Another option if you still can log in with a different user account is the free Advanced Password Recovery software. It can be used for more than just changing or removing user passwords from Windows Accounts, but that is one of its core features.

You can start the program right away without installation. Please note that you need the Server service running. If it does not run, you will get an error message and a program that is only working partially.

When you start the program for the first time you will notice a tabbed interface. The Windows Account Management tab can be used to remove or change passwords of all known users on the system. This way you could either remove a password that you have forgotten or replace it with a new password.

Advanced Password Recovery has other interesting features, some of them log in related. You can for instance enable logon password patching which will display a password change prompt on the next log on of the user on the system.

Another option becomes available under the Password and Serial Recovering tab. Here you can create backups of passwords and serial numbers. The wording is a bit off, considering that you only backup the serials and passwords. Available for selection are Messenger and Related, Windows and Office, Browsers and Wireless passwords and serials. All get saved in text files on the local system.

Advanced Password Recovery is compatible with 32-bit and 64-bit editions of the Windows operating system. The program requires the Microsoft .NET Framework. There is unfortunately no mentioning of the version that is required.

The free software program is handy if you can still log into an administrator account on the system. It is of course then possible to use other means to reset or change passwords of Windows user accounts.

Please note, if you ever get an e-mail requesting your username and password, it is phishing for it. See our phishing protection tips for some tips on how to protect yourself. There is also a phishing flowchart to help you identify phishing. In addition to this, Gmail has a lab that will verify PayPal and eBay e-mails.

Websites Already Have it

While one would hope passwords are encrypted and kept out of harm’s reach, that is not always the case. In many systems security is an after thought. Sometimes security policies and programs are not seen as necessary until after a breach. Important customer information is not always protected the way that it should be.

In a system like this your password my not be encrypted. It may be stored in plain text (sometimes called “clear text”). There may not be proper access controls in place either.

With the usernames and passwords so easily accessed, no one from the company needs to ask you for them. The company, or a number of employees within it, has access to them. This is a part of why it is important to use different passwords on different sites.

Top Level Staff May Have Access

A system with good security will encrypt your passwords. Even if someone who was not supposed to have access to the file containing passwords gained it, it would look like gibberish. There are ways get around this under certain circumstances, but over all the encryption keeps people from being able to read customer information.

That said, there will be people higher up who have access to the key which can decipher passwords. If a legitimate need for the information arose, such as a court order, then a ranking company official would be involved, not you.

While not directly relating to passwords, Dropbox works in a similar fashion. All data that Dropbox stores is encrypted, protected from staff and general misuse. The higher-ups are able to access the data, but only under special circumstances. They can give access to authorities, but it must be by court order. It is an example of how an encrypted system is still controlled by someone in the company.

Your Password May Not Be Stored Verbatim

Some sites and systems may use a cleaver trick to log you in. You would think, when you login, a server compares the username and password that you send with a username and password on record. That is not always the case.

Some systems will use your password and a random number, put them into a formula, and get a crazy looking code of letters, numbers, and symbols. This code is virtually perfectly unique to your password. The site stores this code and the random number.

virtually perfectly unique
http://blogs.msdn.com/b/tomarcher/archive/2006/05/10/are-hash-codes-unique.aspx

Unlike encryption, where the password can be retrieved if a key is used, the created code cannot be unlocked to reveal your password. It is a one-way process designed to make your password unreadable. It is difficult to figure out the password based on the code. The point to a system like this is that they do not want to know your password.

When you login again, you send your username and password. The system takes the password you send, puts it and the random number back in the formula, and forms the crazy code again. It then compares that code to the code on file. If they match, you are allowed in; if they do not match, you get an error. Voila, login without a stored password.

The crazy code has a special name: a hash value. Sony disclosed their use of hash values after the Play Station Network was brought down by hackers.

The System May Force Resets

Some systems will give limited tools to IT personnel (by policy, access, or design). In these cases, the only tool they may have available is a password reset. This is done to remedy the frequent problem of lost passwords. Passwords can be safely encrypted or hashed, yet access can be easily restored.

Facebook uses this system. You have to tell the website something about yourself first, but it will reset your password after you have. This automates the process so you do not have to wait for tech support.

Many Functions Do Not Require Your Password

In most systems, the employee logs in, is verified by the system, and has the appropriate access for the role they play in the company. The software they use may be able to modify your contact information, account balances, length of service, view your history with the company, etc. Heck, sometimes they can outright delete you. Think about how a bank teller can deduct money from your account when you ask for cash. By far, their username and password trumps your username and password. There is nothing legitimate that a bank could need your password for.

In Summary

As it has been stated by every reputable company, there is never a reason to give someone your password. The company will never ask for your username or password. These occurrences prey on ignorance. If you know someone who you think might fall for a ploy like this, educate them. They should be less likely to give the information out if they know why it is never needed.

The developer provides some plain numbers to show the effectiveness of using the GPU to recover a rar password with four characters:

• ~168 passwords per second on single core of Q6600 @ 2.4Ghz (crark’s result)
• ~325 passwords per second on 8600 GT
• ~3120 passwords per second on ATI HD4850
• ~2075 passwords per second on GTX260/192SP

The performance of the listed ATI card is almost 20 times that of a password recovery where only the cpu is used. The password recovery software is a command line utility and the developer is offering extensive information on the possible parameters that can be used to recover the password. The suggested length of the password should not exceed six characters although it is theoretically possible to start a password recovery for a password with up to 17 chars.

The basic command for the password recovery is:

igrargpu.exe [switch:param] filename.rar

The command

igrargpu.exe /a:b /c:s /min:1 /max:4 archive.rar

will for example check all four letter combinations of lower case Latin characters. Known characters of the password can be added to the command to speed up the recovery attempt.It is advised to check the readme for a detailed overview of all possible parameters. The password recovery program can also use a dictionary based attack with rules. RAR GPU Password recovery should work on most versions of the Microsoft Windows operating system. The portable software is available for download at the developer’s website.

A recent study shows on the other hand that password recovery questions are usually answered honestly. Questions about the birth town, mother’s maiden name or first animal name can sometimes be easily guesses. The study asked acquaintances of 32 webmail users to guess the answer to the secret question. Roughly 20% of these answers were guessed correctly.

Password recovery questions should therefor not be answered honestly. Experienced users fill them out with password like characters which makes the answers more or less impossible to guess. These answers can then be stored in password managers as notes.

How do you handle password recovery questions?

The program has to be pointed to the location of the programs at first startup. The only requirement is that they have to reside in the same directory structure. It should also be noted that the live urls are also supported and available alternatively. The software management tool will then display its main interface which is divided into two columns. The left column contains categories while the right the descriptions and start links of the software programs listed in those categories.

The three main categories Sysinternals Suite, NirSoft utilities and Windows Utilities are divided further into subcategories like Networking Utilities, Password Recovery or Security Utilities. The Windows Utilities category contains links to dozens of tools provided by the Windows operating system including services configuration and various monitoring and networking tools.

Each entry can be added to the listing of favorite applications which provides quick access to them. A search is also available that can be used to quickly find applications based on their name or purpose.

Windows System Control Center is a helpful software management tool for users who work regularly with NirSoft and / or Sysinternals software programs.

There is a way to do this. It will work with most systems that use a root password. Of course if we’re talking about a lost boot password, you’re out of luck…this won’t help you recover that. What this method does is reboot your machine into what is called “single user mode”. Single user mode is also referred to as maintenance mode and is runlevel 1.

Reboot the Machine

The first thing you need to do is reboot the machine in question. The next step will vary, depending upon your distribution. What you need to do is to get to the screen that allows you to select which kernel to boot. Some systems (such as Fedora 10) require you to hit the escape key before the kernel boots. Some systems require a Ctrl-x key combination. Some systems require you to hit the “e” key. With Fedora 10 the sequence is this: After your bios posts you will hit the escape key to open up the Grub boot menu. In that menu select the kernel you are going to boot and hit the “a” key (for “append”). What you will see is the kernel boot command for your machine. What you need to do is append single to the end of that command (make sure there is a space before single) and hit the enter key.

Your machine will now start the single user boot process. You will see some processes list as “fail”. Do not worry about this. Eventually you will find yourself at a root prompt. At this point all you need to do is enter the command passwd and then type the new password for the root user when prompted.

Once you have entered the new root password reboot the machine by issuing the reboot command. When the machine reboots you will have recovered the root password. Congratulations!

The password recovery software supports both dictionary and brute force methods. The first relies on known words while the second method will test all possible character combinations. A dictionary attack can only be successful if the creator has chosen a dictionary word as the password. Using dictionaries as the recovery method can be much faster than the brute force approach.

The recovery software is easy to use. All that needs to be done is to load a password protected zip file into the program’s interface. A dictionary has to be loaded if the dictionary recovery method is selected. The brute force recovery method requires a few additional parameters. The range of characters has to be selected as well as the minimum and maximum length of the password.

The password recovery software did test 13503531 passwords in 137 seconds on a Windows XP Service Pack 3 system with 4 Gigabytes of computer memory and a Intel Core Duo processor with 3.0 GHz. It would still take hundreds of years to test all possible password combinations of a size between 3 and 12 characters (alphanumerical).

Brute forcing makes therefor only sense if the password length is not greater than 6 unknown chars. It should also be noted that the recovery time is the maximum time needed. If the password length is lower it will not take that long.

The developer’s website contains dictionaries that can be used in the password recovery software.

Outlook Express Password Recovery by Passcape (via Techmixer) is able to recover all saved passwords in Outlook Express including smtp, pop3 and imap passwords. It does that by either decrypting the passwords or revealing the real chars behind asterisks depending on the menu in Microsoft Outlook Express.

It can even decrypt passwords directly from the ntuser.dat file which is handy if only the files but not the installation can be accessed.

The password recovery software is compatible to Microsoft Outlook Express 4-6 and can be installed on most Windows operating systems starting with Windows 95 including Windows XP and Windows 2003 Server. Passwords can be exported in text, Microsoft Excel and html files.

Nirsoft created the PstPassword (via Genbeta) application, a Outlook PST Password Recovery software compatible to Outlook 97, Outlook 2000, Outlook XP, Outlook 2003, and Outlook 2007 which does not require Outlook to be installed on the system to recover the passwords. As usual the software can be run from any location on the hard drive without installation.

It also comes with a graphical user interface and command line options, high quality like usual. All pst files of the user who is logged into the system will be displayed automatically. Other pst files can be dragged into the program window or loaded from the File menu.

Several passwords can restore the contents of a pst file which is why PstPassword displays three working ones after analysing the pst file. Each password will work and it can be that none of them is the original password that was used to password protect the file. The list of passwords can be saved in various formats for later usage.

You might need to boot into safe mode if the target system does not use the welcome screen of windows xp or if you can´t log off. (Try hitting CTRL + ALT + DEL twice)  Boot into safe mode by hitting F8 at the boot process and select Boot Windows in Safe Mode. The following welcome screen will display the Adminstrator icon next to others. If you have not changed the password you will be able to login by leaving the password empty. This way you are logged in as administrator and will be able to change the passwords of the other users.

source

They take a look at passwords that consist of only numbers, only letters, a combination of numbers and letters and finally letters and numbers and common symbols. For example a six digit password could be cracked by a Class A computer in about 9 hours while a Class F one would reveal the password in the same instance you started the process. Take a look and calculate how long it would take that someone could bruteforce your passwords.

It´s of course a different story if something prevents the bruteforce process to continue, for example online banking accounts disable the account after three failed login attempts.

The author of Offline NT Password & Registry Editor provides a bootdisk for his program while austrumi already is bootable. A detailed instruction for the first tool can be found at the authors website, with Astrumi you simply enter nt_boot when the command prompt appears.

You could also try to bruteforce your way in again but this is not recommended because the other two methods are easier and faster.

Last but not least this was taken from a user comment and not checked.

1) copy cmd.exe out of system32
2) rename as logon.scr
3) paste it back in system32 and replace current one
4) log off and wait for the screensaver. it will be a command prompt. use [net user]

You can download a .iso file that contains a live cd. In case you forgot your password you boot from the live cd and try to recover the password using the live cd.

[tags]windows, password recovery, lost password, freeware[/tags]