If you cannot sign in to ORCID because you have forgotten your ORCID iD password, the fix in most cases is the official reset-password page at orcid.org/reset-password — not a new registration. Enter any email address you may have used, and ORCID sends a reset link valid for four hours. If you have also lost the associated email account or your two-factor authentication codes, the recovery path is different and is covered section by section below.
An ORCID iD is a free, 16-digit persistent identifier that disambiguates a researcher from others with similar names across publications, grants and institutional systems — structurally compatible with the ISO 27729:2012 International Standard Name Identifier (ISNI) format. Recovering access to your own existing record is a distinct task from looking up someone else’s public iD, and conflating the two is the most common reason researchers end up creating unwanted duplicate accounts.
- How do I reset a forgotten ORCID password?
- What if I’ve forgotten my ORCID iD or registered email?
- Locked out by two-factor authentication?
- Recovering your own account vs searching for someone else’s iD
- Which recovery path matches your situation?
- Common ORCID account recovery questions
- Why this matters for research offices
- The bottom line
How Do I Reset a Forgotten ORCID Password?
Go to the sign-in page and select “Forgot your password or ORCID iD?”, or navigate directly to orcid.org/reset-password. Choose the “my ORCID account password” option, then enter any email address you may have registered — personal or institutional.
- ORCID sends a password-reset email from [email protected], normally within ten minutes.
- The reset link is valid for four hours only; after that you must request a new one.
- If ORCID reports no account matched to that email, retry with every other address you have used, then check the spam or junk folder before contacting support.
You can sign in afterwards using an email address, the full ORCID iD URI, or the bare 16-digit number — all three are accepted in the login field, so a forgotten orcid id login password combination does not always mean a forgotten iD as well.
What If I’ve Forgotten My ORCID iD or Registered Email?
If you cannot recall your 16-digit iD, sign in to your record at orcid.org/my-orcid if you still have working credentials; the iD displays below your name in the top-left corner. If you cannot sign in at all, use the recovery page instead: select “ORCID iD” rather than “password,” enter each email address you may have used, and ORCID will send an identification email if a match exists.
If none of your current addresses are registered and you no longer have access to the original account inbox, do not register a new ORCID iD. ORCID explicitly warns against creating a second record, because duplicate identifiers defeat the purpose of a persistent identifier and are difficult to merge later. Instead, contact ORCID support directly and supply:
- Your full name as it appears (or appeared) on the record.
- Any ORCID iD you believe may be yours, found via a registry name search.
- A current institutional or employer email address for identity verification.
- Any previous email addresses ever associated with the account.
Recovery without a working registered email takes longer, because ORCID’s support team must verify identity manually rather than through an automated link.
Locked Out by Two-Factor Authentication?
ORCID’s two-factor authentication (2FA) is optional, but once enabled it requires a six-digit, time-sensitive code from an authenticator app — ORCID has tested Authy, FreeOTP, Google Authenticator and Microsoft Authenticator. At setup, ORCID also generates a one-time list of single-use recovery codes.
Those recovery codes are shown only once, at the moment 2FA is enabled — ORCID does not store a retrievable copy. If you still have the codes, select “Enter recovery code” at sign-in instead of the six-digit prompt. If you have lost both the authenticator app and the recovery codes, self-service reset is not possible: you must contact ORCID support directly to have account access restored manually.
To avoid this scenario, ORCID recommends registering at least two independent sign-in methods — for example, two active email addresses, or a linked institutional single sign-on account alongside your ORCID credentials — precisely so that losing one method never locks you out entirely.
Recovering Your Own Account vs Searching for Someone Else’s iD
These are two unrelated tasks that searchers frequently conflate. Account recovery — resetting your password, retrieving your own iD, or restoring 2FA access — always requires proving you control the record, via a registered email or direct contact with ORCID support. Looking up someone else’s ORCID iD is simply a public registry search at orcid.org using a name or affiliation; it requires no login and returns only the information that individual has chosen to make visible.
ORCID’s own policy is explicit on this boundary: manual collection of another person’s iD outside of that person’s direct, secure sharing is discouraged, because it undermines the “prove you own it” model that makes the identifier trustworthy for publishers, funders and institutions. If you are a research-office administrator assisting a colleague, direct them to recover their own account rather than attempting it on their behalf.
Which Recovery Path Matches Your Situation?
The scenario determines the correct starting point — using the wrong one wastes the four-hour reset-link window or triggers an unnecessary support ticket.
| Your situation | Correct recovery path | Typical time to resolve |
|---|---|---|
| Forgotten password, email access still works | Self-service reset at orcid.org/reset-password | Minutes |
| Forgotten 16-digit iD, email access still works | Recovery page, select “ORCID iD” option | Minutes |
| Lost access to registered email, iD/password unknown | Registry name search, then contact ORCID support | Days |
| Lost 2FA app but still have recovery codes | “Enter recovery code” at sign-in | Minutes |
| Lost both 2FA app and recovery codes | Direct contact with ORCID support (no self-service option) | Days |
| Need someone else’s iD, not your own account | Public registry search — no sign-in required | Seconds |
Common ORCID Account Recovery Questions
How do I know my ORCID password?
You cannot retrieve an existing password in plain text — ORCID does not store or display it. If you cannot recall it, go to the reset-password page, select the password option, and enter a registered email address to receive a reset link valid for four hours.
Where do I find my ORCID iD?
If you are already signed in, your 16-digit ORCID iD appears below your name at the top of your record page. If you are signed out, use the ORCID reset-password tool’s “ORCID iD” option, or search the public registry by name to locate a record that may be yours.
What are the password requirements for ORCID?
ORCID passwords must be at least eight characters long and include at least one number plus one letter or symbol. These requirements apply both at initial registration and whenever a password is reset or changed via account settings.
Is it safe to share an ORCID iD?
Yes — an ORCID iD is designed to be shared publicly, similar to a DOI for a person. ORCID does not, however, permit third parties to manually collect or enter iDs on someone’s behalf in workflows; individuals should share their own iD directly through ORCID’s secure connect mechanisms.
Why This Matters for Research Offices
Institutional research administrators routinely field ORCID lockout queries near grant deadlines, when a researcher’s orcid login create account confusion — re-registering instead of recovering — creates a duplicate iD that must later be flagged and merged. As of April 2026, ORCID’s own registry statistics put live iDs at roughly 14.7 million, up from the ten-millionth registration in November 2020 — scale that makes duplicate-record cleanup an increasingly routine, avoidable burden.
Building the distinction above — reset vs recovery vs registry lookup — into onboarding guidance and helpdesk scripts reduces both duplicate registrations and unnecessary support tickets during peak submission periods.
The Bottom Line
Every ORCID lockout scenario has exactly one correct starting point: self-service reset if email access still works, a registry search plus direct support contact if it does not, and recovery codes (or, failing that, direct support) if two-factor authentication is the barrier. Registering two independent sign-in methods in advance — and never creating a second iD “just in case” — remains the single most effective way to avoid needing this guide at all.
For institutions building broader identifier and persistent-ID workflows into research administration processes, see CASRAI’s research administration resources and the CASRAI Dictionary for related terminology.
Leave a Reply