STATUS_ILL_FORMED_PASSWORD 0XC000006B Fix - Windows Login Error

What Causes STATUS_ILL_FORMED_PASSWORD (0XC000006B)?

You're sitting at your Windows 10 or 11 machine, type your password, and get hit with STATUS_ILL_FORMED_PASSWORD (0XC000006B). The system won't let you in. This error doesn't mean you typed the wrong password. It means the password format Windows received doesn't match what it expects. Think of it like a file that got corrupted mid-save — the data's there but the structure is garbage.

I've seen this most often after a Windows update changes the credential storage format, or when you've got a bad cached logon for a domain account. The fix depends on whether you're on a local machine or domain-joined. We'll tackle the most common cause first.

Cause #1: Corrupt Cached Logon Credentials (Most Common)

This is the #1 culprit. Windows stores your last successful password as a hash in the registry. If that hash gets corrupted — say, after a crash or a botched update — the next time you try to log on, Windows reads the bad hash and throws 0XC000006B. The fix: clear the cached credentials.

Before you start: This requires a working administrator account. If you can't log in at all, skip to Cause #2 below where we use Safe Mode or a local admin account.

Press Win + R, type regedit, hit Enter. You'll see the Registry Editor open.
Go to this path:
```
HKEY_LOCAL_MACHINE\SECURITY\Cache
```
The SECURITY hive is hidden by default. You'll need to take ownership of it. Right-click the Cache key, select Permissions, then click Advanced. Next to Owner, click Change. Type Administrators (your local admin group), click Check Names, then OK. Check the box Replace owner on subcontainers and objects, click Apply. Now give Administrators Full Control via the Permissions window.
Inside the Cache key, you'll see values named like NL$1, NL$2, etc. These are the cached password hashes for different users. Right-click each one and delete them. Don't touch anything else in that key.
Close Registry Editor. Reboot your machine. When you log in, type your password fresh. Windows will regenerate the cached hash from your correct credentials. The error should be gone.

If you can't access the SECURITY hive (some Windows editions lock it tighter), there's a simpler method using Credential Manager:

Open Control Panel, go to User Accounts > Credential Manager.
Click Windows Credentials.
Look for any entries under Windows Credentials that match your machine name or domain. Click the arrow to expand, then Remove. Reboot.

I've seen Credential Manager not show all cached logons though — that's why I prefer the registry route.

Cause #2: Password Hash Mismatch After Domain Password Change

This happens when you change your domain password on one machine (say, at the office), then try to log into another machine that still has the old password hash cached. The error appears because the cached hash format doesn't match what the domain controller expects. The fix: force a fresh cache.

Boot into Safe Mode with Networking. To do this, restart and hold Shift while clicking Restart. Then go to Troubleshoot > Advanced Options > Startup Settings > Restart. After restart, press 4 or F4 for Safe Mode.
Log in with your domain account (you'll need to type the password manually — no cached version). If Safe Mode works, that confirms the issue is a bad cached logon.
Open Command Prompt as Administrator. Run this command to clear all cached logons:
```
cmdkey /list
```
This lists all stored credentials. Find the ones for your domain (they'll look like Domain:target=MicrosoftAccount or similar). Then delete each with:
```
cmdkey /delete:<target>

  Replace <target> with the exact string from the list.
```
Reboot normally. Log in with your new password.

Sometimes Safe Mode won't even work — that's rarer but happens. If it does, you're looking at a domain controller sync issue, not a local problem. Call your IT admin.

Cause #3: Registry Permission Corruption on Logon Cache Key

Less common, but I've seen it twice in ten years. The permissions on the Cache key itself get corrupted, so Windows can't write a new hash. The registry edits from Cause #1 won't stick. Here's how to fix permissions:

Boot from a Windows installation USB or recovery drive. Select Repair your computer.
Go to Troubleshoot > Advanced Options > Command Prompt.
Load the offline registry hive. Type:
```
reg load HKLM\OfflineSecurity C:\Windows\System32\config\SECURITY
```
(If your Windows drive isn't C:, adjust accordingly.)

Now run:

regini

This opens the registry permissions editor. Set the Cache key permissions explicitly:

HKEY_LOCAL_MACHINE\OfflineSecurity\Cache [1 5 8]

  The numbers mean: 1=Administrators full control, 5=SYSTEM full control, 8=Everyone read.

Unload the hive:
```
reg unload HKLM\OfflineSecurity
```
Reboot and try logging in normally.

This is advanced stuff. If you're not comfortable with the command line, try simply resetting the local admin password via the recovery environment instead — that often flushes the bad cache too.

Pro tip: If you're on a domain and keep seeing 0XC000006B, check the Domain Controller's event log for Event ID 4625 (failed logon). The log will tell you if the error came from a bad hash or a locked account.

Quick-Reference Summary Table

Cause	Symptoms	Fix	Difficulty
Corrupt cached credentials	Error on first login after crash/update	Delete Cache key values in Registry or Credential Manager	Intermediate
Domain password hash mismatch	Error after changing domain password elsewhere	Clear cached logons via cmdkey in Safe Mode	Intermediate
Registry permission corruption	Previous fixes don't work; Cache key permissions broken	Use recovery environment to reset Cache key permissions	Advanced

Start with Cause #1. Nine times out of ten, that's the fix. If not, work your way down. This error doesn't mean your account is hosed — it's just Windows being fussy about how it stores your password. Clear the cache, and you're back in business.