Nowadays you need login information for many websites and then it can sometimes happen that you forget your password. Fortunately, that's not a disaster. There are many techniques that allow you to recover your lost password.
We regularly receive questions from readers who are desperately wondering how to recover a forgotten password, and it's equally telling that a search term like 'forgotten password' at Google yields 25 million hits. In this article we take a closer look at various tools and techniques to recover forgotten passwords or to solve that problem by, for example, creating a new password. We will discuss Windows in detail, then we will talk about Wi-Fi networks, various software and web services. Please note: it is about fishing for your own forgotten password and not about hacking other users! Also read: Easily remember all your passwords.
01 'recover' password
By default, you must log in to be able to work with Windows (see also Restart box). If you enter an incorrect password here, Windows will automatically show you the mnemonic you entered when creating that account. However, Windows only does this for a local account and not for a Microsoft account as can be used from Windows 8 (see also step 11). Hopefully that's enough to help you remember the correct password. If not, Windows offers another way out on the login screen via the option reset Password. However, it only works if you have created a 'password reset disk' beforehand.
It goes like this. Go to the Windows Control Panel and choose User Accounts and Parental Controls / User Accounts. click on Create a password reset disk in the left panel, after which you can follow the further instructions of the wizard Forgotten Password follows. You do need a USB stick for it and you will also have to enter your current Windows password. Plug in this stick when you have forgotten your password and you reset Password want to use.
By default, Windows prompts you for a password at startup. That is as safe, but less useful if you are the only user or if you are very forgetful by nature. However, you can have Windows restart automatically. This is how it works in Windows 7 and above. Press Windows key+R and run the command netplwiz from. The window User Accounts appears. Select your account and uncheck the box next to Users must provide a username and password to use this computer. Confirm with OK and enter the password (2x) that belongs to this account. Confirm again with OK.
02 Profile folder access
However, what do you do if the hint from the previous step doesn't tell you anything and you haven't created a password reset disk. How you proceed then depends mainly on whether you still know the password of an administrator account. If that is indeed the case and you have only forgotten the password of one of your other accounts, then you have solved this problem quickly. It is no problem at all to get to the files (in the profile folder) of that other account. Log in with an administrator account and navigate with Windows Explorer to the profile folder of the forgotten account, for example c:\Users\Documents. When you want to open it, a message appears that you do not currently have access to that folder. Then just click Get on and the door opens. You can then save that data somewhere and create a new account for the forgetful user if you wish.
03 Change password
Retrieving the original password is unfortunately not that easy (see also step 7), but fortunately there is another option. Signed in with the administrator account, go to the Control Panel and choose User Accounts and Parental Controls / User Accounts / Manage Another Account. Here you select the problem account and choose Change the password, after which you enter a new password. Note: if the user of that account has encrypted his data with Windows' built-in EFS function (Encrypting File System), he will no longer be able to access those encrypted files (see step 7 again!
04 Live media
In the previous two steps, we assume that you know the password of the administrator account. But if not, things get a little trickier. Just like in step 2, we will first show you how to access the problem account information without an admin password. We do this using a live Linux medium. That sounds complex, but with the following steps it will certainly be possible.
Indicate that you want to download Ubuntu Desktop (preferably the 64bit version). Unless you're considering a donation, click Not now, take me to the download and get the iso file via the Download-knob. Download YUMI. Insert a USB stick into your computer, launch YUMI (no installation required) and click I Agree. Select the drive letter of your USB stick in the drop-down menu and place a check next to Format X: Drive (Erase Content). Keep in mind that all data on that stick will be overwritten soon! In the second drop-down menu, choose Ubuntu and refer you via the Browsebutton to the just downloaded iso file. Confirm with Create and with Yes. Afterwards, YUMI asks if you want another distribution on the stick, but you don't have to.
05 Access data
You are now supposed to boot your system from the live Ubuntu stick. You may need to set the boot order in the PC's BIOS so that your PC first tries to boot from a removable media. However, most systems have a hotkey that allows you to call up a boot menu in which you directly indicate that you want to boot from a USB stick. Consult the manual for your system if necessary. Shortly after your PC boots from the stick, choose Dutch / Try Ubuntu (not: Install Ubuntu!), after which the Ubuntu desktop environment appears. On the left you will find some icons. The third button from the top (Traffic jams) is the built-in file browser that allows you to navigate to the partition that also contains the problem account's data folders. You can secure these folder(s) by dragging them to a connected USB drive, for example.
06 New administrator account
You now have your data back, but via a clever trick it is also possible to log in to Windows again with your trusted account. This trick works for Windows Vista and above. Boot your system with the live Ubuntu stick and open the file browser (see step 6). Navigate to your PC's Windows folder and open the system32 subfolder here. Right-click in this subfolder on the file Utilman.exe and rename it to, for example, Utilman.old. Next, make a copy of the cmd.exe file and rename that copy to Utilman.exe. The original cmd.exe file is therefore left untouched. Exit Ubuntu and boot Windows as usual. Once the login window appears, press Windows key + U.
Normally the accessibility options of Windows now appear, but because of the intervention just now you end up as an administrator on the command line (cmd.exe). Here you then successively execute the following commands, each time to confirm with Enter:
net user adminextra secret /add
net localgroup administrators adminextra /add
This creates the administrator account 'adminextra' with the password 'secret'. Log in to Windows with this, after which you can change the password of your original administrator account from the Control Panel (see step 3).
07 crack password
If you have forgotten your password and you had encrypted your data with EFS (see also tip step 3), then there is only one option left to access your data: recover the original password. This is possible with a special 'password cracker' such as Ophcrack, which can be installed as a live medium. As with Ubuntu, you can do this with YUMI (see step 4). This time choose from the drop-down menu at Step 2 the option Ophcrack Vista/7 (Password Finder) and put a check in Download Link, so that YUMI can fetch the distribution itself. When finished, press the Browsebutton and point to the downloaded iso file. Of Create put the Ophcrack distribution on a USB stick. Start your Windows (Vista or newer) with this.
Optionally, Ophcrack asks you to indicate the correct Windows partition, after which the tool starts and tries to crack the passwords of the detected accounts. The results appear in the program window. You will notice: Ophcrack knows how to find a short and simple password very quickly, but a complex and long one can prove an impossible task. By installing so-called rainbow tables in Ophcrack (from the menu Tables) increases your chances of finding complex passwords faster. You can find it here and for more background information you can go here.
08 Through the router
You set up a wireless network some time ago and you secured it well with WPA2. Now you want to give an extra device access, but you have no idea what the password is. There are several ways out. If you still remember your router's password, you'll have it done quickly. Go to the command line on a Windows PC that is connected to your network (wireless or otherwise) and enter the command ipconfig from. Make a note of the IP address that Default Gateway hear and enter it in the address bar of your browser, after which you log in to your router.
If you don't remember the router password either, but you haven't changed the original password, you'll probably find it when you google for something like 'default password' in combination with the model of your router. Once you've landed in your router's control panel, look for a section like wireless and open your wireless network security settings window. Normally you will read the password here, you may have to click on an option like Unmask Password or Show password click to show the password.
09 From Windows
If that doesn't work, you can try it on a Windows PC, provided it's connected to your wireless network. Right-click the network icon in the Windows System Tray and choose Open Network and Sharing Center. Here you choose Manage wireless networks. Select the network and right click on it. Choose Characteristics and open the tab Security. As soon as you put a check on Show characters the corresponding password appears.
If it still doesn't work, it's time to use an external tool, such as the free WirelessKeyView. There is both a 32bit and a 64bit version available). Extract the downloaded zip file and ignore any warnings from your firewall or antivirus and run the program. You should immediately see the detected networks, including the passwords in readable form.
Software and services
There are other programs (such as local e-mail clients) that hide passwords behind dots or asterisks. In some cases, this form of security means little and a free tool like BulletsPassView makes handy use of it (both 32-bit and 64-bit versions). Leave the program window with the forgotten password asterisks open on your desktop and launch the unzipped BulletsPassView. The tool will detect the window and hopefully show you your password in readable form. Here you will find a number of other password helpers from the same maker for browsers and a few other applications. These free tools are bona fide in their own right, but by their very nature they do generate a series of alerts.
Even when you upload them to an antivirus service like www.virustotal.com. The same goes for SecurityXploded's tools, but we can't guarantee that these tools don't have a hidden agenda after all. During the installation, also make sure that you do not install any additional software, you may have to click a few times Skip or Decline to press. In any case, you use such tools entirely at your own risk!
Using the same, easy-to-remember password everywhere isn't exactly a secure solution. Now there are a lot of mnemonics that make it easier to remember a password, but you can also use a digital password vault. One of the better - free - tools is LastPass. The bottom line is that you choose (and remember) one very strong master password, which you use to lock the password vault. Then, as soon as you log into websites and services, LastPass, which installs as a browser extension, will ask you to save your account ID. This information is securely encrypted, stored in the cloud and, if desired, synchronized with your other devices. LastPass also supports multi-factor authentication, making use even more secure.
Don't you dare to use a cloud service for your passwords? Then use an offline program like KeePass.
11 Web services
Of course, there are also many web services that require an account and password to access. Fortunately, most of these services offer a 'Forgot your password?' feature. This usually means that you enter your e-mail address and after pressing a button you receive a message with which you can change your password. And sometimes you first have to answer a security question that you previously set yourself when creating your account.
Forgot the password for the Microsoft account you use to sign in to Windows 8 and later? Then change your password. Similar procedures exist for services such as Google, Facebook, Twitter and the like. In the registration window you can click on a link that will help you on your way: like Forgot your password? or Do you need help?.
If you have forgotten a password that you have had your browser save and that is automatically completed, you can usually find it quickly via the password manager of your browser itself. In Chrome, for example, you click on the button with the three lines and then select Settings / Show advanced settings / Manage passwords (in the section Passwords and forms). In Firefox you also click on the button with the three lines and select Options / Security / Saved passwords / Show passwords / Yes. Finally, in Internet Explorer, click Internet Options / Content / (top button) Settings / Password Manager, open the desired account and choose To display.