“It’s breakingbad. No. Then it’s Bre@k1ngbAd. Nope. Great, I forgot my password!” Forgetting a password is a situation we all would desperately like to avoid, but without the right tools and methods then it’s destined to happen sooner or later. And there is nothing more annoying than having to reset a password – especially if it miraculously complied with the advice of security experts – and being forced to create and learn a new one.
So, it’s not surprising that many users would rather turn to unconventional methods like password recovery tools than to continue the never-ending cycle of trying to memorize a new login again. These programs certainly can do their job well, but are they the safest, most reliable way of recovering lost passwords? And if they aren’t, how can losing logins be prevented to begin with?
The Working Principle of Password Recovery Tools
Whether it’s a simpler program like Ophcrack or an advanced behemoth like John the Ripper or Hashcat, the working principle behind password recovery tools – or, in certain cases, password reset tools – is usually the same. Basically, users can recreate the methods used by hackers like a dictionary attack – which is trying meaningful words in the chosen language – or an appropriately named brute force attack that tries every single combination of letters, numbers, and special characters.
However, there are some key differences in how these ‘attacks’ are performed by the recovery software. Ophcrack, for instance, doesn’t require anything from the user other than to burn the program to a CD or flash drive and then run it instead of booting up the computer. John the Ripper and Hashcat, on the other hand, don’t work unless they are first fed with word lists or the so-called rainbow tables – lists containing countless passwords alongside the hashes that they are encrypted with.
Apply With Caution
Although there is no doubt that password crackers can be useful for retrieving lost passwords from online accounts, programs or even from the OS itself, there is still no guarantee that they’ll be successful and should only be considered as a last resort. For starters, more advanced password crackers need to go through complex settings adjustments to work properly, which could be quite a challenge for less tech-savvy users. Then there is the fact that certain password cracking programs automatically destroy the retrieved password, therefore leading to the very thing that users are trying to avoid, namely creating a new password.
Additionally, these tools typically take their time in cracking passwords, especially if the slowest method – the brute force attack – is chosen. In certain cases they cannot be even launched from the most recent operating systems. And last but not least, password crackers will immediately disclose usernames and passwords, meaning that if these tools fall into the hands of criminals – particularly the patient kind – then they can easily gather any valuable information from a computer.
Password Recovery Tools vs Password Managers
To be honest, there is actually one program that password crackers aren’t able to extract passwords from: password managers. If you think about it, this is pretty logical as password management solutions are all equipped with military-grade encryption with which the program stops any trespassers from being able to find or read any login credentials and other data that are stored within the software. This effectively showcases how data stored within password managers are indeed safe from any kind of attack.
However, the fact that master passwords cannot be retrieved from password management solutions also means that the program could in theory stay locked for good with all the stored information trapped inside, unless there is another way than the master password to access the vault such as a PIN code or a one-time password. And to make things even more complicated, for security reasons the moment a master password is reset the data stored inside the program is deleted as well.
Prevention Is the Best Medicine
Since password recovery tools are like double-edged swords their use is only recommended if you have exhausted every other possibility. As such, it’s better to prevent the loss of passwords from the get-go by either relying on strong but easily memorable passwords or, better yet, creating truly uncrackable logins and then storing them within a password manager to pass-on the hassle of remembering those passwords. In fact, the second option is the best approach for everyday users since it is safe and convenient – provided that they don’t forget their master passwords…
Best Password Managers of 2019
|Editor's Choice 2019|