The one we will use for the purpose of this article is called Asterisk Key by Passware. This easy to handle freeware program analyzes covered passwords and reports them to you. To use it, simply open the program, highlight the password box or open the web page containing the covered password and click the 'recover' button.

Of course, commercial software programs are available that can do considerably more than this, for a price. One example of this is Rixler software's Password Recovery Toolbox which scans your system and enumerates all Internet explorer stored passwords, autocomplete data (data you entered repeatedly when filling in web forms), Outlook Express passwords, Internet login passwords, etc.

This information is then presented to you in an easily accessible form. Scary, but very useful for system administrators.

Getting around Windows XP user passwords

Windows XP saves user passwords as an encrypted numerical 'hash' - taking a password of say 'password' and turning it into something like "HT5E-23AE-8F98-NAQ9-83D4-9R89-MU4K." This hash value is then stored in the SAM (Security Accounts Manager) file, found in the C:\windows\system32\config directory.

This portion of the file is then re-encrypted by the syskey utility which considerably strengthens the encryption. The data needed to remove the syskey encryption is stored in the SYSTEM file in the same directory. The directory itself is invisible and inaccessible to all users except the operating system itself while windows is running. By using an alternate operating system that can read your disks, or by transferring your disks to another windows machine, you can gain access to the SAM and SYSTEM files.

Resetting XP user passwords with the Administrator account

All versions of Windows XP include a built in account called 'administrator.' This account has full privileges in XP, and is capable of resetting the passwords for all user accounts. This can be a lifesaver if you have locked yourself out of your normal user account. Use of the Administrator account depends on which version of XP you are currently using.

With XP professional:

You will have been prompted to create a password for the Administrator account during the installation process. If you have this password recorded, or if you entered a blank password (commonly done, but not a secure idea ), then you can access the Administrator account and reset your forgotten password.

To login as administrator: From the Welcome screen, press CTRL+ALT+DEL twice to bring up a login window for the administrator account.