Back to Table of Contents

Lost or forgotten password

What is the symptom ?

You're certain you typed in your password correctly, but MultiBit Classic is not unlocking your wallet.

What can you do about it ?

MultiBit does not change passwords to encrypted wallets without your knowledge. There are several possibilities to explore:

  1. Make sure that you are using the most recent password you know.
  2. Try combinations - change one character at a time to upper- or lowercase, swap characters, add a ! to the end and so on
  3. Examine the rolling wallet backups, and apply the same process.
  4. Examine the automatic private key exports - these are encrypted with your wallet password when they are generated
  5. If the password uses non-English characters consider the effect of the local language miscoding them

As a last resort go to a quiet room and relax. Think about where you might have put a copy of the password. Perhaps one of the following:

  • Hidden file somewhere?
  • USB drive?
  • Encrypted copy held on LastPass or KeePass? You should be using a secure password generator with 14 or more random characters.
  • Accidental copy on a local backup service like Time Machine or rsync?
  • An intentional encrypted copy on Dropbox or GDrive?
  • Maybe you wrote it down and put it in a book, or an old drawer?
  • Does a trusted friend or relative have a copy?

I think they're in my password manager but there's hundreds to try...

Some password managers provide a means to export their contents for backup purposes. From a security point of view this is a very risky thing to do. Assuming that you know the risks of exposing all your passwords and you are an advanced user of the command shell, here is what you can do to quickly work through a list of password candidates:

  1. Locate the key backup file the wallet directory (it has a .key extension) and copy it to a secure location on a safe machine (call it target.key).
  2. Use your password manager's export function to copy your password as a CSV (comma separated values) file to the same location as the key file (call it passwords.csv).
  3. Examine the CSV file to determine its layout (e.g. url,username,password,label etc) and note the column number of the password (it is 3 in the example).
  4. Copy this Unix script (it might need modification for Windows) alongside the CSV file (call it and give it executable permissions with chmod +x
echo Usage: [password CSV] [key file] 
echo Password file: $1
echo Key file: $2
for password in $( awk -F , -v OFS=' ' '{print $3}' $1 ); do
   echo ------
   echo Attempting: $password...
   openssl enc -d -p -aes-256-cbc -a -in $2 -out recovered.key -pass pass:$password
   if [ $? -eq 0 ];
       echo "Success!";
       echo "Failed";
   echo ------

You may need to adjust the {print $3} section on line 5 to reflect the password column (e.g. {print $12} if password is in position 12).

Once ready execute the script as follows:

$ ./ passwords.csv target.key

The script will report each password as it tries it and will stop immediately upon successful decryption. If all goes well you can use the password with MultiBit to rescue your bitcoins.

Make sure you tidy up all your files after you have finished. Use the Unix "secure delete" command to remove each file in turn using the 35-pass Gutmann algorithm if available:

$ srm passwords.csv
$ srm target.key
$ srm recovered.key

Make sure you erase your terminal scrollback history to avoid leaving traces of console output containing passwords. In MacOS Terminal use Edit | Clear Scrollback. On Linux echo -e '\0033\0143' might do the trick. Windows, um, no idea.

Nope that didn't work...

If you have really, truly lost or forgotten your password and you only have encrypted wallets, then it is likely that you have lost access to your bitcoin. There is absolutely no way that the MultiBit team can possibly recover them.

You should keep the encrypted files safe just in case inspiration strikes. Never delete a private key, just archive it safely.