Getting locked out of your own Jellyfin is a rite of passage, usually six months after setup when the browser that remembered the password gets reinstalled. The good news: there are four ways back in, sorted here from painless to surgical. The bad news for anyone hoping otherwise: there is no master key, and that's a feature.
First, about the "default login"
Clearing this up because it's half the searches: Jellyfin has no default username or password. Nothing like admin/admin exists to fall back on. The account created in the first-run wizard is the founding admin, and whatever was typed there is what the server knows. If you're staring at a login screen on a server you just installed and never completed the wizard for, the fix is different: visit the server address directly and the wizard should greet you, no credentials involved.
Finding your username
Before resetting a password, confirm the username is right; "wrong username" and "wrong password" produce the same rejection. Places it's written down for you:
- Any device where you're still signed in: your name sits in the top-right user menu of the web client and in the profile section of the apps.
- Another admin's Dashboard » Users page lists every account on the server.
- The login page itself, if "allow local sign-in without password" style visibility was left on, shows user tiles for local network visitors.
Usernames are also case-sensitive in some clients' handling, which produces the maddening "right password, still rejected" pattern; type it exactly as created.
Method 1: Another admin resets it (two minutes)
Any admin account can reset any user. Dashboard » Users » select the locked-out user » Password tab, set a new one, done. This is why the long-standing advice holds: create a second admin account on day two and park its credentials in your password manager. Households where each person has their own account plus one spare admin never need the rest of this article.
Method 2: The local network PIN reset
Jellyfin's login screen has a "Forgot password" link with an unusual mechanism built for self-hosters. It only functions when you connect from the local network (same LAN as the server, or the server's own localhost), which for a VPS means an SSH tunnel; more on that in a second.
Click Forgot password, enter the username, and Jellyfin writes a PIN file to its program-data directory on the server rather than emailing anything (there's no mail server in the loop to trust). SSH in and read it:
cat /var/lib/jellyfin/passwordreset*.json
The file names the PIN and its expiry (about 30 minutes). Back on the login screen, enter the PIN and set a fresh password. Docker installs keep the file in the mounted config volume, so look under your ./config path instead.
For a VPS where "local network" doesn't exist, fake it with an SSH tunnel from your machine:
ssh -L 8096:localhost:8096 user@YOUR_SERVER_IP
Then browse to http://localhost:8096; the server sees a localhost connection, the Forgot password flow activates and the rest is identical. This tunnel trick is worth knowing anyway, it's the safe way to reach any admin UI you've firewalled off the public internet.
Method 3: The database edit (last resort, works every time)
Sole admin, PIN flow failing, no way in at all: the credentials live in Jellyfin's SQLite database and you own the disk. This is the break-glass option, so two rules first. Stop the server before touching the database, and copy the file somewhere safe before editing; a mangled jellyfin.db costs you the whole server config, and our Jellyfin backup guide exists precisely so this moment is boring.
sudo systemctl stop jellyfin
cp /var/lib/jellyfin/data/jellyfin.db /var/lib/jellyfin/data/jellyfin.db.bak
sqlite3 /var/lib/jellyfin/data/jellyfin.db \
"UPDATE Users SET Password = NULL WHERE Username = 'YOURNAME';"
sudo systemctl start jellyfin
A null password hash means that account signs in with an empty password field. Log in immediately and set a real password in your profile before doing anything else; the account is wide open until you do. Version caveat in fairness: 10.11 moved Jellyfin's internals to a new database framework, and while the users table has kept this shape, poke at your actual schema (.tables and .schema Users inside sqlite3) before running updates blind on a future version.
After you're back in
Three habits so there's no next time. The second admin account from method 1. A password manager entry for a service you log into twice a year (these are exactly the passwords managers exist for). And if family members keep losing theirs, note that admins resetting user passwords is normal Jellyfin housekeeping, not an emergency; the emergency version of this article only applies to the last admin standing.
Locked out of the server machine itself rather than the app is a different problem entirely, and if the server's on a VPS your provider's console access is the equivalent break-glass door; on our Jellyfin VPS plans that console sits in the panel for exactly these afternoons.

