February 14, 2010 -- If you have wisely set a password on your Windows login profile in Windows 7 but wake up one day to discover you have lost your memory (your own not your computer's), and the sticky note on the monitor is gone, then taking the following steps now can save the day. Realistically you might be in a work environment that requires you to change your password on a regular basis, so this tip will help you too.
While there are technical ways to recover and/or hack your Windows login password, it is easier to use the built-in feature to create a password reset disk BEFORE you forget your password. The password reset disk will need to be removeable media such as a USB flash drive (memory stick), but could be a foppy disk or SD card, but not a CD or DVD. The benefit to using this procedure is that you only need to create the reset disk once, regardless of how often you change your password later. (If you arrived here really looking to hack your own Windows profile because you forgot your password see alternate solutions on our sidebar under Password Recovery).
The password reset disk will NOT allow you to discover what your password is now but will allow you to set a new password on your Windows login. The caveat here is that you must ensure that your reset disk is stored securely, since anyone who has physical access to the reset disk and to your computer, then has access to change your password and login to your Windows account. This is true even if you have changed your password.
Creating the Password Reset Disk
To begin the process, I will assume for this discussion that you will use a USB flash drive (similar to the one below). Any storage size will do as only a small 2KB file called userkey.psw will be created, and you can use the flash drive to store other files. In fact, after you create the reset key on the USB flash drive, this file could be copied to another backup medium for safe storage. To use the reset key to reset your password at a later date, you would simply copy the file back to an available USB flash drive.
If you have not inserted a valid USB flash drive, you will get an error:
Select the appropriate drive (if there is more than one available) and click Next.
Enter the current passord on your account. This is to stop anyone else from creating a password reset disk if you happened to step away from your computer while logged in. Click Next.
When the progress bar shows 100% complete, click Next.
The process is complete. Click Finish.
The password reset key "userkey.psw" file has been created.
Let's back up a couple steps. What happens if you have already created a password reset disk previously? You will be prompted with a warning message. If you proceed, the old password reset disk will no longer be valid.
If the USB flash drive already contains a userkey.psw file (for any user) you will be prompted to replace the file.
It is possible to maintain several password reset keys on the same USB flash drive by renaming the userkey.psw file to perhaps Administrator-userkey.pws to represent the Administrator, however you can only run the password reset with the approriate file named as userkey.psw.
Resetting Your Password
To start the password reset process, at the Windows Welcome Screen, select the appropriate user account. At the login screen, since you do not know the password, click the arrow button to the right of the password box.
Then click "Reset password".
The Password Reset Wizard starts. Click Next.
Plug in the appropriate USB flash drive. Click Next. If you have no USB flash drives plugged in you will get an error.
Select the correct USB flash drive if you have more than one. Click Next.
Ensure you have the USB flash drive containing your password reset key file in the root (eg: G:\userkey.psw) or you will get an error. If you select the wrong disk you will get an error.
If all is going correctly, you will be prompted to enter a new password (and overwriting any existing password or blank password). Of course, if you knew your password was blank, you really wouldn't need to go through these steps. Enter an optional password hint. Click Next to proceed.
Your password has been reset. Click Finish. You now be able to login with your new password.
Likely you won't keep this USB flash drive just for your password reset key file, and logically it doesn't make sense to carry this around with you or left plugged into your laptop, so as a minimum be sure to store this file elsewhere (to another secure computer perhaps). The key file is only valid on the computer where it was created, and cannot be reverse engineered to determine your password, since it does not contain your password.
Final Notes
If you get an error after entering a new password at the Reset the User Account Password step, it is possible that you have the incorrect password reset disk -- either the password reset key file for a different account, or an expired key file after creating a new password reset disk. It is also possible that the account you are attempting to change the password on has account restrictions that do not allow user password changes.
All is not totally lost yet. If you have access to your computer via any account with Administrator privileges you can actually change the password for another user account with a caution. Simply login with this Administrator account, select Control Panel > User Accounts > Manage another account > Select desired account. When you select Change Password, you will be reminded that by changing the password for this selected user through this method, that information may be lost, including encrypted files and stored passwords. If you have no other choice (ie no password reset disk for this user) or you believe this restriction won't affect you, then enter a new password and select "Change password."
Beyond this, there are other password recovery and reset tools available on the internet. Some simply remove any existing password on a particular user account, while others use brute force and try applying different words and character strings until a match is found. Short passwords can be easily discovered within a few minutes. Once someone has physical access to your computer and enough time on their hands, the average user is not really secure.
The moral of this story: Create your password reset disk now. Two minutes and you are done.
Administrator User Account - Extra Security Tip
If you have an active Administrator user account on your system, you should also set a password on this account. If you are using Windows 7 Home Premium or Starter, you might only see the Administrator account when you start your computer in SafeMode. Once you login to the Administrator account you will be able to set a password. Windows XP normally had an Administrator account (at least in SafeMode), while in Windows 7 or Vista the Administrator account was only active if there were no other login accounts with Administrator privileges. Bottom line: If the Administrator account is not disabled, then it should have a password. Once logged in as Administrator, you can also create a unique password reset disk for this account.
--MLJ
2 comments:
what if you never created a password reset disk and you forgot the password? is there any way to make one off of another computer?
The password reset disk can only be created on the computer to which it applies and is therefore something to be done in advance. There are various standalone utilities that will allow you to possibly reset your Administrator password or to bypass it completely. Check the sidebar on the right under Windows Recovery Tools for direct links to a couple tools.
Depending on which version of Windows you are running, you might try booting into SafeMode. Particularly with Windows XP, by default the Administrator account was not password protected and may show up on the login screen.
I have found the Kon-Boot CD very effective also to allow you to simply bypass the password. Once logged in by any method, you can simply set a new password.
--MLJ
Post a Comment
Comments and suggestions are welcome. If you are having specific problems, please provide enough details for us to followup with possible solutions.