I forgot the password! What should I do?

We all tend to forget the password from time to time. Whether you’ve been hacked or you’ve forgotten it, you will need to know what steps to take when the worst happens. Luckily, retrieving your password will be as easy as reciting your ABCs if you follow these simple steps! Find out in this article what to do if you forget your password.

I can’t remember my password, what should I do?

If we don’t get in, there’s no need to panic. Most of the time, you can still find out the forgotten code. But for special cases, it’s worth preparing in advance.

A ten-character code with numbers and special characters for each account – it’s already secure, just very hard to remember. According to panelbiz statistics, 76% of internet users have forgotten their passwords. In an emergency like this, photos, emails, and important documents can fall prey to security mechanisms or even lock you out of your computer. We’ll show you what to do if you can’t remember the code and how to find forgotten passwords or remove protection – on your own devices!

Windows and Office

In Microsoft’s operating system and Office applications, circumventing security is almost frighteningly easy. Windows account: You need a Windows installation disk (or USB drive). For Windows 10, we explain how to do this on page 52. The process is also shown for Windows 10, as many of our readers have probably already switched to it by taking advantage of the free period. Still, the process is quite similar for older versions. First, boot the machine from the installation media, and after selecting the language, instead of Install, select Repair Computer, then Troubleshoot, then Advanced Options, and finally Command Prompt. In the somewhat puritanical interface, we first need to find the Windows folder’s drive by typing “c:” followed by “dir”. If the list is too long, you can split it into pages by typing “dir /p”. If you can find the Windows folder, you are in the right place; if not, change the drive (“d:”, “e:”, etc.) until you find it. Once found, enter the system folder by typing “cd windows\ system32” and type “rename utilman.exe utilman_org.exe” and then “copy cmd.exe utilman.exe”. That’s it. You can restart the machine; all you need to do is use the Exit command.

When prompted for a password, click on the middle icon in the bottom right-hand corner; easy to manage. The command line will reappear, where you can now enter a new password for any user. Just type in “net user ” (if the username consists of several words, put them in quotes). Then log out of Exit, or close the window, and you can log in to Windows with your brand new password. Should we need to use Easy Access in the future, we’ll still need to undo some of the changes (not the new password, of course). Go to the command line of the installation disk again, browse to the Windows system32 directory again, then type “del utilman.exe” and “ren utilman_org.exe utilman.exe”. MS Office: unfortunately, passwords for Word and Excel documents cannot be changed as quickly using local tools; you will need an external program. One of the most popular software for this task is Elcomsoft’s Advanced Office Password Recovery (basic package about €50), which can handle all Office documents from Word to PowerPoint. If the files are in older, compatible formats (i.e., not saved as .docx, for example), the program can easily remove passwords. In the case of the most modern formats, it has to perform a brute force attack, which, depending on the power of your video card, will usually give you back control of your document within ten minutes.

Services and e-mail accounts

Most passwords can be reset with an email as far as web services are concerned. eBay and others: even large corporations use a simple username/password combination to log in. If you forget your password, all you have to do is click on the link below or next to your login details to create a new one. The situation becomes much more difficult if you no longer have access to your registered email address. In this case, you have no choice but to create a new account (so it’s always a good idea to keep your email information fresh). However, if it’s not your email provider or address that’s no longer available, but just your account, you still have options – more on these a little further down.

For accounts where two-factor authentication is used, password reset is quite complicated. Because although you can easily change the password via email, the second step, which is usually SMS or app-based, remains unchanged. If you have changed your phone number or deleted the code-generating app, there are still pre-made security codes. The system usually generates or offers these when setting up two-step authentication and can trigger the second step. If you forget these too, you will have to cancel the account and create a new one. How not to store these codes is described in the box below.

Email account: as already mentioned, if you lose the password to your email account, you will be in big trouble, as all other password changes would be made through it. To make matters worse, access is challenging to regain. However, there is one exception. If you use a mail client on your computer, you can quickly retrieve the access data. Mail PassView can scan the most popular client programs and display their passwords. If you’ve only accessed your mail via the web so far, it’s usually a very unpleasant process. For example, in the case of Gmail, we have to answer pages of questions to convince the system that we want to get into our account unless we have a secondary email address or phone number for just such situations. In the latter case, we log in, and a few minutes later, we can use the account we thought we had lost with a new password. If you don’t have a secondary address, and the questionnaire fails, or the secondary tools are unavailable, then it’s all over, and goodbye to your previous correspondence.

Mobile devices

The protection of smartphones against unauthorized access must be excellent, as there are many sensitive personal data on the devices. However, only one password is secure: the SIM card – and even here, there are often workarounds.

SIM card: as most smartphones are rebooted only when the operating system is updated, it is rare to enter the PIN code for the SIM card. But it’s better not to forget it because after three failed attempts, it will be blocked, and you will only be able to recover the card with the PUK code. The latter code is usually in the letter from your service provider or on the small card you receive with your SIM card. If you lose this, you will have to buy a new card and lose the phone numbers stored in the SIM. The only way to avoid this is to permanently save the phone numbers in the device’s memory and sync them to the cloud from there via our Google account on Android, iCloud Backup on iOS, and Microsoft or Google servers on Windows Phone. Android: it’s relatively easy to bypass the unlock pattern if you’ve connected your phone to your Google account (and why wouldn’t you). If we enter the wrong pattern five times, the system locks the screen but gives us the option to log in with our Google credentials if we forget the pattern. However, this requires that your phone has an internet connection.

On Android, you can also unblock your PIN with another app. Again, this only requires that you already have an active Google Account on your device and are connected to the internet. First, on a computer, visit Google Play, find the screen Unlock/Lock app, and install it on the locked phone to download it to the Android device. After that, you need to send an SMS from another phone with the content “00000”. One more reboot and the PIN lock is gone. iOS: getting past password protection is more difficult on Apple’s system. On older iOS versions, brute force attacks are still effective, but the software required is costly; for example, Elcomsoft’s iOS Forensic Toolkit, at €1500, is out of the question for private use.

Much cheaper is the following non-trivial trick, which worked under earlier versions of iOS by exploiting a bug. Enter the passcode, enter the first two/four numbers, press the Home button, and enter the last pair (whatever). Siri will then log in and ask you what time it is. When it shows you, tap the clock and tap the “+” sign on the next screen. We then type some characters of our choice into the search box, select them and tap share. We select the send message icon, again type some random characters for the recipient and add it as a new contact. We choose to add the photo, then select it, finally, we press the Home button again, and we’re in. However, this trick no longer works with the newer versions, so it’s better to write the passcode somewhere.

Did you know?

Did you know that the password you use to log in to your account on a website is often saved in a database of their server? Every time you enter your password, it’s saved so that the website knows who you are and can verify your identity. If this is the case, then you can retrieve your password by using a computer program called a “brute force cracker,” which will systematically try every possible combination of letters and numbers until it comes up with the right one. It might sound scary, but it’s not difficult – make sure that you’re on a strong wifi network because it’ll take some time!

Conclusion

Whether we forgot the password to our email, our Facebook account, or another important app, we all know how unsettling it can be to lose access to something we use all the time. But thankfully, there are steps you can take in advance that will help you if and when this happens.