/>
X

Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

Five password recovery tools to use in a pinch

When you've lost a critical password for a system you administer, one of these tools may save the day.

|
jackwallenmay2018.jpg
|
Topic: Security
6365406.jpg
1 of 11 Jack Wallen/ZDNet

Many people take a dim view of password recovery tools for ethical reasons -- understandably so. You have a tool that can, in some cases, crack passwords on machines where you don't belong. But in certain situations, these tools may be the only thing that can save you from having to go as far as reinstalling the operating system.

Let's take a look at five "free" password recovery tools. I say "free" because in some cases there are tables that must be purchased (such as rainbow tables) to break some types of passwords.

Note: If you'd prefer to view this information as a blog post, check out this entry in our Five Apps blog.

Photo: iStockphoto.com/proxyminder

6365407.png
2 of 11 Jack Wallen/ZDNet

LCP is a user-account password recovery tool for Windows NT/2000/XP/2003. This tool can recover using a dictionary attack, brute force attack, or a hybrid dictionary/brute force attack. LCP allows you to import from a local computer, remote computer, SAM file, .LC file, LCS file, PwDump file, and Sniff file.

6365408.png
3 of 11 Jack Wallen/ZDNet

As with many of these applications, you should avoid using your machine while LCP recovers passwords, as it will consume the majority of your machine resources for the crack.

6365409.png
4 of 11 Jack Wallen/ZDNet

Ophcrack  is one of the most popular password recovery tools. It's free (open source as well), cross platform, and very reliable. Ophcrack uses a solid implementation of rainbow tables that just happens to have been done by those who created the method.

6365410.png
5 of 11 Jack Wallen/ZDNet

Ophcrack runs on Windows, Linux/UNIX, and Mac. It cracks LM and NTLM hashes; has free tables for XP, Vista, and 7; includes a brute-force module for simple passwords; offers an audit mode and a CSV export; presents real-time graphs; has a LiveCD for easier (and more efficient) recovery; and dumps and loads hashes from encrypted SAM.

6365411.png
6 of 11 Jack Wallen/ZDNet

Windows Key can reset your Windows password for you. This is different from the other tools, in that it doesn't recover a list of user passwords or even recover from a file. Windows Key creates a bootable CD (or USB device) you can use to boot the machine and recover the password.

6365412.png
7 of 11 Jack Wallen/ZDNet

Windows Key is simple to use, and it can reset both local (standard version) and domain admin account (Enterprise edition only) passwords. It promises a 100% recovery rate. Although Windows Key has a free trial, you'll have to pony up for the full version (Standard $39.00 USD, Enterprise $295.00 USD) before you can really recover any passwords.

6365413.png
8 of 11 Jack Wallen/ZDNet

Windows Password Unlocker also creates a USB or CD that can then be booted to recover passwords.

6365414.png
9 of 11 Jack Wallen/ZDNet

There are three editions of this tool: Standard ($19.95 USD), Professional ($29.95 USD), and Enterprise ($49.95 USD). Only the Enterprise and Professional editions can recover passwords. (Enterprise can even recover domain admin password.) The standard version simply removes the passwords, and it doesn't support the USB flashdrive method.

6365415.png
10 of 11 Jack Wallen/ZDNet

Hash Suite is marketed as a program designed to test the security of password hashes. It's incredibly powerful and offers high performance (one of the fastest crackers available), an easy-to-use GUI, reports and statistics, and all the features of modern crackers. It also works on large number of hashes.

6365416.png
11 of 11 Jack Wallen/ZDNet

This is the go-to tool when you need to recover (or test) a number of password hashes. Please note: To successfully use this tool, you will need to employ a pwdump tool to gain the necessary hashes for Hash Suite to crack. Here is a list of possible pwdump tools.

Related Galleries

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

OnlyKey hardware security key
OnlyKey

Related Galleries

OnlyKey hardware security key

SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

iVerify: Added security for iPhone and iPad users
iVerify

Related Galleries

iVerify: Added security for iPhone and iPad users

iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive

Netgear BR200 small-business router
Netgear BR200

Related Galleries

Netgear BR200 small-business router