Locked out of your account right before rent is due is one of those small panics that feels bigger than it is. If you’re wondering how to get your online banking password back, the good news is that resetting it is one of the most routine things a bank’s system handles, and you almost never need to visit a branch to do it.
Quick answer: To reset your online banking password, go to your bank’s login page, select “Forgot Password,” enter your User ID, then verify your identity using a one-time code, your debit card PIN, or your SSN/date of birth. You’ll then be prompted to create a new password and log back in immediately.
How to Reset Your Password Step by Step
Every major bank — CIBC, Wells Fargo, PNC, U.S. Bank, M&T, Santander — uses roughly the same flow, because it’s dictated by banking security standards, not by any one company’s design choices.
- Go to your bank’s official login page (type the URL directly or use a bookmark — don’t click links from emails or texts).
- Select “Forgot Password” or “Trouble logging in?”
- Enter your User ID or Login ID. If you don’t remember it either, most banks let you recover it separately (more on that below).
- Choose a verification method — usually a one-time passcode sent by text or email.
- Enter the code, then create and confirm a new password.
- Log in with your new credentials.
That’s the whole process for the vast majority of banks. Where it gets slightly different is step 4 — how you prove you’re actually you.
Verifying Your Identity
Banks can’t just hand back access on a hunch, so this step tends to be the most rigorous part of the process. Depending on your bank, you might be asked for:
- A one-time passcode (OTP) sent to your registered phone or email
- The last 4 digits of your SSN or TIN, or your date of birth as a fallback
- Your debit or ATM card number plus PIN
- Your credit card number plus the 3-digit security code
- Answers to security questions you set up when you opened the account
If you no longer have access to the phone number or email on file, this is the one situation where a phone call to customer service is genuinely faster than trying every online workaround — they can verify you through other means and update your contact info.
Locked Out? Here’s What to Do
Most banks lock an account after three incorrect password attempts, as a fraud-prevention measure. This is a separate problem from simply forgetting your password, and clicking “Forgot Password” repeatedly won’t fix it.
If you’re locked out:
- Look for an “Unlock Account” option next to the login field — several banks separate this from the standard reset flow.
- If there’s no self-service unlock option, you’ll need to call customer support directly. Have your account number and ID ready; this call is usually quick.
- Avoid guessing your password further while locked out — repeated attempts can extend the lockout period on some platforms.
Recovering a Forgotten Username
It’s common to forget your username and password at the same time, especially if you log in mostly through a saved session or biometric login on your phone. Most banks handle this with a “Forgot Username” link that runs through the same identity verification as a password reset — phone/email OTP, or card and SSN verification. Once confirmed, your username is displayed on screen, and you can either log in directly or continue on to reset your password in the same session.
Resetting on Mobile vs. Desktop
The steps are nearly identical whether you’re on a laptop or your bank’s mobile app, with a couple of practical differences:
| Desktop | Mobile App | |
|---|---|---|
| Entry point | “Forgot Password” link on login page | “Trouble logging in?” or “Get login help” |
| Verification | Same (OTP, card, SSN) | Same, plus option to set up Face ID/fingerprint after reset |
| Password visibility | Usually visible by default | Often hidden by default — toggle the eye icon to check for typos |
| Best for | Users who don’t have their registered phone with them | Faster if the OTP goes to the same device you’re resetting on |
If your registered phone number is tied to the same device you’re using for mobile banking, the app route is typically faster since the OTP lands right where you’re working.
Building a Password That Actually Protects You
Once you’re back in, it’s worth spending two extra minutes making sure this doesn’t happen again — or worse, that a weak password doesn’t put your account at risk in the first place.
- Aim for 16+ characters where the platform allows it — length matters more than complexity tricks.
- Don’t reuse a password from any other account, especially email or shopping sites.
- Avoid personal details: birthdays, addresses, relatives’ names, or anything findable on social media.
- Skip predictable patterns like sequential characters (“abc,” “123”) or repeated characters (“aaa,” “000”).
- Consider a reputable password manager instead of saving passwords in your browser — a lost or hacked device shouldn’t mean a compromised bank account.
- Update your password roughly every 6–8 months, not because it’s required everywhere, but because it limits how long an old, possibly leaked password stays useful to anyone else.
READ MORE: Debit Card vs Credit Card: What Actually Separates Them (and Which to Use)
Red Flags: What a Real Bank Never Asks For
Because “banking password” searches are a favorite target for phishing pages, it’s worth being explicit about this: a legitimate bank will never ask you to read a one-time passcode over the phone to “verify” a transaction you didn’t initiate, email you a link asking you to “confirm your password,” or request your full card number and PIN together outside of an ATM or an in-app reset flow. If any message urges you to act immediately or threatens account closure to get you to hand over a code, treat it as a scam and contact your bank directly using the number on the back of your card — not a number provided in the message.
If you ever suspect your account credentials have actually been compromised, changing your password immediately and calling your bank’s fraud line takes priority over anything else in this guide.
Getting back into your account doesn’t have to be stressful. The reset flow is built to be quick precisely because banks expect people to forget passwords regularly — it happens to almost everyone eventually. If you hit a snag that self-service can’t fix, your bank’s support line exists for exactly that, and a five-minute call beats an hour of guessing.
WANT MORE TIPS LIKE THIS? CHECK OUT OUR BANKING GUIDE TO DISCOVER MORE.
FAQs: How to Get Your Online Banking Password
Q: How do I reset my online banking password?
Go to your bank’s login page, click “Forgot Password,” enter your User ID, and verify your identity through a one-time code, card and PIN, or SSN. You’ll then set a new password and can log back in right away.
Q: What if I forgot my username too?
Use the “Forgot Username” link on the login page. It runs through the same identity verification, then displays your username so you can log in or continue to a password reset.
Q: How many failed login attempts before my account locks?
Most banks lock accounts after three incorrect attempts as a fraud-prevention step. Look for an “Unlock Account” option, or call customer support if none is available.
Q: Is it safe to reset a banking password from my phone?
Yes — mobile app resets use the same verification as desktop. It can be faster if your one-time code arrives on the same phone you’re using.
Q: What if I no longer have the phone number or email on my account?
Call your bank directly. They can verify your identity through other means and update your contact information before resetting your password.
Q: Can someone reset my banking password without me knowing?
Not without access to your verification method (your phone, email, card, or SSN). This is why banks flag repeated reset attempts and why you should never share a one-time code with anyone, including someone claiming to be from the bank.
Q: How often should I change my online banking password?
Every 6–8 months is a reasonable baseline, or immediately if you suspect it’s been exposed elsewhere.
Q: Should I let my browser save my banking password?
It’s more convenient but riskier than a dedicated password manager, especially if your device is ever lost or compromised.