Password Recovery Tools for Windows

by [Published on 8 March 2016 / Last Updated on 8 March 2016]

Here I look at recovery tools for Windows account passwords, passwords saved by web browsers, email clients, and those saved for Wi-Fi networks. I’ll also discuss capturing or sniffing passwords from network traffic as well.

Introduction

Password recovery tools can be useful if you ever forget or lose your login credentials. They can also be handy during your work as an IT or network professional, like when doing a Windows reinstall or clean upgrades. These tools can even better help you and others to understand certain security risks, such as storing credentials unencrypted, and how to mitigate them.

Recovering Passwords Saved by Web Browsers

Passwords saved in the popular web browsers (Internet Explorer, Google Chrome, and Mozilla Firefox) are usually easily recoverable. In Chrome and Firefox, you can actually access a list of saved passwords via the browser settings. For Internet Explorer in Windows 8 and later, you can also view a list of saved passwords in the Credential Manager of Windows. These are great ways to double-check passwords you’ve saved, for instance if you need to know a password to login to a website from another computer or device where it isn’t saved. However, this shows you just how risky it is to save browser passwords and how quickly someone could get to them.

You can also use third-party tools, such as WebBrowserPassView, to recover passwords from multiple browsers. This allows you to easily save a list of all of them, useful when doing a Windows reinstall or clean upgrade for a user that doesn’t utilize browser syncing. These lists can also be imported into third-party password managers, such as KeePass, which can also encrypt them for better security. Alternatively, if you use Firefox, consider enabling their native master password feature that enables encryption of the passwords so they aren’t recoverable using third-party tools.

Retrieving Passwords for Wi-Fi Networks

Wi-Fi passwords, WEP keys and the PSKs of WPA or WPA2, saved by Windows can also be recovered. As an IT professional, I’ve done this many times for clients that forget their Wi-Fi password and in times where I don’t want to ask them since retrieving it can be just as quick as asking.

In Windows 7, you can open the Network and Sharing Center, click Manage Wireless Networks, open the desired network, and view the password on the Security tab. In Windows 8 and later, you can view the passwords in that same place, but the Manage Wireless Networks screen is gone and you can only open the wireless network properties of the particular network you’re currently connected to via the Network and Sharing Center.

You can use a third-party tool like WirelessKeyView to capture and export a list of all the Wi-Fi passwords, even with Windows 8 and later.

Seeing how easy it is to retrieve Wi-Fi passwords stored by Windows shows how insecure the personal (PSK) mode of WPA/WPA2 can be versus the Enterprise mode. The personal mode means everyone has the same password and if a laptop or other Wi-Fi devices becomes lost or stolen or an employee leaves the organization, you’d have to change the password for everyone to keep the network secure. However, when using the enterprise mode of WPA/WPA2, you could simply revoke or change a particular user’s login or password. Though the enterprise mode requires a RADIUS server for the 802.1X authentication, there are cloud-based options these days so you don’t have to deploy your own server.

Refer to my previous articles for more information on enterprise Wi-Fi security and tips on utilizing it on smaller networks.

Capture Login Credentials Sniffed from the Network

Although this might not have a big practical use in recovering lost or forgotten passwords, it helps demonstrate network security risks. You can use tools to monitor a certain PC’s network traffic or the entire network’s traffic in order to capture usernames and passwords for various types services via protocols like HTTP, SMTP, POP3 and FTP. Tools you may want to check out include Wireshark, SmartSniff, Firesheep, and DroidSheep.

Remember, when on public Wi-Fi hotspots that have no encryption, ensure all sites and services you login to are using the standard SSL encryption. This is easy to see if it’s a website (check for the https in the URL), however also consider the internet connectivity of apps, such as email clients, to ensure they are using encryption as well. For peace of mind, consider using a VPN server provided by your company or a third-party VPN service to encrypt all your Internet traffic.

You’re also vulnerable to password hacking and hijacking on private Wi-Fi networks that are secured and encrypted. On networks secured with the personal (PSK) mode of WPA/WPA2 security, users can still snoop on each other’s network traffic. However, this is not the case with the enterprise mode of Wi-Fi security, which is another reason businesses and organizations should be using it.

Email Server Details and Login Credentials

If you’re reinstalling Windows and the user has an email client, like Microsoft Outlook, and is using a non-company owned email server, you may want to save the server details and login credentials along with the emails themselves. You can go into the typical account settings of the email client to get the details, but this usually doesn’t show you the password in clear-text. If the user doesn’t use the password often, he or she may forget it. Instead of having to reset it via the email provider, you could use a tool like Mail PassView to quickly retrieve the server details and passwords, and then save it to a text file for later reference.

Resetting Windows Account Passwords

When working with non-domain Windows computers, keep in mind it’s typically easier to reset a forgotten password instead of having to reinstall Windows. If it’s a Microsoft Account on a Windows 8 or newer computer, you can reset anywhere via the Microsoft site. For Windows 7 and earlier (or local accounts on Windows 8 and later), you can use bootable tools like offered in Hiren’s Boot CD to do an offline password removal. However, when doing offline resets like this, some secured data may be wiped out, like any passwords saved by Windows and any files encrypted by Windows.

Summary

When reinstalling or clean upgrading Windows, remember it’s easy to retrieve and save most passwords, which can save the user much frustration later when they find all their saved passwords are wiped out and they have forgotten them. This shows how storing login credentials in clear-text can be dangerous. Consider utilizing encryption for your saved passwords or a whole-disk encryption solution for even better security.

Remember it’s also easy to find passwords for saved Wi-Fi networks, useful when trying to connect other devices to the wireless. Don’t forget that hackers can also snoop on your public and private network connections, where they can even capture your passwords and hijack your accounts. This shows just how vulnerable the personal (PSK) mode of Wi-Fi security is and how the enterprise mode provides superior security for businesses and organizations.

Keep in mind, most antivirus programs and security suites will alert on password recovery tools. So consider temporarily disabling the security while you use them, or add them as an exception.

See Also


The Author — Eric Geier

Eric Geier avatar

Eric Geier (Dayton, Ohio) is a Freelance Tech Writer and Author specializing in computer networking.