How to reset lost passwords for Windows
Vista and Windows 7 offer a little-known password-reset option; Windows 8 relies primarily on your Microsoft account credentials.
Sadly, I’ve been asked for help more than once by someone who has lost a family member and needs access to the deceased’s computer. (Passwords are not something you should take with you.) Less tragically, I also know many more people who have important information stored on an old computer that’s locked by a forgotten password.
Those passwords can be reset, but the technique depends on the version of Windows you’re running, the type of user account you’ve chosen, and whether you’ve taken any steps in advance for password recovery. I’ll go through each of the available options.
A small amount of preplanning can save you — or your family — a lot of password-recovery effort. The simplest and most certain way to recover a lost password is to create a password-reset disc or USB drive. Built into Vista, Win7, and Win8, this option works only with local accounts. If you’re on a domain, you’ll have to talk to your system administrator. With Win8, Microsoft encourages users to create an MS account during initial setup — you won’t find options for creating a password-reset disk. Instead, you can set up an online password reset with Microsoft.
Obviously, you’ll want to keep the reset disk in a secure location — and, of course, let your family know about it.
Assuming you’re signed in to a local account, click Control Panel/User Accounts. In the left column, select the option “Create a password reset disk” as shown in Figure 1. (This option will not appear if you’re attached to a domain.) Next, a wizard will ask for your current password and the drive you want to use to store the password-reset file.
Figure 1. For local Vista and Win7 accounts, the Control Panel's User Accounts utility includes an option for creating a password-reset disk.
Windows will let you use your password-reset disk when you’re at the Windows sign-in screen and your password entry fails. Click the “Reset password” link, and the Password Reset Wizard will ask for the location of your password-reset file. Once you’ve provided that information, the wizard will request a new password.
If you change your Windows password, you won’t have to create a new password-reset disk. You need to create the disk only once, and it will work thereafter — no matter how many times you’ve changed your working password. That’s all the more reason to store the reset disk in a safe place.
Yes, I know that’s a scary concept. But if you’ve used any of Microsoft’s online services, you’ve probably already given your MS account sign-in password to Microsoft. And you most likely have an MS account if you’re running Win8. In either case, you might also have a 25-character account recovery code. To check, do the following.
Go to any online MS service — Outlook.com, for example — and sign in to your MS account. In the upper-right corner of the window, click on your account name and select Account settings. Next, in the panel on the left, select Security & password. You’ll have to clear a security hurdle to view the details of your account information (see Figure 2). Specifically, you’ll have to give the last four digits of your phone number or a backup email address you’ve set previously. Microsoft will then send you a reset code to enter into the user-verification window.
Figure 2. It's not airtight security, but to retrieve a Microsoft account password, you'll need to have access to your cell phone or email account.
This security verification will obviously complicate things if you’re resetting the password for someone else. You’ll need to have access to either their email account or cellphone.
In the Protect your account window, look for the Recovery code section. If there’s a Set up link, click it to see your 25-character, account-recovery code. If you’ve already set one up, the link will say Replace. In either case, you’ll have the option to copy or print the code.
If you’ve lost your MS account credentials (or you’re trying to recover someone else’s), go to an online MS service (such as outlook.com) and click the Can’t access your account? link. You’ll then be prompted to select the reason you can’t open your account. Select I forgot my password, and you’ll be asked to enter the account you’re trying to access. You’ll also be asked to enter a CAPTCHA.
Next, you’ll see the now-familiar screen asking whether you want a seven-digit, one-time security code sent to a preselected email address or to your phone. If you don’t have or know either, click the I don’t use these anymore link and enter the 25-character code you established earlier.
One thing to keep in mind: Unlike the Vista/Win7 password reset–disk option, an MS account recovery code might have changed.
If you’re using a local account but didn’t prepare a password-reset disk, there are still options. If you have a bootable Windows installation disc, you can be back in business in no time. Keep in mind, however, that this method won’t help you access encrypted data — you’ll still need the original password.
Boot the computer using the Windows CD (this might require changing the BIOS to make the CD drive the first boot device). At the first Windows screen, select Repair your computer (Figure 3).
Figure 3. You can reset passwords with the Repair your computer option, accessed via a Windows installation disc.
Next, select the Command Prompt option (Figure 4).
Figure 4. The Windows installation disc offers an array of repair tools; choose the Command Prompt option.
At the command prompt, type copy c:\windows\system32\sethc.exe c:\ and hit Enter. (You’re making a copy of the Windows “sticky keys” executable on the local C: drive.)
Next, type copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe and hit Enter. (You’re making a copy of the command-prompt executable.) When asked whether you want to overwrite the existing file, select Yes.
Reboot the computer. When the sign-in screen appears, hit the Shift key five times, which will open an admin-level command prompt. (If a “sticky-keys” dialog box opens, select Yes.)
At the command prompt, type net user {sign-in} {new password} — replacing {sign-in} with the user account you’re trying to access and {new password} with a new password. (Note: If the user name includes spaces, enclose the entire name in quotes.)
Windows should open normally.
For various reasons, you might not have a Windows installation disc — and you might not have known about the password-reset options. There are free utilities that let you reset the password for an existing user account. (Again, this won’t help with encrypted files.)
Password-reset programs work by locating the Windows SAM file, which contains the encrypted passwords. The catch is that the file isn’t accessible while the Windows operating system is running. So reset programs generally boot a version of Linux and do their work from there. Taking a sort of brute-force approach, they don’t attempt to decrypt the passwords — they erase them, which then allows access to the Windows account.
The tool I use is Offline NT Password & Registry Editor (download site). And, yes: despite the name, it works fine with current versions of Windows.
Download the ZIP-based CD image (there’s also a bootable USB version), unzip it, and then burn the ISO file to a CD.
Boot the computer from the CD; the editor will be launched within a Linux session. A series of prompts will select the Windows partition and path to the Registry. Fortunately, the default choices are usually correct, so it’s likely that you can just hit Enter repeatedly.
Don’t be thrown by the fact that the editor’s non-graphic interface throws a lot of unintelligible text on the screen (see Figure 5); you don’t need to understand it.
Figure 5. The interface isn't pretty, but the Offline NT Password & Registry Editor makes it easy to reset Windows passwords.
Next, the editor asks what you want to do. Select Edit user data and password. The editor then offers a list of installed user accounts. Enter the user account you want to reset and then select option 1, which will clear the user password.
Click the Q key to leave the editor.
Reboot, and you’ll be able to launch the user account without a password.
If all else fails — and especially if you’re trying to access encrypted files — the only way you’ll get access is with the correct credentials. That means you’ll need to retrieve — not reset — the missing password. And even with the best password crackers available, that’s not a sure thing.
Password crackers work by locating the hashed (or coded) passwords on the system and then comparing them to translation tables called “rainbow tables.” If the files were encrypted by Windows, those passwords are contained in the Windows SAM file. So crackers, like password-resetting programs, must run under another operating system, typically Linux.
Keep in mind that the longer and more complex the password, the less likely it is that a password cracker will be successful.
I tested one of the most popular cracking programs — Ophcrack (site) — which you burn to CD. For most users, the automatic mode is the best choice (see Figure 6). But you can also run the cracking process manually.
Figure 6. Most users will want to use Ophcrack's automatic password-cracking mode.
In my tests, the automatic mode quickly located all password hashes stored in Windows and cracked the ones it could, as shown in Figure 7.
Figure 7. When Ophcrack is finished crunching hashes, it returns a report of all accounts' password status.
As expected, the free version of Ophcrack was unable to crack longer and more complex passwords in Win7 and Win8. It might do better if you pay for more detailed cracking tables, but even then Ophcrack can’t handle passwords longer than 14 characters. Still, given the simple passwords that most PC users employ, your chances are good.
These tips point out that Windows’ basic security is far from foolproof. It’s fine for keeping casual intruders out of your system, but it won’t stop a determined data thief. That’s sort of a silver lining when you need to help yourself or someone else access documents, photos, and so forth that you or they have a legitimate right to.
For more information on giving others access to your accounts when needed, see the Sept. 15, 2011, Best Practicesstory, “Passwords — don’t take them with you,” and the Jan. 7, 2012, Seattle Times article, “Digital estate planning often forgotten.”
Patrick Marshall is a regular technology columnist for The Seattle Times. He has also written for Government Computer News, InfoWorld, PC World, the Congressional Quarterly, and other publications.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------