You have not used that one PC for a while and you have forgotten the (administrator) password. Or you have created an account with a web service and you have no idea what the password can be. Forgetting a password is annoying, but with the right techniques you can solve that problem yourself. On World Password Day 2020, we are happy to tell you how to recover a lost password.
At the editorial office, we regularly receive questions from readers who are desperately wondering how to retrieve a forgotten password and it is equally telling that a search term such as ‘forgotten password’ yields 25 million hits at Google. In this article, we take a closer look at various tools and techniques to recover forgotten passwords or to solve that problem, for example by creating a new password. We will discuss Windows in detail, then we will talk about Wi-Fi networks, various software and web services. Please note: it is about retrieving your own forgotten password and not about hacking other users! Also read: Simply remember all your passwords.
Windows
01 Password ‘recover’
By default you have to log in to work with Windows (see also box Restart). If you enter an incorrect password here, Windows will automatically show you the reminder you entered when creating that account. However, Windows only does that for a local account and not for a Microsoft account like it can be used from Windows 8 (see also step 11). Hopefully that’s enough to remind you of the correct password. If not, Windows offers another way out via the option on the login screen reset Password. However, it only works if you have previously created a ‘password reset disk’.
It goes like this. Go to the Windows Control Panel and choose User Accounts and Parental Controls / User accounts. click on Create a password reset disk in the left panel, then follow the further instructions from the wizard Forgotten Password follows. You will need a USB stick for this and you will also have to enter your current Windows password. You plug this stick in when you have forgotten your password and you reset Password want to use.
Go-around
By default, Windows asks you for a password at startup. That is safe, but less useful if you are the only user or if you are very forgetful in nature. However, you can make Windows restart automatically. This is done as follows in Windows 7 and higher. Press Windows key + R and run the command netplwiz from. The window User accounts appears. Select your account and remove the check mark next to it Users must provide a username and password to use this computer. Confirm with OK and enter the password (2x) associated with this account. Confirm again with OK.
02 Access to profile folder
However, what do you do if the mnemonic from the previous step says nothing to you and you have not created a password reset disk. How you proceed depends mainly on whether you remember the password of an administrator account. If so, and you have only forgotten the password of one of your other accounts, then you have quickly solved this problem. It is no problem to access the files (in the profile folder) of that other account. Log in with an administrator account and use Windows Explorer to navigate to the profile folder of the forgotten account, for example c: Users Documents. When you want to open it, the message appears that you currently do not have access to that folder. Then just click Get on and the door opens. You can then secure that data somewhere and optionally create a new account for the forgetful user.
03 Change password
Unfortunately, retrieving the original password is not that easy (see also step 7), but fortunately there is another option. Logged in with the administrator account, go to the Control Panel and choose User Accounts and Parental supervision / User accounts / Manage another account. Here you select the problem account and choose Change the password, after which you enter a new password. Please note: if the user of that account has encrypted his data with the built-in EFS function of Windows (Encrypting File System), he will no longer be able to access those encrypted files (see step 7 again)!
04 Live medium
In the previous two steps, we assume that you know the password of the administrator account. But if not, it gets a little trickier. As in step 2, we will first show you how to access the problem account information without an admin password. We do this using a live Linux medium. That sounds complex, but the next steps certainly will.
Indicate that you want to download Ubuntu Desktop (preferably the 64bit version). Unless you’re considering a donation, click Not now, take me to the download and download the iso file via the Download-button. Download YUMI. Insert a USB stick into your computer, start YUMI (an installation is not required) and click I Agree. Select the drive letter of your USB stick in the drop-down menu and place a check mark next to it Format X: Drive (Erase Content). Keep in mind that all data on that stick will be overwritten later! In the second drop-down menu, choose Ubuntu and refer you via the Browsebutton to the just downloaded iso file. Confirm with Create and with Yes. Afterwards YUMI asks if you want another distribution on the stick, but you don’t have to.
05 Approaching data
You should now boot your system from the live Ubuntu stick. You may have to set the boot order in the PC’s BIOS so that your PC first tries to start from a removable medium. However, most systems have a shortcut that allows you to call up a boot menu where you immediately indicate that you want to boot from a USB stick. Consult the manual for your system if necessary. Shortly after your PC boots from the stick, choose Try Dutch / Ubuntu (not: Install Ubuntu!), after which the desktop environment of Ubuntu will appear. On the left you will find some icons. The third button from above (Traffic jams) is the built-in file browser that allows you to navigate to the partition where the problem account’s data folders are also located. You can secure this folder (s) by copying them via a drag gesture to, for example, a connected USB disk.
06 New administrator account
You now have your data back, but via a smart trick it is also possible to log back into Windows with your trusted account. This trick applies to Windows Vista and above. Boot your system with the live Ubuntu stick and open the file browser (see step 6). Navigate to your PC’s Windows folder and open the system32 subfolder here. In this subfolder, right-click on the file Utilman.exe and rename it to, for example, Utilman.old. Then make a copy of the cmd.exe file and rename that copy to Utilman.exe. So the original cmd.exe file will not be affected. Exit Ubuntu and start Windows as usual. As soon as the login window appears, press Windows key + U.
Normally, the accessibility options of Windows will now appear, but by the intervention of that moment you end up as administrator on the command line (cmd.exe). Here you execute the following commands in succession, each time with Enter:
net user adminextra secret / add
net localgroup administrators adminextra / add
This creates the administrator account ‘adminextra’ with the password ‘secret’. Log in to this in Windows, after which you can change the password of your original administrator account from the Control Panel (see step 3).
07 Crack password
If you have forgotten your password and you had encrypted your data with EFS (see also tip step 3), then there is only one option left to get to your data: retrieve the original password. This is possible with a special ‘password cracker’ such as Ophcrack, which can be installed as a live medium. As with Ubuntu, you can do that with YUMI (see step 4). This time you choose from the drop-down menu Step 2 the option Ophcrack Vista / 7 (Password Finder) and place a check mark next to it Download Link, so that YUMI can pick up the distribution itself. Afterwards, press the Browsebutton and refer to the downloaded iso file. With Create put the Ophcrack distribution on a USB stick. Start your Windows (Vista or newer) with this.
Optionally, Ophcrack will ask you to indicate the correct Windows partition, after which the tool will start and try to crack the passwords of the detected accounts. The results appear in the program window. You will notice: Ophcrack knows how to find a short and simple password very quickly, but a complex and long copy can prove to be an impossible task. By installing so-called rainbow tables in Ophcrack (from the menu Tables) increases the chance of finding complex passwords faster. You will find it here and for more background information you can here justly.
Wifi
08 Via the router
You set up a wireless network some time ago and you secured it well with WPA2. Now you want to give an extra device access, but you have no idea what the password is. There are various ways of doing this. If you remember the password of your router, you will have it done quickly. Go to the command line on a Windows PC that is connected (wirelessly or not) to your network and enter the command there ipconfig from. Make a note of the IP address Default gateway and enter that in the address bar of your browser, after which you log in to your router.
If you do not remember the router password, but you have not changed the original password, you will probably find it when you google something like ‘default password’ in combination with the model of your router. Once you have entered the configuration screen of your router, look for a section like Wireless and open your wireless network security settings window. Normally you read the password here, you may have to click on an option like Unmask Password or Show password click to show the password.
09 From Windows
If you are unsuccessful that way, you can try using a Windows PC as long as it is connected to your wireless network. Right-click the network icon in the Windows System Tray and choose Open network center. Here you choose Wireless networks manage. Select the network and right click on it. Choose Characteristics and open the tab Security. As soon as you put a check mark at Display characters the corresponding password appears.
If it still does not work, it is time to use an external tool, such as the free one WirelessKeyView. Both a 32bit and a 64bit version are available). Unzip the downloaded zip file and ignore any warnings from your firewall or antivirus and launch the program. You should see the detected networks immediately, including the passwords in readable form.
Software and services
10 Applications
There are other programs (such as local email clients) that hide passwords behind dots or asterisks. In some cases, this form of security does not amount to much and makes a free tool like this BulletsPassView convenient use (both 32bit and 64bit version). Leave the forgotten password asterisk program window open on your desktop and start the extracted BulletsPassView. The tool will detect the window and hopefully show you your password in readable form. You can find the same maker here a number of other password aids for browsers and some other applications. These free tools are bona fide in themselves, but by their very nature they generate a series of alarms.
Even when you upload them to an antivirus service like www.virustotal.com. The same applies to the tools of SecurityXplodedbut we cannot guarantee that these tools do not have a hidden agenda. During the installation, also make sure that you do not install extra software, you may have to do it a few times Skip or Decline to press. In any case, you use such tools entirely at your own risk!
Password safe
Using the same, easy to remember password everywhere is not exactly a safe solution. Now there are many ‘mnemonics’ that make it easier to remember a password, but you can also use a digital password safe. One of the better – free – tools is LastPass. The bottom line is that you choose (and remember) one very strong master password, which you use to lock the password vault. Once you want to log in to websites and services, LastPass, which installs as a browser extension, will ask to save your account ID. This information is securely encrypted, stored in the cloud and, if desired, synchronized with your other devices. LastPass also supports multiple authentication, making use even safer.
Do you not dare to use a cloud service for your passwords? Then use an offline program like KeePass.
11 Web services
Of course, there are also many web services that require an account and password to access. Fortunately, most of these services offer a ‘Forgot your password?’ Feature. It usually boils down to entering your email address and receiving a message after pressing a button to change your password. And sometimes you first have to answer a security question that you previously set yourself when creating your account.
Have you forgotten the Microsoft account password to sign in to Windows 8 and later? Then change your password. Similar procedures exist for services such as Google, Facebook, Twitter and the like. In the registration window you can click on a link that will help you on your way: such as Forgot your password? or Do you need help?.
Password management
If you have forgotten a password that you have stored by your browser and that is automatically replenished, you can usually find it quickly via the password manager of your browser itself. For example, in Chrome, click the three-bar button and select consecutively Settings / Show advanced settings / Manage passwords (in the section Passwords and forms). In Firefox also click on the button with the three dashes and select Options / Security / Saved Passwords / Show Passwords / Yes. Finally, in Internet Explorer, click Internet Options / Content / (top button) Settings / Password manager, open the desired account and choose View.