Recover your passwords and regain access to online accounts

Passwords are a big part of modern life. You certainly use a password for online banking facilities, while you may also choose to limit access to your PC with a Windows password. Elsewhere, you might have documents protected by passwords or hold password-bearing accounts with online shops and services.

Of course, these passwords are an important security layer but, with so many, it is easy to forget one. A password-management tool can help – but that is not much use if you have forgotten the master passkey.

Perhaps surprisingly, though, many passwords can be ‘cracked’. While that is a worry, this chink in the armour can come to your rescue. The same technology that allows hackers to steal passwords can be used to recover them legitimately. Should you ever find yourself locked out of a file, website or even Windows, you may come to thank your lucky stars that many passwords are not bulletproof. Read on to discover how cracking can come to your rescue, as well as why setting strong passwords is very important.

Before proceeding, we stress these instructions should only be used to recover your own passwords. An attempt to recover other people’s passwords should be made only with their permission. Failure to comply could see you contravening the Computer Misuse Act, which says unauthorised access to computer material is an offence. Offenders can expect fines or jail terms.

If you have forgotten the password to an online service then our advice is to look for a ‘Forgotten your password?’ link when attempting to log in – these will then either send the password or provide instructions for resetting the password in an email.

You may need to provide an email address at this point, particularly if the username has been forgotten, too. This needs to be the same as the one registered to your account on that site, which may be problematic if you have forgotten which address was used to register, or if the address is now defunct. Amazon has this option when logging in: click it, and you will receive an email containing a link to a page that lets you reset the password.

Resetting an Amazon password is easy, with no further security details required (though obviously the link is sent only to the email address registered by the account holder, so unless your email account has been compromised there should be no issue). You can expect more security measures if attempting to reset your online banking password, for instance.

In the vast majority of cases, this is all you need to do, but also check the site’s frequently asked questions (FAQ) or Help page for more advice or a contact should you need assistance. If this doesn’t work, your web browser may be able to help – if you have recently accessed the site successfully, the site’s password may be stored somewhere on your computer. Visit www.nirsoft.net and click Password Recovery Utilities to find tools for Internet Explorer, Firefox, Google Chrome and Opera, which may help. They work in a similar way to Mail Pass View, which we will explore in more detail a little later.

Rescue Windows login passwords
Other password-protected entities can be similarly forgiving. All recent Windows versions give a password hint at the login screen – assuming you have set one up (do this in User Accounts, from the Control Panel). But if you have not set up a hint, or the hint doesn’t jog your memory, you’re effectively locked out of your computer. Assuming you do not want to re-install Windows, the problem can be resolved with a free program called Ophcrack. You will need a second computer if the locked PC has no other user accounts.

Get Ophcrack from by clicking the ‘Download ophcrack LiveCD’ on the download page. Next, choose either Ophcrack XP LiveCD or Ophcrack Vista/7 LiveCD and save the ISO file to the hard disk –they are large files (425MB and 506MB respectively), so will take some time.

Windows XP and Vista users will also need to download and install ISO Recorder. XP users should click the V2 link and select the 32-bit version; Vista and 7 users should click the V3.1 link and choose the 32-bit or 64-bit edition, depending on which version of Windows they have (if unsure, choose 32-bit).

Insert a blank disc, double-click the downloaded ISO file and choose either Burn (Windows 7) or Next (Vista/XP). Once burned, eject the disc and insert it into the drive of the PC containing the forgotten user password. Switch it on and, assuming the computer is set to boot from the DVD drive, the Ophcrack boot menu should appear. Leave ‘Ophcrack Graphic mode – automatic’ selected, press Enter and it will launch.

A list of detected user accounts and a progress bar will appear as the program attempts to crack the password(s). Check the LM Pwd 1 and LM Pwd 2 boxes as the progress bar continues – part of the password will appear here during the search. Eventually the whole password should be displayed (or you may be able to guess the password from the part displayed). When this happens, click the Stop button followed by Exit. Select Reboot from the Ophcrack Logout menu, eject the disc and click OK.

Restart Windows and log in as normal. This speedy cracking process highlights the fact that Windows passwords are not that secure, which is why you should not rely only on them.

Password-protected files
Some programs, such as Microsoft Office, allow documents to be password-protected but Office in particular does not offer any recovery options or even a reminder.

The most reliable password-recovery programs cost money, but there are a few useful free tools. The Free Word and Excel Password Recovery Wizard is an example, though it is limited to passwords of up to eight characters.

Download the program and clear all the tickboxes when prompted to avoid installing the (unwanted) Babylon toolbar. Launch the program, select a file, choose the recovery type, fine-tune the program settings and click Go.

The program offers two standard means of password recovery: Dictionary and Brute Force. Select Dictionary if you feel the password is an everyday English word – this search is the quickest, with your password likely to be discovered in seconds. The Brute Force method is much slower, as the program tries every possible combination of characters until the password is found.

If you are savvy you can still recover a password without any cost using commercial tools. Data-recovery specialist Stellar provides free demonstration downloads that will display the first three characters of recovered passwords. This may be enough to trigger your memory without having to make a purchase.

Open Office users should visit Intelore for password-recovery tools for individual applications such as Writer and Calc. They cost around £21 each, and a suite-wide recovery tool costs around £56. You will also find password-recovery tools for more obscure file types.

Bringing back a product key
You should never re-install Windows or switch to a new computer without verifying you have all the program product keys and serial numbers to hand. If you can’t find the email, documentation or product box with the serial number on it, but the program is still installed on your PC, then obtaining it is easy. Start by checking the program itself – look under the Help or About menu to see if the key is displayed anywhere prominently.

If not, download License Crawler – click Download followed by the Dropbox download link, then save the ZIP file to your PC’s hard disk. Extract its contents and then double-click the LicenseCrawler.exe file to launch the program – no installation is required. The program searches parts of the Windows Registry for product keys – click the Start Search button to begin, and wait while the search is completed. If the required licence key is not forthcoming, select the HKEY_LOCAL_MACHINE dropdown menu to select another part of the Registry to search. License Crawler is free for personal use but does display adverts during searches.

Email and chat passwords
Forgotten the password you need to log on to your email or instant-messaging (IM) account? First, contact your email or IM provider to see if they can help – heck the support section of their website for an option to reset your password.

If that fails, instant-messaging passwords can be recovered using a free tool called Messenger Key. This supports popular accounts such as Yahoo, AOL Instant Messenger (Aim), Google Chat and MSN Messenger through their parent programs, and again relies on the password being saved in that program to recover it.

If your lost password belongs to an email program such as Windows Live Mail or Thunderbird (and your password is saved in that program), a free tool called Mail Pass View may be able to recover your password.

First, download Mail Pass View (scroll down the page to find and click the ‘Download Mail PassView in zip file (mailpv.zip)’ link). Try right-clicking the ZIP file and choosing Extract All. If your antivirus software incorrectly flags the files as a threat and deletes them, you’ll need to first physically disconnect your computer from the internet. (They are not a threat and any alerts will be a false positive.) Switch off your PC’s wireless adapter or unplug the cable that connects it to your modem or router and then temporarily disable your antivirus program’s auto-protect function to allow Mail Pass View to launch.

Once you have extracted the ZIP file’s contents, open the mailpv folder created and double-click the mailpv.exe file to start the program. It will automatically scan your computer for supported email programs and after a short pause display details about all the email accounts it can find. Double-click one to reveal the missing password. Once recovered, remember to re-enable your antivirus application’s auto-protect function and reconnect to the internet.

Free pass
Forgetting a password can have dire consequences but, armed with the tools and techniques in this article, you can restore access to files, email and maybe even your computer. By the same token, the ease with which many passwords can be cracked should serve as a sober reminder of the importance of setting strong passwords in the first place and using a password-management tool to store them safely.