might be a problem with the browser cache. I expect clearing the cache CTRL+SHIFT+DELete opens the clear browsing data dialog box on all popular browsers and you can clear your Cached Images Fies from there. You can also delete your browser history and cookies from there. In this case, you might also need to clear cookies.

        • Yes, I did that and fix it. But if you’re in developer field, it’s obvious that website should not cache user login if they’re logout already. If it occurs, it’s really severe problem of said website, not browser.

          Browser remember cookie, cache js/css file with same query string and alike. When user click logout, programmer should clear credential data properly without need to additional clear browsing data. It’s really interesting experience a bad way lol

  14. Just changed my password 40 minutes ago signed on went to anther site, came back tried to sign on Stated incorrect password WRONG!! I wrote it down, got on signed off and ried to sign again No Luck This is frusteating.

    Give up I am afraid

  15. My YouTube app made me got signed out and I am trying to sign back in but it said “This password may be incorrect.” Make sure you typed it correctly. And I don’t know why. How do I fix it?

  16. This positively true. Gmail absolutely does this and there is no way to complain about it. Leo, and everyone else, why don’t you guys do something helpful, and actually acknowledge that MOST OF THE TIME, when this happens it happens because you did not sign in in the manner that you did when you signed up, or in the manner which you TYPICALLY sign in. It is a control game on their part, and you guys who keep saying that it is probably our fault are just probably hired guns out to attack any real free expression against these sorts of login policies.
    I have had the problem of not being able to sign in with the correct password MULTIPLE times. I have a genius level IQ, and can tell when a program is just yanking my chain. Guys, enough is enough. Many programs do this and its time to be open about it, acknowledge it, and place the blame where it belongs, on the programs, websites, and software. Then we can put pressure to get it changed or get alternatives. Until then we will have to tolerate being dismissed, ignored, judged, and having our observations and comments misrepresented and disregarded.

  17. I have signed in to 3 different Gmail accounts on an old Android phone for years with same passwords (yes I know!) never a problem until I took out the sim to try to find my dongle sim’s number. Upon replacing the normal sim (three payg), kept getting “passwords not matching” They ARE right, and still work perfectly on my PC. I did change one password to see if it would work, and it did…once. Now just refuses again. Still ok on PC though. I’ve finally given up with smartphones! It’s also started showing “syncing error” randomly.

  18. August 14, 2022 – 9:29 a.m.
    I have a suggestion for the frustrated person above who swears they are using their correct password. Where it shows: “Create a new password,” you can either use the same password again, or if says “password already in use,” it’s because you used it before. Or change it slightly. I noticed that the password must contain letters, numbers, and a symbol (i.e., & or *) and also must contain at least eight (8) characters. Also, the “new” email address requirement that I noticed is using a period or decimal point instead of an underscore ( instead of ( These subtle changes might seem unnecessary, and I wonder why they changed it. But that’s how the program is supposed to work, now, isn’t it? Like the phone numbers that require a 1 and area code as well as the phone number itself, because of the extreme increase in phone numbers…

  19. Google has another case other than Less Secure Apps/App password.
    If you never login in the device, or you didn’t login for a long time. It’ll refuse to log you in. You need to do other method that it list e.g. login another device and permit it. If you didn’t login for a long time? I’m not sure myself. But from what I found in some google page. After I login once (with it accepted but not pass me in), I need to wait a week and login again in this device. I’ve both case so this’s what I can confirm.

    I’m sure my password is correct. Proved by the wrong password give different result. But their text didn’t tell you enough to know that your password is correct if you’re not techie, know your pass and can verify.

    Just to help you guys complete scenario, in case someone search and found this page.

    • This is not fail coding/algorithm as Facebook case though. It’s just security feature (which is too bothersome in some cases lol).

  20. Articles like this are painful. Not only are they incorrect, but increase frustration.

    For example, I cannot sign into my exchange account thru outlook. I know my password is correct.

    I can sign in the web with my password fine. Outlook, no. It says wrong password.

    So, terrible post, of no value, and steers people in the wrong direction. Very dangerous.

    • Did you happen to look at the “Related” sidebar?

      In my experience, 99% of the time this article is spot on. People believe their password is correct, but it is not. Full stop.

      The rest of the time it’s a side effect of two-factor authentication, which is where that sidebar will take you.

  21. Whilst you assure me that I must be in the wrong about my password please explain the following set of facts:
    My Google password is my master password of sorts as I use google password saving to store everything else.
    I have a system where I reserve a password that I reset every 3 months for my 2 most secure logins, google being one of them.
    I record the new password each time I reset it on a paper I keep in my wallet that is printed from a receipt printer so the password looks like part of a receipt.
    I use the password at least once a day when I use it to see passwords stored in google password manager.
    Google correctly reports it was last changed 3 months ago, which matches my records.
    I have the box checked so that the password is shown as I enter it, and the apps are all secure (2 pixel phones, a 2xl and 6, chrome on a macbook, on a dell and on an MSI), the passowrd I am seeing is the one that was working this morning.
    And yet I am getting wrong password every time, and now have to go through account recovery with the 6 hour delay despite having account recovery, 2fa and biometrics.

  22. You’ve overlooked a very common occurrence: the user tries to use an old email account and enters both the email address and the password correctly, but Gmail or Yahoo say that even though both are correct the login still “looks suspicious” and refuses to allow the user to log in.

  23. Hi, my password has been the same for the last 1 years and suddenly I get a message that says password incorrect, what the hell? After a few attempts, it blocked all attempts and the question it asks is not what I filled in when I signed up. It asks me for my first dog’s name and I know that I did not fill that in. What do I do, do I just go to Gmail as most of my friends did when Hotmail started with their nonsense?!

    • If the security question has been changed, it’s a sign your account was hacked, and the hacker changed your password.
      I asked Bing Chat
      “How do I recover a hacked Microsoft account”
      Their response

      “I’m sorry to hear that your Microsoft account has been hacked. Here are some steps you can take to recover it:
      Act immediately: The second you have any suspicions that someone might be trying to access your account, you should take action. Microsoft might send you an email highlighting new suspicious logins.
      Change your password: The first step you should take to protect your account is to change your password.
      Microsoft Account Recovery: If you can’t get into your account, you’ll need to contact Microsoft for help. Go to Microsoft’s account recovery form1. Enter your email, phone number, or skype name and a contact email. Complete the captcha to prove you’re a human and click ‘Next.’ Enter the code from your email address and click ‘Verify.’
      Contact Microsoft: If you are unable to recover your account using the above steps, contact Microsoft support.
      I hope this helps!”

  24. passwords are a complete waste of everyone’s time. They are used all the time when there is no need for any password., they keep everyone out of their own accounts and they are a major source of frustration and annoyance. They are there because they keep computer professionals in employment, no other reason.

    The only password you really need is on your bank account, and that one is always very simple and easy to remember. The more useless the password, the more restrictive the rules are and the longer. more unwieldy and harder to set up or remember they become.

    • So your email account doesn’t need a password? You’re OK if someone else takes it over?
      Or your Amazon account?
      Or your *whatever* account?
      Clearly you’re missing something fundamental about how the internet works. “Keep computer professionals in employment, no other reason” <- That's just bull. I get that you're frustrated, but passwords and account security exist for a very real and important reason, and it's not to "make work" for anyone.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.