You swore you typed it correctly. You tried again, more slowly this time, maybe even whispered it like a prayer. “Incorrect password.” You retyped it with Caps Lock off, then on, then off again. Same error. Your coffee went cold. So did your patience. If a login screen has ever locked you out like it doesn’t know you, you’re not alone—and your frustration is justified. But you might be overlooking some simple explanations.
Start with the Basics
Begin with the obvious: it could be human error. Typos, the wrong email address, or a stray space copied from a password manager can easily block access. To check, type your password into a plain text editor like Notepad so you can see every character, then copy and paste it into the login field. If that works, the issue was either a typing mistake or the app altering your input behind the scenes.
Cookies and Cached Data Can Cause Problems
Less obvious are browser cookies and cached data. These small files help websites remember your session, but they can also hold outdated credentials. If you recently changed your password, your browser might still be using old session data and reject the new password. Clearing your cookies and cache often resolves this, though it requires you to sign in to other sites again. Annoying, yes—but effective.
When Your Password Manager Gives the Wrong Password
If you rely on a password manager, an auto-filled old or incorrect password can keep you locked out. Check your manager’s stored entry and update it if it contains an outdated password. Otherwise, it will keep supplying the wrong credentials and wasting your time.
Watch for Caps Lock and Similar Traps
Caps Lock is the tiny saboteur of login attempts. One accidental press can turn “SunshineSocks22!” into “SUNSHINESOCKS22!”—a different string entirely. Since passwords are case-sensitive, even one mismatched character will lead to rejection. Also verify if Num Lock or alternate keyboard layout keys might affect what you type.
Account Compromise Is a Real Possibility
Image via Unsplash/Azamat E
If you still can’t log in, it’s possible someone else changed your password. Check the account’s recovery options—backup email, phone number, or security questions. If those recovery details look unfamiliar, treat the situation like a break-in. Start the account recovery process with the service provider immediately. If you regain access, review and secure every recovery option, check recent login activity, and remove any unknown devices or sessions.
Security Questions Aren’t Always Reliable
Security questions can be unpredictable. If a recovery prompt asks about a childhood friend you never named, that’s suspicious. Sometimes platforms change or reset security prompts, and sometimes attackers update them to block the real owner. If you suspect tampering, mention it during recovery and change those settings as soon as you regain access.
Old Passwords Increase Risk
Be honest with yourself: how long have you used that password? Passwords that survive for years are likelier to appear in data breaches. Services exist that let you check whether your email address or credentials have been exposed; if you find a leak, update the compromised password everywhere you used it. Avoid predictable choices like “Password123!”—those remain surprisingly common on breach lists.
Language and Keyboard Layouts Can Interfere
Another subtle issue is keyboard layout or language switching. Some systems toggle between layouts with a keyboard shortcut, which can change certain punctuation or symbols. The character you expect to type—such as an exclamation point—might be a different symbol in another layout, and the site will see it as a different password.
Free Accounts Often Have Limited Support
Finally, remember that free services usually offer limited customer support. If your email provider is a free account and you run into trouble, response times and available help can be minimal. If email is critical for work or business, consider a paid service that includes stronger support and additional security features.
There are more ways to fail at a password than there are cereals on supermarket shelves. A rejected password doesn’t automatically mean you’re being paranoid, but it does indicate something is off. Clear your browser data if needed, verify and reset passwords, avoid using pet names or simple patterns, and stop reusing the same password across multiple sites.
And if you must write passwords down, put them somewhere secure—preferably not on a sticky note stuck to your monitor or in an unprotected “passwords” file on your desktop. Use a reputable password manager or another secure method to store credentials so you don’t get locked out—or worse, compromised.