Langa Letter: Managing Your Windows XP Passwords

Password Recovery Tools, Especially For Applications
At the applications level, it's usually simpler and easier to reveal or recover an existing, forgotten password than to use a brute-force method to reset or delete the password.

The simplest form of password revealers show you what's behind the asterisks or black circles that some software uses to hide typed-in passwords: The password-revealer software turns the asterisks or black circles back into plain text, so you can see and copy down what the password is, simple as that.

One of the most popular tools is the free, oddly-named "SnadBoy Revelation." http://www.snadboy.com/ I've used this tool several times with excellent results. For example, I recently set up a new PC for a user who wasn't physically present to tell me her passwords for services she needed, such as Dial-Up Networking. I installed SnadBoy's Revealer on her old PC, grabbed the passwords, and used them to set up her new PC so it would work identically to her old system, minimizing her relearning/rekeying time.

There are many similar tools, too, some more sophisticated, others even simpler. For a sampling, see Iopus' commercial password recovery tool, or its simpler, free version ; or try this Google search.

Tool To Prevent Password Problems
All the above deal with after-the-fact problems: Cases where a password was lost, forgotten, or is otherwise unavailable.

But XP offers a preventive measure that, if used beforehand and with extreme care, can avoid most or all of these kinds of problems with user-account passwords. It's the "Password Reset Disk," a floppy you can make via XP's "Forgotten Password Wizard." This tool creates a small file called userkey.psw on a floppy; this file can later be read by the Forgotten Password Wizard to reset the password for whatever account originally created the psw key.

This is very handy--and very dangerous. Anyone with access to the Password Reset Disk can use it as a kind of skeleton key to access whatever account created the disk. In a way, it's much the same as if you posted your password on a sticky note attached to your monitor.

So, if you're going to create a Password Reset Disk, you need to ensure that the floppy is stored securely and away from the PC that created it, and, ideally, is labeled with an obscure, nonobvious name--not "Password Reset Disk!"

It's easy to create a Password Reset Disk; the process is well documented in the XP help files and on the Microsoft site. https://www.microsoft.com/technet/prodtechnol/winxppro/proddocs/windows_password_resetdisk_overviewW.asp

Myriad Additional Resources The tools we've discussed so far are among the best of the best, but there's an entire universe of additional tools out there that can help you solve almost any kind of password-related problem.

For example, "Password Recovery Resources" lists some 80 password tools and sites, many of which offer still more tools and links to other sites. One such link of special note is "Cmos, LILO, NT passwords - Data recovery" which contains a nicely focused selection of tools for the purposes suggested by the page's name.

A bulletin-board system discussion called "Lost windows XP Home edition Password" lists numerous sites and tools specific to that purpose; an article called "Fixing Your Admin Password (Windows XP Home Edition)" covers similar ground in a more do-it-yourself manner.

A Google search will lead you to many tools for XP Pro and XP Office.

The "Ultimate Boot CD" comes with a copy of the "Offline NT Password & Registry Editor" mentioned earlier, and many other tools besides.

The "Linux NT Toolkit" is a free bootable floppy image you can use to reset the passwords on an NT/2K/XP box, but it's a bare-bones tool that requires a fair amount of prior knowledge to use.

In contrast to the above, the "Windows XP/2000/NT Key" is far more polished and easier to use--but it costs $195. You can try it for free to reset a "demo" password only, but you have to pay full price to make changes on real accounts.

For unusual and narrower kinds of password problems, try the Microsoft Knowledgebase. For example, you may get an error message stating "The Password Is Not Valid" when you log onto the XP Recovery Console, even when you know that the password is OK: That error is covered in this article.

Finally, and most generally, you'll find links to an enormous array of "Security Resources for Administrators" here.

Your Turn
What password-recovery sites or resources do you use? Which tools have you found to be particularly useful, powerful, or easy to use? Do you know of tools that are better than the ones Fred suggests? Please join in the discussion!

To discuss this column with other readers, please visit Fred Langa's forum on the Listening Post.

To find out more about Fred Langa, please visit his page on the Listening Post.