A new password containing a "Dead key" (e.g. "~" or "^") was configured. Windows accepted the password but logging on to POA with the new password is not possible. The Dead key is not accepted as character input!
First seen in
SafeGuard Device Encryption
If a Dead key character is defined, the character has to be pressed twice at the FreeBSD POA to be accepted.
What To Do
The Dead key has to be pressed twice at POA logon to be accepted. When the Dead key combination (e.g. Alt-Gr + "~") is pressed for the first time, the POA does not show the password character as accepted (it does not add a * to the password string). When the Dead key combination is pressed for the second time, it will be accepted.
Alternatively, re-configure the password so it does not contain a dead key.