Tuesday, 1 January 2013

Windows 8 password reset trick requires no third-party software


Despite being Microsoft’s most secure operating system ever, it’s possible to clear or change a user’s Windows 8 password without using anything but the built-in troubleshooting tools. All it takes is ten minutes, a Windows 8 System Recovery disc or USB flash drive, and the patience to execute a few simple directives from the command prompt. The trick, as detailed by Jamal Naji, boils down to replacing the Ease of Access center application (utilman.exe) with another copy of the command prompt (cmd.exe).


Once you’ve made the swap from inside the System Recovery environment and rebooted, you’ll see the Windows 8 login screen again. In the bottom-left corner of the screen sits the Ease of Access button. Click it, and a command prompt will appear — and it’s no ordinary command prompt. It’s got full administrative privileges, and that means you can modify things like other users’ passwords. The trusty old net command is happy to oblige and will wipe out a Windows 8 password with minimal fuss. Once you’re done, just reboot and restore utilman.exe and cmd.exe to their original states, and you’re good to go.

This password reset hack isn’t unique to Windows 8. It works on Windows 7, Windows Vista, and Windows Server 2008, too. So why hasn’t Microsoft bothered to fix what seems like a glaring security oversight? It’s anyone’s guess, but ultimately if someone has enough free time with your Windows system to pull off the utilman password hack you’re going to be in trouble even if Microsoft does fix the flaw. 
While this trick works, there are other ways to reset a Windows password that are far speedier. The Offline NT Password and Registry Editor, for example, is a tiny, Linux-based tool that can blank a password in fewer steps and much less time. 

Still, it might be a good idea for Microsoft to patch a password security hole that’s been known about since the days of Vista.

No comments:

Post a Comment