If you’ve ever locked yourself out of a password-protected file – or your computer – well done. It likely means you chose a secure, unguessable combination to protect your data. That may be small comfort, though, if you’re unable to carry on working or you need to write off the hours you put into creating your lost content.
Fortunately, what appears lost is often recoverable, given time and a dedicated password recovery tool. Some of these target password-protected files, while others are more extensive recovery suites that boot into an external environment so they can interrogate Windows from the outside. That often gives you the best chance of recovering or resetting your operating system password.
Prices vary, and while there are several free options, of which we’ve included some here, you shouldn’t necessarily make price your main criterion. Consider the value of the data that you risk losing if you can’t recover your password. Ultimately, that’s what you’re paying for: not the key to the door.
Best password recovery tools compared
Features and prices
| Header Cell - Column 0 | Price range | Free version | Desktop Support | Customer Service |
|---|---|---|---|---|
| John the Ripper | Free to £150.78, one-time payment | Yes | Windows, Linux, macOS, plus others | Email (with upgrade) |
| Lazesoft Recover My Password | $27.95 | Yes | Windows PE environment allows for more extensive maintenance | |
| LostMyPass | From free to quote per job | Yes | N/A | |
| Microsoft password reset disk | Free | Yes | Windows | Limited self-help resources |
| Passware Kit | €49 to €3995 | No | Windows, macOS (with upgrade) | Online ticketing |
The best password recovery tools available today
John the Ripper
SPECIFICATIONS
- Free version: Yes
- Desktop support: Windows, macOS, Linux, plus others
- Customer service: Email (with upgrade)
| Pros | Cons | Header Cell - Column 2 |
|---|---|---|
| + Free | - No GUI | Row 0 - Cell 2 |
| + Support for a wide range of operating systems | - May require some additional steps | Row 1 - Cell 2 |
| Row 2 - Cell 0 | Row 2 - Cell 1 | Row 2 - Cell 2 |
John the Ripper is a free and open source password recovery tool. Using it is a little more involved than working with LostMyPass or Passware Kit, as it works via the command line.
Originally developed for Unix, it’s now available for a wide range of operating systems, including Windows, macOS, and even DOS. While it can work with many different password hash types, it is primarily designed for use with weak passwords. You may find that you need to perform additional tasks to extract the data on which John the Ripper will work before you get on to recovering the password itself.
Originally developed for Unix, it’s now available for a wide range of operating systems, including Windows, macOS, and even DOS. While it can work with many different password hash types, it is primarily designed for use with weak passwords. You may find that you need to perform additional tasks to extract the data on which John the Ripper will work before you get on to recovering the password itself.
office2john.py extracted the hashed password from the protected document, which we could then feed to the main john.exe program. You can specify which wordlists you want to use in your attempts to recover the password, but we stuck with the default options, and it produced a valid result within a few seconds. This isn’t displayed right away, though. Instead, you need to run john.exe for a second time, this time with the --show modifier, to view the result.
Recovering more complex passwords than the one protecting our test document can be a lengthy process – and here, John the Ripper makes allowances. Press q or ctrl-c while it’s working and its progress is saved, allowing you to resume the work at a later point if required.
Read our full John the Ripper review.
Read our John the Ripper review.
Lazesoft Recovery Suite Professional Edition
SPECIFICATIONS
- Free version: Yes
- Desktop support: Windows PE environment allows for more extensive maintenance
- Customer service: Email
| Pros | Cons | Header Cell - Column 2 |
|---|---|---|
| + More than just password recovery | - Its extensive feature set requires a more involved setup process | Row 0 - Cell 2 |
| + Windows PE environment allows for more extensive maintenance | Row 1 - Cell 1 | Row 1 - Cell 2 |
| + Good value for money | Row 2 - Cell 1 | Row 2 - Cell 2 |
Lazesoft has several emergency tools in its portfolio, covering password, data, and Windows recovery, backup, and cloning. Recovery My Password is available as a stand-alone product, but here we’re testing Recovery Suite, which bundles each of the products into a unified interface.
Installation is handled by a media builder, which burns a bootable copy of the software to a USB drive. You can select the version of Windows you want to target as part of the process, with the default option (“Same as this computer”) supplemented by all versions between Windows XP and Windows 11. We were using Windows 11, so we were stuck with that.
If necessary, you can also add drivers for unrecognised hard drives and RAID disks. The media builder will remind you to back up any data on the USB drive that you want to keep before formatting it and performing the installation. It really couldn’t be any simpler.
When the process has completed, eject the USB drive and connect it to the computer whose password you need to recover. Reboot and press whichever key redirects the boot process to the USB flash drive, or the BIOS or UEFI, where you can set the boot device. This varies depending on your PC manufacturer (and sometimes model).
The software itself runs within Windows PE (Preinstallation Environment), and although it launches on boot, you can switch to a range of Microsoft utilities for mapping network drives, configuring your network connection, creating restore points, and so on.
As its name suggests, Recovery Suite goes beyond merely overcoming a lost Windows password. You can also use it to repair boot and crash errors caused by malware or accidental file corruption, recover data from hard drives and memory cards (doing so with Windows PE should avoid additional data loss caused by overwriting your internal drive), and image or clone your disk.
The password recovery wizard can also be used to find your Windows product key, which will be handy if Windows refuses to boot, but what we’re interested in here is its ability to unlock a protected computer. Click Password Recovery, leave the option set to its default – Reset Windows Password – and select the user account you want to work with. The list includes regular users, administrators, and the guest account. You then have the option of converting a live ID account to a local account with a blank password or changing the current password to a new one of your choice.
As with other programs on test, Recovery Suite can also be used to reveal the current password, should you prefer. Take this option, and you can set a minimum and maximum password length, and filter on upper and lower case characters, digits, and symbols. As ever, the more parameters you can set, the less time it should take the job to complete.
Read out Lazesoft Recover My Password review.
LostMyPass
SPECIFICATIONS
- Free version: Yes
- Desktop support: N/A
- Customer service: Email
| Pros | Cons | Header Cell - Column 2 |
|---|---|---|
| + Free option for weak password recovery | - Need to send your file to a third party | Row 0 - Cell 2 |
| + Nothing to download | - Only works on password-protected files, not devices | Row 1 - Cell 2 |
| + Only pay on success unless using the brute force option | Row 2 - Cell 1 | Row 2 - Cell 2 |
LostMyPass is an online option for recovering your credentials on a password-protected PDF, Microsoft Office (Word, Excel, PowerPoint), or compressed file in Zip, RAR, or 7zip format. Behind the scenes, the service is running a cluster of GPU servers at 100% utilisation across a series of geographically distributed data centres. LostMyPass claims that as GPUs are optimised for performing parallel calculations, this makes them ideal for testing millions of password combinations every second.
If you need to access your file in a hurry, it’s worth checking out the Brute Force Calculator, which will work out how long it will take LostMyPass to unlock its contents based on file type, password length, and the characters used. It compares the result to the time you’d expect both a gaming PC and a regular office PC to achieve the same. This estimated three days for LostMyPass to unscramble a six-character password made up of just uppercase and lowercase letters, plus the numbers zero to nine. For comparison, a gaming PC would take 103 days, and an office PC, two years. Add in special characters and punctuation, and those figures increase to 27 days for LostMyPass, four years for the gaming PC, and 22 years for an office PC.
In practice, it may actually take a lot less time than that, as humans have a habit of using real words and relatively simple passwords so they’re easy to remember. It’s possible, therefore, that whichever password has been used appears in the service’s database of the three million most commonly used passwords, and can therefore be cracked in a matter of minutes. If it is, the service is free, although the success rate is only around 22%. If the password doesn’t appear in that list, you’ll need to switch to strong password recovery, which has a 61% success rate and costs from £24 (you only pay if it’s successful).
The third option is to use brute force, for which pricing is available on request. Ideally, you’ll have some idea of what the password might contain, like a specific birth year, favourite pet’s name, its length, or the characters used, which can reduce the number of attempts LostMyPass needs to make to gain access, as this will reduce the overall cost.
We tested the service using a Word .docx file, which was exported from LibreOffice Writer and protected with a simple password. The free service successfully detected our chosen credential and displayed it on the screen after around a minute.
Microsoft password reset disk
SPECIFICATIONS
- Free version: Yes
- Desktop support: Windows
- Customer service: Limited self-help resources
| Pros | Cons | Header Cell - Column 2 |
|---|---|---|
| + Free | - Only works with local passwords | Row 0 - Cell 2 |
| + You already have the software required | Row 1 - Cell 1 | Row 1 - Cell 2 |
Microsoft’s own solution to the problem of lost Windows passwords is the password reset disk. You’ll need to create one in advance, so if you don’t want to rely on a third-party solution after the fact, take action today. It only works on Windows 10 and 11 installations secured by a local password, not a Microsoft account (which you can reset at account.live.com/password/reset), and requires a USB stick.
The process is refreshingly simple: insert the stick, launch the Control Panel, and click in the search box. Search for ‘create password reset disk’ and click the only result. Select the external media that you want to use as your reset disk, then type your current user password. If you have entered the correct credentials, Windows will write the necessary unlock key to the stick. Eject it, label it, and keep it somewhere safe. Don’t let it fall into anyone else’s hands, as it will unlock your machine.
If you do lose the key, immediately create a new one. Windows keeps track of existing keys and will disable them when a new one is produced. This would effectively render your lost key useless and, in the process,re-secure your account. There’s no need to recreate the password reset disk every time you change your Windows password, as it’s tied to your user account rather than the password in force at the point of use.
Should you ever need to use the disk to log in, enter any password in the Windows login screen and, when it denies you entry, click ‘Reset password’. Insert your reset disk, and Windows will detect its presence. You can then enter a new password and, optionally, a password hint.
Passware Kit
SPECIFICATIONS
- Free version: No
- Desktop support: Windows, macOS (with upgrade)
- Customer service: Online ticketing
| Pros | Cons | Header Cell - Column 2 |
|---|---|---|
| + Option to use your own dictionary | - Mac Keychain support is expensive | Row 0 - Cell 2 |
| + Enterprise-grade features for those who need them | Row 1 - Cell 1 | Row 1 - Cell 2 |
| Row 2 - Cell 0 | Row 2 - Cell 1 | Row 2 - Cell 2 |
Passware claims to be the worldwide leading maker of password recovery and e-Discovery software, which “has been used to prevent nuclear terrorism, has saved hostages held at gunpoint, and is law enforcement’s tool of choice in preventing child exploitation”. There’s an impressive line-up of logos on its site, including Europol, the Metropolitan Police, and NASA.
Password detection is performed locally, so there’s no need to upload your assets to a third party. If you have an Nvidia or AMD GPU, it will use its features to accelerate the process. Passware Kit can also be used to reset local Windows administrator and security settings using a bootable USB drive or CD.
As with LostMyPass, you can use what you do know about a password (if anything) to reduce the amount of time taken to crack it. For example, you might know that it’s a single word, a compound of multiple dictionary words, words with numbers, non-dictionary words, but nonetheless similar to an English word, and so on. Or, you can claim not to know anything about the password at all. You’re not restricted to English, either, as there are 23 built-in dictionaries, including Arabic, Spanish, French, German, and Russian. You can add your own dictionary or compile one from a file. In our tests with the demo version, it quickly detected the password on our test file, which was a Microsoft Word document exported from LibreOffice Writer.
The suite’s feature matrix is extensive, and you may need to expand a few sections to find the best option. Passware Kit Basic, for example, works with 80+ file types, including Microsoft Office and OpenOffice files, but not Access, Outlook, PDF, or archives like .zip or .rar. If you need to unlock them, you’ll have to upgrade at least to Kit Standard, at €79. You’re looking at the €195 Kit Standard Plus if you need to work with 1Password, Dashlane, KeePass, or LastPass files, but if you’re having trouble accessing the macOS Keychain, you’ll need the €945 Kit Business option.
Every edition is compatible with Windows Local Administrator accounts on workstations, other local accounts, and Microsoft Live ID accounts, and there’s a separate Passware Kit Mobile (which is bundled in the €3995 Kit Ultimate tier) that extracts and decrypts user data from supported mobile devices.
Read our Passware Kit review.
Further reading on password managers
Take a look at our other guides to the best free password managers and the best password managers for business. It's also worth looking at our top five things to consider before buying a password manager. We also look at whether open-source password managers are safe to use, whether password managers are safe, and how you can test password strength via a series of free tools.
-
Check Point buys Lakera to secure the full enterprise AI lifecycleNews Lakera’s AI-native security will be integrated with Check Point's Infinity architecture to deliver full end-to-end AI security coverage
-
HPE names Phil Mottram as new global sales chiefNews Mottram succeeds HPE veteran Heiko Meyer who is retiring after 38 years with the tech giant
