Passwords reset

Windows will let you use your password-reset disk when you’re at the Windows sign-in screen and your password entry fails. Click the “Reset password” link, and the Password Reset Wizard will ask for the location of your password-reset file. Once you’ve provided that information, the wizard will request a new password.

If you change your Windows password, you won’t have to create a new password-reset disk. You need to create the disk only once, and it will work thereafter — no matter how many times you’ve changed your working password. That’s all the more reason to store the reset disk in a safe place.

Windows 8: Your password is stored with Microsoft

Yes, I know that’s a scary concept. But if you’ve used any of Microsoft’s online services, you’ve probably already given your MS account sign-in password to Microsoft. And you most likely have an MS account if you’re running Win8. In either case, you might also have a 25-character account recovery code. To check, do the following.

Go to any online MS service — Outlook.com, for example — and sign in to your MS account. In the upper-right corner of the window, click on your account name and select Account settings. Next, in the panel on the left, select Security & password. You’ll have to clear a security hurdle to view the details of your account information (see Figure 2). Specifically, you’ll have to give the last four digits of your phone number or a backup email address you’ve set previously. Microsoft will then send you a reset code to enter into the user-verification window.

This security verification will obviously complicate things if you’re resetting the password for someone else. You’ll need to have access to either their email account or cellphone.

In the Protect your account window, look for the Recovery code section. If there’s a Set up link, click it to see your 25-character, account-recovery code. If you’ve already set one up, the link will say Replace. In either case, you’ll have the option to copy or print the code.

If you’ve lost your MS account credentials (or you’re trying to recover someone else’s), go to an online MS service (such as outlook.com) and click the Can’t access your account? link. You’ll then be prompted to select the reason you can’t open your account. Select I forgot my password, and you’ll be asked to enter the account you’re trying to access. You’ll also be asked to enter a CAPTCHA.

Next, you’ll see the now-familiar screen asking whether you want a seven-digit, one-time security code sent to a preselected email address or to your phone. If you don’t have or know either, click the I don’t use these anymore link and enter the 25-character code you established earlier.

One thing to keep in mind: Unlike the Vista/Win7 password reset–disk option, an MS account recovery code might have changed.

Accessing a user account via a Windows setup CD

If you’re using a local account but didn’t prepare a password-reset disk, there are still options. If you have a bootable Windows installation disc, you can be back in business in no time. Keep in mind, however, that this method won’t help you access encrypted data — you’ll still need the original password.

• • Boot the computer using the Windows CD (this might require changing the BIOS to make the CD drive the first boot device). At the first Windows screen, select Repair your computer (Figure 3).

• • Next, select the Command Prompt option (Figure 4).

• • At the command prompt, type copy c:\windows\system32\sethc.exe c:\ and hit Enter. (You’re making a copy of the Windows “sticky keys” executable on the local C: drive.)

  • Next, type copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe and hit Enter. (You’re making a copy of the command-prompt executable.) When asked whether you want to overwrite the existing file, select Yes.

  • Reboot the computer. When the sign-in screen appears, hit the Shift key five times, which will open an admin-level command prompt. (If a “sticky-keys” dialog box opens, select Yes.)

  • At the command prompt, type net user {sign-in} {new password} — replacing {sign-in} with the user account you’re trying to access and {new password} with a new password. (Note: If the user name includes spaces, enclose the entire name in quotes.)

Windows should open normally.

Resetting passwords without install/reset media

For various reasons, you might not have a Windows installation disc — and you might not have known about the password-reset options. There are free utilities that let you reset the password for an existing user account. (Again, this won’t help with encrypted files.)

Password-reset programs work by locating the Windows SAM file, which contains the encrypted passwords. The catch is that the file isn’t accessible while the Windows operating system is running. So reset programs generally boot a version of Linux and do their work from there. Taking a sort of brute-force approach, they don’t attempt to decrypt the passwords — they erase them, which then allows access to the Windows account.

The tool I use is Offline NT Password & Registry Editor (download site). And, yes: despite the name, it works fine with current versions of Windows.

Download the ZIP-based CD image (there’s also a bootable USB version), unzip it, and then burn the ISO file to a CD.

Boot the computer from the CD; the editor will be launched within a Linux session. A series of prompts will select the Windows partition and path to the Registry. Fortunately, the default choices are usually correct, so it’s likely that you can just hit Enter repeatedly.

Don’t be thrown by the fact that the editor’s non-graphic interface throws a lot of unintelligible text on the screen (see Figure 5); you don’t need to understand it.

Next, the editor asks what you want to do. Select Edit user data and password. The editor then offers a list of installed user accounts. Enter the user account you want to reset and then select option 1, which will clear the user password.

Click the Q key to leave the editor.

Reboot, and you’ll be able to launch the user account without a password.

Court of last resort: Cracking tools

If all else fails — and especially if you’re trying to access encrypted files — the only way you’ll get access is with the correct credentials. That means you’ll need to retrieve — not reset — the missing password. And even with the best password crackers available, that’s not a sure thing.

Password crackers work by locating the hashed (or coded) passwords on the system and then comparing them to translation tables called “rainbow tables.” If the files were encrypted by Windows, those passwords are contained in the Windows SAM file. So crackers, like password-resetting programs, must run under another operating system, typically Linux.

Keep in mind that the longer and more complex the password, the less likely it is that a password cracker will be successful.

I tested one of the most popular cracking programs — Ophcrack (site) — which you burn to CD. For most users, the automatic mode is the best choice (see Figure 6). But you can also run the cracking process manually.

In my tests, the automatic mode quickly located all password hashes stored in Windows and cracked the ones it could, as shown in Figure 7.