Windows security is sad. Although most of you have probably already read my article about using strong passwords, even the strongest passwords won’t keep your Windows login account from being penetrated. In fact, it takes only a couple of minutes to gain complete access to a Windows system using nothing more than a free CD ROM.
Now, if there is any good news – people are constantly locking themselves out of their personal laptops and home computers by forgetting the password. And recently I’ve had two different friends do this within a period of a couple of days. So you guys know how this works… when I start getting requests, I document the solution.
So, how easy could it be? Here are the instructions:
- Download the ophcrack CD. (Bad news, it’s 455 MB.)
- Burn it to a CD ROM. (ImgBurn is fantastic freeware for this purpose.)
- Put the CD in your machine and reboot it.
You should be able to follow any of the on screen instructions and have access to your computer again within minutes. Here is a little video demonstrating the process, though it’s highly unnecessary.
{ 14 comments… read them below or add one }
theres probably no reason to post this but the video was removed
During my life as a sysadmin, I had this happen all the time. I burnt the image to a small (business card size CD), that I could easily carry around with me. The version I have boots a small version of linux that resets the admin password to an empty string.
Have to be very carefull though, because it’s linux accessing NTFS and if something goes wrong, the data could be toast.
Of course you use an encrypted flie system and you loose you password, I don’t think there is much that will help you.
Wouldn’t it be very easy for someone to hack into my acc?
I am beginning to wonder that is there a way to keep our passwords secure.!!!
Hello,
Because of professional affairs, I’ve had contact with this software and I must say it’s very good. Although it will not break (or take plenty of time) you password if it’s strong enough &@31rd%A should keep you safe for example (just try to remember it).
The othe way is to use encryption software – either commercial (especially to encrypt the whole hard drive) or free (to encrypt certain folders, where you can safely keep highly sensitive data). The biggest drawback of commercial software is that it’s mainly written for corporate users not for single license.
Anyhow, I recommend using so called USB keys (not storage devices) (cost around 10bucks) which are in fact microchips that allow you to encrypt folders and files. To access them, you need to insert USB key.
Sorry for being so boring, I could talk about it all day & night :P
Well switching to UNIX or LINUX might be the way, the video was gone when I got to this post, but the description in the blog post was enough for anybody :)
The solution might be to put your data inon a virtual PGP disk on the computer, that way even if someone gets access to your OS they wont be able to get in to your data just as easy.
Kim:)
Yeh well, there are other things like
Encrypting your entire drive with True Crypt!
I just used image burn to create the CD for vista password recovery using ophcrack-vista-livecd-2.1.0.
I booted using the CD and the following error came up: isolinux 3.61 2008 (c) 1994-2008 H.Peter Anvin could not find kernel image: Linux boot:
Thinking the disk or something may have been bad I burned a second copy and received the same error. If anyone has any suggestions, They would be greatly appreciated.
If you forget the administrator’s password but still can log on Windows with other user names that have administrative privileges, you may follow the instructions below:
Right click the computer icon on your desktop, select Manage, find Local Users and Groups, unfold Users folder, right click Administrator, click Set password… in the menu comes up. Click Proceed in the dialog, in the pop-up, enter a New Password and confirm it. Your administrator’s password is successfully reset.
Guest account may help to log onto Windows, but it has no privilege for you to do the above to reset the administrator’s password.
If you forgot all user passwords and failed to log onto Windows, there is no other way but to format the OS and reinstall Windows, or resort to sort of software tools to remove the password and log onto Windows. These programs cost some bucks, but are worthy and better than to reinstall the OS causing consequences. The most popular programs are Windows Password Reset 6.0 etc. Generally, these programs are easy to use though turn out to be a scary command prompt to newbie. But do relax and you can fully manipulate. Let’s take Windows Password Reset 6.0 for example. You prepare a blank CD, burn the program onto the CD, boot the locked computer from the CD, come to initiate the program, locate the user name, and proceed to remove its password – all are at ease.
Ophcrack is a good and free solution. But it has Dos command like console GUI. I have tried a commercial windows password recovery tool, it has graphic wizard GUI interface, named Lazesoft Recover My Password. It is easy to use.
I have downloaded Windows Password Recovery Tool 3.0 . it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It works perfectly to reset any local user account to a blank password. I Wrote it to an old 128mb USB flash drive do this. Booting up and clearing a password takes a minute or two works like a charm.
ntpasswd is also another iso image that I’ve had success with in the past. It hasn’t been updated in awhile, but it definitely works to reset passwords on XP machines – haven’t tried Vista or 7 with it yet. There’s another program out there called Konboot which actually fits onto a diskette (!) if you still have one of those lying around. Konboot actually bypasses the Windows login rather than resetting or cracking the password.
Last time I forgot my password and tried everything i could do but failed, until I found this great tool Password Genius. It works great, and you can google it.
Windows Password Recovery Tool 3.0 works great! Thanks you!