The irony in creating super tough passwords is that they’re easy to forget, or if you scribbled one down somewhere and then loose the paper or it’s been digitally erased, you’re back to square one. Or even minus square one if it was the password to your computer. But all is not lost, it is possible to retrieve your password or even circumvent the requirement.
So you’ve lost your computer password, can’t remember it and desperately need to gain access to all of your documents?
Given that most PCs in the world run some form of Windows, we’re assuming you’ve got a Microsoft-based computer.
And unfortunately Microsoft won’t help you if you have lost your password – it’s their security policy.
In fact, the software behemoth strongly recommends that you set a password recovery hint when setting up your computer and creating your password.
It also recommends that you create a password reset disk as soon as you first start using the computer.
If you’ve not already done so and it’s not too late, Microsoft provides a web page that explains how to set up password hints and create a password reset disk. Don’t be put off, by the jargon, it’s a fairly simple process and all you really need is a USB stick.
However, if you’ve already lost or forgotten your password there are a number of options you can try to access your computer.
But with so many Windows operating systems now in use, methods to gain access to your computer can vary. That said, listed below are a few generic methods that you can try.
Accessing the computer as ‘administrator’
On Windows, there is a hidden account named Administrator. Most of the time, this account has no password set.
That means that you can start your computer with this account, open the Control Panel to delete or change the password of any users and fix your problem.
To do this requires a few simple steps:
- Boot your computer and immediately press on the F8 key repeatedly until your computer displays the boot menu.
- With the arrow keys, choose Safe Mode and press the Enter key.
- On the home screen click on Administrator.
- If you have no home screen, type Administrator and leave the password field as blank.
- Click on the Start menu in the bottom left corner, go in the Control Panel, then in User Accounts you can change any user passwords easily.
This method may or may not work depending on which operating system you are running.
Password reset disk for Windows 7
Given that Windows 7 is still in widespread use we’ve included this section on creating a password reset disk for the Windows 7 operating system.
But you need to take these steps before you bypass your password setup. So if you have lost your password and you don’t have password reset disk, this section is irrelevant.
Taking the steps
Windows 7 has a built-in password reset feature. But to access it, you have to do a little bit of groundwork.
This consists of creating a password recovery disk, which can be a removable USB drive.
- To begin, do a Windows Search for Password Reset Disk.
- You should see ‘Create a password reset disk’ as your first option. Select it. This will open the Forgotten Password Wizard.
- An introductory screen appears which explains the basics - once you’ve read it, click next.
- You can select the disk that you want to use for password recovery. Since only removable drives can be used, only they will appear as an option which is where your USB stick should appear. Click on this.
- On the next screen you will have to enter your password. Do this and click next to begin creation of the password recovery disk.
- Resetting your Windows login is now easy. Just click the ‘reset password’ link below the login screen and follow the on-screen steps. You’ll have to select the appropriate disk and then enter a new password.
- Your computer should now be unlocked.
There are many computer utilities you can use to help access your computer if you’ve lost your password.
A utility is a computer program developed for a specific task usually something to do with system resource management. They are generally a lot smaller than applications so don’t require lots of memory.
Thankfully there are a number of free and commercial utilities available for bypassing or changing a lost password in Windows.
- Emergency Boot CD - The EBCD (Emergency Boot CD) is powerful toolset designed to fix unbootable computers and recover data from them. It has a raft of useful features one of which is the ability to change the password without needing to know the previous password. And if you’ve lost your password EBCD could be right up your street.
- Offline NT Password & Registry Editor - The Offline NT password & Registry Editor is a great utility that enables users to overwrite their Windows SAM file. It’s a technical term but the SAM file on your computer contains passwords. Using this you won’t be able to see the previous password, but you can gain access to unencrypted files.
Password cracking tools
You can always try a third party password cracking tool too. You may feel like you are stepping into the realms of hacking but legitimate developers create these tools to help peers and colleagues, and also to test the efficacy of existing security methods.
In short, the search for ever better security is a steady on-going operation and improvements can only be made when weaknesses are discovered. As the well-known industry saying goes ‘don’t learn to hack, hack to learn.’
One of the most mooted is Ophcrack, a free option which uses something called a ‘rainbow table’ to guess your password. It’s available for different Windows operating systems including Windows 7 and Windows 8 as well as the now unsupported XP and Vista too.
That said there are also lot more options. You can do your own research or you might want to consider one the following, all of which are popular:
- Brutus - Brutus is one of the most popular remote online password cracking tools. It claims to be the fastest and most flexible password cracking tool. It is free and is only available for Windows systems. And it’s been around a bit which, is a good sign - it released back in October 2000.
- Cain and Abel - Cain and Abel is a well-known password cracking tool that is capable of handling a variety of tasks. It’s only available for Windows platforms. It can crack encrypted passwords using something called the dictionary attack and it can also carry out brute force attacks, cryptanalysis attacks, uncover cached passwords, decode scrambled passwords and analyse routing protocols. It might be a bit heavyweight if all you’re trying to do is get into your computer – but then again if you want to learn about technology security it’s a box of magic tricks that will more than give you a feel for what some hackers get up to.
- John the Ripper - John the Ripper is another well-known free open source password cracking tool that is primarily aimed at Linux, Unix and Mac OS X. But a Windows version is also available. This tool can detect weak passwords. A pro version of the tool is also available, which offers better features.
- L0phtCrack - L0phtCrack is an alternative to OphCrack. It attempts to crack Windows password from hashes. For cracking passwords, it uses Windows workstations, network servers, primary domain controllers, and Active Directory. It also uses dictionary and brute force attacking for generating and guessing passwords.
- RainbowCrack - RainbowCrack is a hash cracker tool that uses a large-scale time-memory trade off process for faster password cracking than traditional brute force tools. Time-memory trade-off is a computational process in which all plain text and hash pairs are calculated by using a selected hash algorithm. The process is time consuming as it creates a table but once ready it can crack a password must faster than brute force tools.
Not an endorsement
Please note, by listing the above tools we’re certainly not advocating hacking in any sense. These tools are used and researched by well-respected security institutes around the world. If researchers in this field didn’t have knowledge of different password cracking methods and tools, and how to use them, they would be seriously falling down in their responsibilities.
In fact, we strongly suspect most BullGuard blog readers won’t go down this route to recover a lost password; it’s easier to use a utilities tool or take your computer to the local IT guy who can do it for you. But it does no harm to create awareness and indeed if anything it reinforces the need for good security and online vigilance.
And if you create a strong password, one that combines symbols, upper and lower case letters and numbers it will defeat many of the cracking methods listed above – just don’t lose it.