Passwords must be complex and as long as possible so that hackers have no chance of cracking them in a short span of time. However, complicated passwords are easy to forget. Anyone who doesn’t carefully maintain and write down their passwords or store them in the database of a password manager runs the risk of suddenly no longer having access to Windows, protected files, or internet services.
Further reading: Best password managers 2024: Protect your online accounts
There are a number of tools on the internet that can read and decrypt freely readable or encrypted passwords for Windows, Office programs, or certain file formats such as PDF from configuration files or the registry. But many of these were written for older software versions and no longer work today.
Microsoft has continued to strengthen the encryption strength of its passwords over the years and other manufacturers have followed suit. That said, it’s still possible to extract stored passwords from some file types and applications. The programmer Nir Sofer offers a whole range of corresponding tools on his website www.nirsoft.net, all of which can be downloaded free of charge.
Extract saved passwords from Windows
IDG
Windows remembers the password to your router or a connected NAS device and saves this data in the following folder:
C:\Users[username]\AppData\Local\Microsoft\Credentials
The Nirsoft tool Credentialsfileview can read these files and display the passwords they contain.
You do not need to install the program. All you have to do is unzip the ZIP file. After starting the EXE file, an options window appears. In the top menu, select the option Decrypt Credentials files of all logged in users > Requires to run as administrator (Elevation) and click on OK.
Credentialsfileview will now show you the contents of the files. For most entries, you will hardly be able to recognize which applications they belong to. However, take a closer look at all lines where your e-mail address appears in the User Name column or where the type Domain Password appears under Entry Type.
Determining the e-mail account password
IDG
In order for a mail program to retrieve messages from your provider’s e-mail server, it must transmit a password. This data is stored in the program’s configuration files. You can use Mail Passview to display the passwords.
Simply call up the tool and it’ll automatically recognize which e-mail application you are using and look up the associated password. It also shows the address of the server, the user name, and the POP3, IMAP, and SMTP ports used. After right-clicking on the password, you can copy it directly to the clipboard with Copy Password. Mail Passview supports Outlook, Thunderbird, and Eudora, among others.
Making the PST file accessible again
IDG
Outlook stores emails, contacts, calendar data, and so on in a file with the extension .PST. To prevent other people from accessing this data, it’s protected with a password.
If you have lost this password, you can use the Pstpassword tool to generate three passwords to access the data. This sounds strange, but it actually works. This is because Outlook PST files do not save a password. Instead, the program generates a 32-bit hash value that represents the original password.
This hash value can also be achieved with a whole range of other passwords due to the weak algorithm with which Microsoft has implemented the encryption.
Make the WLAN passwords visible
IDG
When you connect to a Wi-Fi network, Windows automatically memorizes the name, the SSID, and the password used. As soon as you enter the range of the wireless network again later, the operating system can automatically log in again.
This function is primarily useful for notebook owners who frequently move back and forth between several locations. Thanks to this function, they are continuously connected to a WLAN and thus to the internet without having to enter the correct password each time.
In Windows, you can display the password for the WLAN you are currently connected to. To do this, open Settings in the Start menu, go to Network and Internet – Properties, scroll down, and click on View next to Show Wi-Fi security code.
IDG
The Wirelesskeyview tool even gives you an overview of all Wi-Fi passwords stored in Windows. Simply unzip the ZIP file and run the EXE file.
Read out the Windows product key
To be able to work with Windows permanently, you need a valid product key. This is a 25-digit code that you must enter in Windows within 30 days of installation. You will receive it when you buy a license for the operating system.
IDG
If you buy a new computer and want to install Windows on it, you will need to enter the product key again. If you can no longer find the license, you can read the key from the registry of your old installation. To do this, you need a tool such as Produkey from Nirsoft. Just start the EXE file and the program will show you the product key of your Windows installation.
Display passwords stored in the browser
All three major browsers have a built-in password manager. By default, the software offers to memorize the entered code each time you enter a password and to use it automatically for subsequent logins. Of course, this password database is encrypted and protected.
Google Chrome requires you to enter your Windows password or PIN to view the passwords, Edge wants you to log in to your Microsoft account, and Opera and Firefox only reveal the stored data after you have logged in to your account. However, if you no longer know your password, you will have to proceed differently.
In this case, you can use Webbrowserpassview. The tool lists the passwords saved in the four browsers mentioned directly after opening and also states the user name used and the browser from whose password manager the data originates.
Nirsoft provides three parallel tools such as Chromepass, Passwordfox, and Operapassview, which only visualize the passwords of Chrome, Firefox, and older versions of Opera.
Download password cracker
Many malware programs specialize in installing a software agent that searches for passwords on other people’s PCs and sends them to the hacker’s computer on the internet. This can be access data for social media such as Facebook, X, LinkedIn, or for streaming services such as Netflix, Amazon Prime, or Spotify.
Hackers are also interested in passwords for mailing servers or product keys. They may be able to intercept further access data via third-party emails and product keys are easy to sell on the internet.
If the user downloads tools to read such data, this is recognized by anti-virus software. In this case, the download in the browser is blocked right from the start. This also applies to many Nirsoft tools, even if they are not illegal hacking tools. Please do not try to deactivate the antivirus program in order to allow the download onto your PC, as this would be dangerous. Instead, set the antivirus software to exclude your download folder from monitoring.
Temporarily remove folder protection
IDG
In Defender, click on the program’s icon in the taskbar corner or open Settings in the Start menu and then navigate to Privacy and Security – Windows Security.
Click on Virus and Threat Protection and under Virus and Threat Protection Settings, click on Manage Settings. Under Exclusions, go to Add or Remove Exclusions and select Add Exclusion in the next window. In the following window, click on Folder and enter the path to your download folder. Normally, this is C:\Users[username]\Downloads.
Defender will now allow all downloads in this folder and will not prevent you from unpacking the ZIP file or running the program. As soon as you no longer need the Nirsoft tool, you should switch the folder protection on again immediately. To do this, select the folder in Defender and click on Remove.
Bypassing the browser blocks
Sometimes the browser sounds an alarm when you download a Nirsoft tool and won’t let you download the file.
In this case, open Properties in Google Chrome via the three-dot menu and navigate to Privacy and Security – Security. In the following window, toggle No Protection and then switch back to Standard Protection after using the tool.
In Edge and Firefox, you can allow the download directly in the message about the blocking of dangerous software. The browser may also send this report: Unchecked Download Blocked.
In this case, right-click on the download link in Google Chrome and Edge and select Save Link As. In the next window, enter the folder that you had excluded from monitoring in Defender.
In Firefox, you’ll see the following message: This file contains a virus or malware. Select the right arrow and then click on Allow Download in the following window.
Switch off Defender Smartscreen warnings
IDG
Finally, the Defender Smartscreen may strike and prevent the program from running. In the harmless version, a blue-green window appears with the following message: The computer has been protected by Windows.
This means that the Windows software database does not recognize the program and therefore refuses to start it. If you are sure that the program is harmless, click on More Information – Run Anyway to start the software.
You may also see the message Malicious File on a red background. This also comes from the smart screen and indicates that it may be malware. In this case, open the lock once for harmless applications by clicking More Information and Run Anyway.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.