Recover Windows and program passwords with ExtPassword
ExtPassword is a portable application by Nirsoft that is designed to recover passwords from Windows and applications that run on Windows. Designed primarily for the restoring of passwords from external drives, e.g., an old copy of Windows on a non-system drive or on USB devices, it may also be run on the active system, but the output may be limited.
ExtPassword is compatible with all versions of Windows starting with Windows XP and including Windows 11. The program may recover a wide range of passwords from Windows and certain programs:
- Windows Credential files passwords, which store remote computer passwords.
- Windows 10 and 11 security questions and answers.
- Microsoft Account cache file.
- Web browser passwords, including Chrome, Chromium, Firefox, Brave, Vivaldi, Microsoft Edge, Opera and Internet Explorer.
- Dialup and VPN passwords.
- Email client passwords, including Outlook, Thunderbird and Windows Mail App on Windows 10 and 11.
- Wireless network keys.
- DPAPI passwords on Windows 10.
All it takes is to download the program archive from the Nirsoft website, extract the content, and run the application with elevated rights. Note that Windows may display a SmartScreen warning prompt when you run the application. The program is not malicious and warnings may also be displayed if it is not known by Microsoft's SmartScreen service.
The application displays a configuration window on start. Select the external device that you want it to scan, and supply Windows passwords or Firefox master passwords if you have them. The passwords are optional, but some data may not be recovered if they are not supplied.
The extraction takes just a second or two to complete. Data is displayed in a table and columns highlight program names, user names and passwords, storage, the user profile and more information. A click on a column header sorts the table accordingly; there is also a search option to find strings quickly by selecting Edit > Find.
You can export data in several ways. Select any number of rows in the table and select the save/copy selected items options to either copy the date to the clipboard or save it to the local system.
You may also export the entire list of user names and passwords to several different formats, including plain text, CSV or XML.
A tap on F7 displays the log file, which may reveal why a particular password is not displayed.
Closing Words
ExtPassword is a useful program for Windows administrators and users who want to retrieve passwords from the running system or an old system. The program returns the data in a matter of seconds and works best if you can supply Windows passwords (and the Firefox master password if you need to retrieve data from the browser).
ExtPassword is limited to scanning full drives only at this point; there is no option to scan specific folders only using it at this point. Lastly, read access is required to retrieve the data.
All in all, ExtPassword is a useful password recovery software for the Windows operating system.
Now You: have you used password recovery software in the past?
It has 5 viruses.
Check Virus Total.
Frequently Asked Questions
https://www.nirsoft.net/faq.html
Q: The antivirus software on my computer reports that some of the your utilities are infected with a virus or trojan. What should I do ?
A: First of all, All the utilities in my Web site are clean, and they don’t contain any virus or trojan. Unfortunately, Antivirus programs are not perfect, and in many times they detects innocent software as infected with trojan or virus. This problem is known as ‘False Positive’ or ‘False Alert’, and it’s quite common in password-recovery tools. If your antivirus software reports that utilities you downloaded from this Web site are infected with a virus or trojan, I highly recommend you to contact your antivirus company and ask them to fix this ‘False Positive’ problem in the next update of your antivirus software. You can also contact NirSoft to report about ‘False Positive’ problems. Click here to view the latest ‘False Positive’ problems reported by users from around the world.
View VirusTotal reports from the alert center – Google Workspace Admin Help
https://support.google.com/a/answer/10502377?hl
Note:
VirusTotal is not used to produce security alerts, nor is it used to detect malware or other security threats. VirusTotal expands on alert details by providing further security insights, and by assisting you in decision making as you address security concerns.
VirusTotal is a system that “uses more than 70 different antivirus engines”,
https://support.virustotal.com/hc/en-us/articles/115002146809-Contributors
to perform inspections and lists which one of the engines has detected suspicious files.
A detection does not necessarily mean that it is concluded to be “malware”. Minor engines or have a few detections are often “false positives”.
“False positives” of this kind are surprisingly common, unfairly undermining the credibility of “products and developers unrelated to malware”.
The most important thing for the end user to do is to evaluate the source of the download.
This can be evaluated by checking the digital signature of the software package and the hash value of the file.
Furthermore, it is essential to obtain “legitimate applications” from the official download site designated by the developer.
Check Virus Total before installing. This is what I got:
1. Packed.Win32.MUPX.Gen@24tbus
2. Trojan.Malware.300983.susgen
3. HTool-PassView
So does this mean that Chrome, Chromium, Firefox, Brave, Vivaldi, Microsoft Edge, Opera, Outlook, Thunderbird all keep their passwords in plaintext in AppData\Roaming?
If so, can’t say I’m happy.
Web browsers have alwayssaved passwords in an unsecure manner by default. One of the reasons why I use a password manager extension (Bitwarden).
@TimH,
> all keep their passwords in plaintext in AppData\Roaming?
If you actually use it, you will understand the reality of the situation.
By the way, have you checked the “ExtPassword” website?
Recover passwords stored on external drive
https://www.nirsoft.net/utils/external_drive_password_recovery.html
There, it is neatly explained.
The “decryption” of the login information found requires the entry of the login password used by the system or, in the case of Firefox and other Mozilla products, the master password.
In other words, it is not displayed in “plain text”.
I did a scan on my while hard drive, and it found all my passwords in Firefox inside logins.json. Scary!
I have been used “KeePass Password Safe” to manage important and unique personal information such as passwords locally.
https://www.ghacks.net/2022/03/25/how-to-merge-two-keepass-databases/#comment-4518130
Its backups are managed on a plurality of other independent offline media (USB devices, SD cards).
Long long years ago, I learned the importance of backups when I experienced “Accidents occurred frequently where data was corrupted due to lightning surges or negligence that resulted in power failure of the system in operation.” at my workplace. A few years ago, my Ultrabook once overheated and all of my data was destroyed.
I never lose any unique personal information or data because I never fail to keep adequate backups. So “ExtPassword” is unnecessary for me, but Nirsoft’s programs are my favorite.
I do almost the same thing as owl with KeePass2. I do love Nirsoft programs and have used them for years.