Windows 8 Microsoft account password hack.

By chillipig
in Microsoft (Windows)

 Share

Recommended Posts

Contributor

chillipig

Posted
Posted

I've started to come up against a problem at work due to the new ability to use a Microsoft account to login to windows 8.

I often have to test PCs when customers return them with alleged faults for a well known company, but frequently the person returning the machine is not the user /only user.

This hasn't been a problem until now as there are lots of Windows password removal tools including some free programs but now I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can.

Having had a good look out there I can find only one title that claims to do it: http://www.top-password.com/reset-windows-password.html

Problem is the company actually has this site blocked by its content filtering software and the rules state that the company expenses account can only be used through the company Internet connection by the designated employee.

I can request this site be taken off the blacklist but the process takes 4-8 weeks and I am getting 2-3 a day which is causing me a backlog.

I have tried proxies but they are all blocked and wouldn't be a good idea when using a credit card anyway.

So can anyone advise me how I could remove/find this type of password manually or any other software they know of retail or freeware?

Many Thanks.

Veteran

Shane Nokes

Posted
Posted

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

Grand Master

ahhell

Posted
Posted

"I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can"

That's the whole point in them using a Microsoft account so that people CAN'T reset/"hack" the account.

Is there a way to enable the admin account and log in?

Contributor

chillipig

Posted
  • Author
Posted

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

there is no way to do this without having their MS password
Grand Master

Detection

Posted
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

That's like saying you want access to their hotmail emails but you don't want their password to do it

Windows 8 Live Login, IS their email account to put it simply.

Tell the company to start forcing users to use Local accounts instead

What you are asking is contradicting what you are wanting to do

Contributor

chillipig

Posted
  • Author
Posted

Have the user set a 4 digit PIN or use Picture Password to unlock their Microsoft Account.

If everyone used a local A/C with no password that would suit me down to the ground but the reality is they just assume a computer company has some special tool to temporarily turn off their password in the same way USA customs does with TSA locks. Actually most customers just see it as the companies problem and couldn't give a toss. Beyond that trying to call them multiple times a day to get their password isn't practical, even when they write them down the handwriting can be bad/ misspelled /just wrong.

All I need is access to their desktop in a local sense, if their login credentials for MS on line are removed in the progress thats fine.

Veteran

Shane Nokes

Posted
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

Contributor

chillipig

Posted
  • Author
Posted

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

I do understand what you are saying in that Windows 8 is designed so that it aligns itself with the users on line services as soon as the login window is presented but thats why I titled this thread "password hack." the resulting "damage" to the account credentials and ability to resume using the account locally is of no importance as long as I can see why their webcam isnt working under that particular user for example.

I suppose you could loosely say I am trying to manipulate windows so I can turn the MS A/C into a local A/C stripped of its personalised attributes.

The customer has formerly signed a data loss agreement anyway so I can restore the machine to factory default but of course doing things that way takes longer and time is a big issue for me.

I can see this isn't something thats going to be easy if at all possible from the replies but thanks to everyone for taking the time :)

Contributor

chillipig

Posted
  • Author
Posted

As a side not this site http://www.top-password.com/reset-windows-password.html claims they can do it saying:

"New! Support password reset for Windows 8 local account and Microsoft account."

"The cached passwords are stored as hashes in the local system registry, so it is difficult to crack or recover the original password. However, it?s possible to update the cached password hash using a new password, so you can log in the system with a new password in case your actual Hotmail password is lost or forgotten. Reset Windows Password is the right software which can help you easily reset Microsoft account password by running from a bootable CD or USB drive."

Interestingly they do write genuine software that has been removing local account passwords for a while now.

Grand Master

+Eternal Tempest MVC

Posted
  • MVC
Posted

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

Veteran

Shane Nokes

Posted
Posted

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

You can just say Microsoft Account. That is the new term.

Grand Master

Detection

Posted
Posted

Does windows 8 really stores cached password of online Microsoft Account? If they does, wow, online account cracking just become much easier.

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

Enthusiast

jackkk1

Posted
Posted

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

Grand Master

Detection

Posted
Posted

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

It must store something because you can log in offline using your Live ID

Enthusiast

jackkk1

Posted
Posted

It must store something because you can log in offline using your Live ID

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

Grand Master

Detection

Posted
Posted

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

Agreed, to maintain security, having the user create a local & online account during setup would have been better, for cases when their connection is unavailable, they are logged into their local account instead

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Password Safe 3.72.0

      By Copernic · Posted

      Password Safe 3.72.0 by Razvan Serea Password Safe is a password database utility. Like many other such products, commercial and otherwise, it stores your passwords in an encrypted file, allowing you to remember only one password (the "safe combination"), instead of all the username/password combinations that you use. Once stored, your user names and passwords are just a few clicks away. Using Password Safe you can organize your passwords using your own customizable references—for example, by user ID, category, web site, or location. You can choose to store all your passwords in a single encrypted master password list (an encrypted password database), or use multiple databases to further organize your passwords (work and home, for example). And with its intuitive interface you will be up and running in minutes. PasswordSafe was originally designed by the renowned security technologist Bruce Schneier and released as a free utility application. Password Safe 3.72.0 changelog: Fixed bugs Improved font scale handling - should resolve font size issues on high resolution displays. GH1749 In the Master Password Setup window, "Show Master Password" is no longer truncated on some displays. GH1092, SF1595 Size and position of main window is now correctly restored on scaled displays. SF1630 Keep password expiry date when both password and password expiry are changed; don't clear a non-recurring expiry when the password's changed. SF1628 Custom values can now be copied to the clipboard in read-only mode via Ctrl-C and right-click->Copy Value. New features GH1196 Dark display mode support: Password Safe now supports the system display mode, as well as setting the mode directly via Manage->Options->Display->Display Mode. This change also updates the general "look & feel" of the app to the current Windows theme. Known limitations: The Date picker and keyboard shortcut controls do not switch to dark theme The Customize Toolbar dialog does not switch to dark theme Custom Field support has been added to the more advanced features: Filters XML and Text import and export Comparison, Sync and Merge databases SF938 Custom field values may now be selected by name and copied via a "Copy Custom Field Value..." submenu in the entry context popup menu. SF936 Notes and Custom fields layout now overlap, selectable by tabs, resulting in a more compact and less cluttered layout. SF935 Autotype: Specifying '\v{name}' in the autotype text will cause the corresponding value to be autotyped. Download: PasswordSafe 64-bit | Portable 64-bit | ~20.0 MB (Open Source) Download: PasswordSafe 32-bit | Portable 32-bit View: PasswordSafe Website | Quickstart Guide | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Google DeepMind AI Control Roadmap: When Alignment Fails, Defense-in-Depth Takes Over

      By +TRS-80 · Posted

      Google DeepMind published a document on June 18, 2026, that may be the most consequential admission yet from a frontier AI lab: alignment training alone cannot guarantee that AI agents will remain under human control, so structural containment must be built before more capable models arrive.............. https://www.techtimes.com/articles/318758/20260620/google-deepmind-ai-control-roadmap-when-alignment-fails-defense-depth-takes-over.htm  
    • Creative Sound Blaster AE-X PCIe review: your headphones will love it

      By Taliseian · Posted

      I've got a SoundBlasterX G6 that I use in my streaming setup. Sounds great to me and I've had zero issues with the ancient software package so far in Win11. That G6 has 7.1, Dolby, fully working SPDIF and since it's a USB device it's outside of my rig so I don't have to worry about EMF distortion. Looks like for now this is a pass for me as I think I have better hardware....
    • Creative Sound Blaster AE-X PCIe review: your headphones will love it

      By OldGuru · Posted

      How do you connect 5.1 Speakers to this thing?
    • A 13 billion year old secret about our Universe's origin was revealed

      By Taliseian · Posted

      I agree with both of you... It's absolutely imperative that science is completely based on actual proven facts and hard evidence and is not considered dogmatic in any way. Science is not a religion and it will never be, and that's exactly how it's supposed to be.

  • Recent Achievements

    • Dedicated
      JuvenileDelinquent earned a badge
      Dedicated
    • First Post
      DrWankel earned a badge
      First Post
    • Reacting Well
      DrWankel earned a badge
      Reacting Well
    • Week One Done
      Supreme Spray LV earned a badge
      Week One Done
    • Week One Done
      Genuinetonerink- Dubai earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      502
    2. 2
      +Edouard
      170
    3. 3
      PsYcHoKiLLa
      88
    4. 4
      Steven P.
      75
    5. 5
      Michael Scrip
      73
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!