The best password recovery solutions aim to help you to recover passwords for software applications and hardware devices. After all, losing access to your computer files can be a frightening and frustrating experience. Whether you use your computer for personal or business purposes, a lost password can spell disaster for your projects.
Computer manufacturers and software developers like Apple and Microsoft are doing everything they can to bolster security and protect user files from intrusion. This is something that we can all be thankful for—until you need to strong-arm your way into your own computer after having lost your password.
If you’ve found yourself in such a situation, don’t panic. There are password recovery solutions available, which we’ll cover below. Work your way through the list, and with patience and some luck, you should be able to regain access.
These tools should only be used to gain access to your own files, never for the purpose of cracking somebody else’s password. Here therefore are the best password recovery solutions.
- We've also highlighted the best password managers.
Passware is a leading password recovery software developer that has a success rate of about 70%, which is quite good, considering the task at hand. The Basic, Standard, and Standard Plus kits are all intended for home use, although there are Business and even Forensics solutions available, depending on how difficult the job is.
The Basic kit works on Microsoft Windows Vista, Server 2003/2008/2012/2016, and Windows 7/8.x/10. The software can grant you quick access to a wide variety of file types, either through brute force attacks or Passware’s “Instant Recovery” method, as well as general Windows passwords.
While somewhat costly and like all solutions, not guaranteed to work in every case, this is a good place to start for a robust password recovery application with a good track record. However, do note that there's no password recovery for Mac except at the highest pricing tier.
Recover My Password by Lazesoft is another freeware option for recovering a Windows admin password. You can remove the Windows password entirely, reset it to blank, and unlock, enable, or disable user accounts.
The Home edition has a graphical user interface, making it simple to use. Just follow the step-by-step instructions to create a bootable CD that you’ll use to recover your passwords.
Lazesoft claims a 100% recovery rate when used on Windows 2000, XP, Vista, 7, 8, 8.1, and even 10. It can also be used to retrieve lost product keys from Windows installations. Finally, Lazesoft has free technical support available, so if you get stuck, you can check out its comprehensive FAQ and knowledge base, and then if necessary, contact by email.
Don’t let the name scare you: John the Ripper is a reputable password recovery tool available for Unix, macOS, Windows, and others. The free version is only available in source code, which isn’t well suited to novice users. However, a Pro version is available for Linux and macOS, with a seven-day money-back guarantee.
In both cases, there’s no graphical user interface, so if you’re not familiar with command-line, this tool is probably not for you.
Even if you take the free version, however, the wordlists required to use the program are paid. There’s also a mailing list where you can ask questions if you run into any trouble, although responses may vary in promptness and usefulness.
Trininity Rescue Kit (TRK) is a live Linux distribution that can be used to recover Windows passwords, which can then easily be reset using a simple (text) menu interface. The software also includes five different virus scans and a tool for disk cleanup, with recovery and undeletion of certain files and lost partitions.
The documentation is also extensive—very extensive. Given this and the fact that it runs only on Linux, it may not be a suitable solution for many users. That said, it’s entirely free, has a small download size, and has a five-star rating from its users.
TRK works for Windows XP, Vista, 7, 8, and 10.
A well-known name in the password recovery business, Ophcrack is one of the best freeware solutions available. It’s designed for average users with little knowledge of cracking passwords, so even novices can follow the simple step-by-step instructions.
There’s no need to install Ophcrack on a separate device. Instead, you can download an ISO image directly from the website to be burned onto a CD or flash drive, and boot from either of these to access powerful password recovery options. Ophcrack will locate Windows user accounts and automatically recover the passwords.
Ophcrack currently supports Windows XP/Vista/8/8. It cracks passwords based on “rainbow tables”, which uses less processing time than a brute-force attack. These tables can be downloaded for free from the Ophcrack website. There’s also a brute-force mode for simple passwords.
The software is free and open-source, which is a big advantage both in terms of cost and transparency. While you may not have the user support of a paid solution, Ophcrack has a good track record and can be used to reliably recover many Windows accounts.
- Need help creating a strong password? These are the best password generators.
What are the most common and effective ways to recover a password
We probed Denis Gladysh, co-owner and head of Passcovery, a supplier of high-speed GPU-accelerated software solutions for recovering passwords of popular file format, to find out what the most popular ways to recover lost passwords are.
By skillfully customizing the range you may staggeringly reduce the number of trial passwords. This will still be a brute force attack, only with a limited range of combinations:
Mask is a part of the password that you know some specific details about. It remains unchanged throughout the entire attack, while only the unknown part is being changed. Not the most common case, of course. For example, if you know that the password begins with the name Jack, ends with the year of his birth - 56, and there are some characters in the middle, then by using the mask - Jack?????56 - you could check all 11-character passwords beginning with Jack and ending with 56.
When you do not know the exact characters of the password, but you do know its structure, then using the extended mask attack you can define an individual charset for each position in the password. Trial passwords will only consist of the characters from the defined charsets. Only a few password crackers offer this feature. Passcovery (review/website) is one of them. For example, you know that the password begins with a capital letter, ends with numbers, and there are only lowercase letters in the middle. So it only makes sense to try passwords that meet these specific criteria. The extended mask option allows to check such passwords.
Oftentimes a password is not a set of random characters, but a meaningful word: a name, date, nickname, favorite movie/cartoon/book character, dish, country name, etc. Such topical lists of words and their combinations are called dictionaries. And a password attack based on such wordlists is referred to as a dictionary attack. By running a dictionary attack you can quickly check all popular passwords. For example, over the last few years the password 1234567890 has been top-rated as the most popular one. OMG! 10 characters! Gotta be strong enough, you think? Yeah, right :)
What if we combine several words into a single password and alter characters in it? We'll get a password that is too long for a regular brute-force attack and that can never be found in any dictionary. And yet it is possible to recover it by combining multiple dictionaries and setting character mutation/substitution rules. Passcovery programs can handle such tasks. See for example the case of Apple iOS 13.x backup file. Then we compiled a list of likely words that could possibly make up the password, added mutations rules, ran the attack and successful ly recovered the lost password.
Which attack to choose from the four listed and its efficiency depends on each specific case. Say, you know the words that make up the password, then dictionary attack with rules is what you need. If you know the structure or a part of the password, then you'd better go for extended or regular mask attack. When you don't know any details about the password, it is recommended to run a dictionary attack using wordlists of popular passwords. And still, there is no guaranteed way to recover, let alone crack a properly made and secure password (and that is great, isn't it! otherwise what's the point in protection, if anyone who has a computer could crack it?). There is no 100% guarantee, but success is still possible.
With an effective software tool, high-performance hardware, and a little information about the password, you get pretty high chances to successfully recovery your lost password.
NB: All of the above refers to the latest types of secure password protection with encryption and does not apply to protection against accidental editing. The latter can always be removed instantly (as, for example, in Microsoft Office 2-2019)