Passwords must be complex and as long as possible so that hackers have no chance of cracking them in a short span of time. However, complicated passwords are easy to forget. Anyone who doesn't carefully maintain and write down their passwords or store them in the database of a password manager runs the risk of suddenly no longer having access to Windows, protected files, or internet services.
Further reading: Best password managers 2024: Protect your online accounts
There are a number of tools on the internet that can read and decrypt freely readable or encrypted passwords for Windows, Office programs, or certain file formats such as PDF from configuration files or the registry. But many of these were written for older software versions and no longer work today.
Microsoft has continued to strengthen the encryption strength of its passwords over the years and other manufacturers have followed suit. That said, it's still possible to extract stored passwords from some file types and applications. The programmer Nir Sofer offers a whole range of corresponding tools on his website www.nirsoft.net, all of which can be downloaded free of charge.
Windows remembers the password to your router or a connected NAS device and saves this data in the following folder:
The Nirsoft tool Credentialsfileview can read these files and display the passwords they contain.
You do not need to install the program. All you have to do is unzip the ZIP file. After starting the EXE file, an options window appears. In the top menu, select the option Decrypt Credentials files of all logged in users > Requires to run as administrator (Elevation) and click on OK.
Credentialsfileview will now show you the contents of the files. For most entries, you will hardly be able to recognize which applications they belong to. However, take a closer look at all lines where your e-mail address appears in the User Name column or where the type Domain Password appears under Entry Type.
In order for a mail program to retrieve messages from your provider's e-mail server, it must transmit a password. This data is stored in the program's configuration files. You can use Mail Passview to display the passwords.
Simply call up the tool and it'll automatically recognize which e-mail application you are using and look up the associated password. It also shows the address of the server, the user name, and the POP3, IMAP, and SMTP ports used. After right-clicking on the password, you can copy it directly to the clipboard with Copy Password. Mail Passview supports Outlook, Thunderbird, and Eudora, among others.
Outlook stores emails, contacts, calendar data, and so on in a file with the extension .PST. To prevent other people from accessing this data, it's protected with a password.
If you have lost this password, you can use the Pstpassword tool to generate three passwords to access the data. This sounds strange, but it actually works. This is because Outlook PST files do not save a password. Instead, the program generates a 32-bit hash value that represents the original password.
This hash value can also be achieved with a whole range of other passwords due to the weak algorithm with which Microsoft has implemented the encryption.
When you connect to a Wi-Fi network, Windows automatically memorizes the name, the SSID, and the password used. As soon as you enter the range of the wireless network again later, the operating system can automatically log in again.
This function is primarily useful for notebook owners who frequently move back and forth between several locations. Thanks to this function, they are continuously connected to a WLAN and thus to the internet without having to enter the correct password each time.
In Windows, you can display the password for the WLAN you are currently connected to. To do this, open Settings in the Start menu, go to Network and Internet - Properties, scroll down, and click on View next to Show Wi-Fi security code.
The Wirelesskeyview tool even gives you an overview of all Wi-Fi passwords stored in Windows. Simply unzip the ZIP file and run the EXE file.
All three major browsers have a built-in password manager. By default, the software offers to memorize the entered code each time you enter a password and to use it automatically for subsequent logins. Of course, this password database is encrypted and protected.
Google Chrome requires you to enter your Windows password or PIN to view the passwords, Edge wants you to log in to your Microsoft account, and Opera and Firefox only reveal the stored data after you have logged in to your account. However, if you no longer know your password, you will have to proceed differently.
In this case, you can use Webbrowserpassview. The tool lists the passwords saved in the four browsers mentioned directly after opening and also states the user name used and the browser from whose password manager the data originates.