Because you entered the wrong password.
I know that seems obvious — it’s what the message says, after all — but I get so much pushback. “No, it’s not! I typed it in correctly!”
No, you didn’t. Whatever it is you typed in isn’t the password.
Clearly, we need to dive deeper and understand exactly why it’s possible the password you think is correct isn’t.
Become a Patron of Ask Leo! and go ad-free!
Invalid password, in a nutshell
Whatever system you’re attempting to sign in to — an online account, a computer, or something else — has a password associated with it. That password was set up when you set up the account. In order to confirm you’re the person who owns and should be allowed access to the account, you need to type the same password you did before. If what you type now matches what the system thinks your password should be, you’re in.
Getting an “invalid password” message simply means the password you entered doesn’t match the password the system expects for the account you’re attempting to access.
I’ll say it again: if you get “invalid password”, then the password you entered doesn’t match what the system expects. Period.
There are several ways that can happen — some benign, some not so much.
“Hard to remember” means error prone
I get “invalid password” all the time, and it’s always due to a typo on my part. Recent experiences include setting up a super-secure 20 character password to an account, and then having to painfully, slowly, and awkwardly enter that password on a device without a keyboard (a streaming device connected to my television).
It’s secure. So secure it’s difficult for me to type it in, much less remember it, when I need to.
Even though I know it’s frustrating, make absolutely certain you’re typing in exactly the right password. Even one character off is enough to make it wrong.
“Hard to see” means error prone
Particularly with the proliferation of small devices with small keyboards, entering the right password can be a real challenge. Add to that the asterisks usually displayed instead of the characters you’ve actually typed, and it can be nearly impossible to not only type the right thing, but even know what it is you’ve typed so far.
Most often the solution is simply to take it slowly and carefully. However, there are some situations where you can click or tap on an “eye” icon that will allow the password you’re entering to be displayed as you enter it.
Even in the example above, I couldn’t type “lastpass” without making a typo.
Obviously, only display passwords when you’re in a secure situation (where no one else can see what you’re typing), but I find this an invaluable tool for getting the password right.
Remembering recent changes
Another scenario I run into myself is simply not recalling that I’ve made a recent password change, and typing in the old, no-longer-valid password.
Generally this happens to me for my most-used accounts. My fingers act on some kind of muscle memory and start typing what they’ve typed so often for so long. It’s not until I’m gently reminded by an “invalid password” message that I recall the change and enter the new, correct password.
Unfortunately, there’s a much more common scenario of password change where your memory — muscle or otherwise — simply can’t help.
When someone hacks into your account, the first thing they often do is change the password.
When this happens, the password you know is no longer your password. No amount of typing it in1 will make your old password work. It’s no longer the password to the account.
This is another case where I get a lot of pushback, but I can’t emphasize it enough. If your account is hacked, your password is no longer your password.
The only recourse is to follow the appropriate account-recovery procedures to regain access to your account, set a new password once you do, and then take additional steps to further secure it from being hacked again.
Additional “invalid password” miscellany
Naturally, there are other, less common things that also contribute to encountering the “invalid password” message.
Many programs will now remind you, but make sure CAPS LOCK is not on. “A” is not the same as “a”; upper/lower case must match.
Occasionally if a service is hacked, it will reset passwords proactively. Most of the time they’ll accept your old password once and force you to change it, but sometimes they’ll invalidate all passwords and you’ll be required to go through a password recovery/lost password process. Usually they’ll email you first.
There are probably other scenarios as well.
“Invalid password” is not invalid
Systems don’t report “invalid password” capriciously or without cause. When you get this message, it’s because the password you entered doesn’t match the password they expect — period.
Understanding why there’s a mismatch is the key to getting back in.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,
Footnotes & References
1: Or complaining.