Windows 8 Microsoft account password hack.

By chillipig
in Microsoft (Windows)

 Share

Recommended Posts

Contributor

chillipig

Posted
Posted

I've started to come up against a problem at work due to the new ability to use a Microsoft account to login to windows 8.

I often have to test PCs when customers return them with alleged faults for a well known company, but frequently the person returning the machine is not the user /only user.

This hasn't been a problem until now as there are lots of Windows password removal tools including some free programs but now I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can.

Having had a good look out there I can find only one title that claims to do it: http://www.top-password.com/reset-windows-password.html

Problem is the company actually has this site blocked by its content filtering software and the rules state that the company expenses account can only be used through the company Internet connection by the designated employee.

I can request this site be taken off the blacklist but the process takes 4-8 weeks and I am getting 2-3 a day which is causing me a backlog.

I have tried proxies but they are all blocked and wouldn't be a good idea when using a credit card anyway.

So can anyone advise me how I could remove/find this type of password manually or any other software they know of retail or freeware?

Many Thanks.

Veteran

Shane Nokes

Posted
Posted

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

Grand Master

ahhell

Posted
Posted

"I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can"

That's the whole point in them using a Microsoft account so that people CAN'T reset/"hack" the account.

Is there a way to enable the admin account and log in?

Contributor

chillipig

Posted
  • Author
Posted

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

there is no way to do this without having their MS password
Grand Master

Detection

Posted
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

That's like saying you want access to their hotmail emails but you don't want their password to do it

Windows 8 Live Login, IS their email account to put it simply.

Tell the company to start forcing users to use Local accounts instead

What you are asking is contradicting what you are wanting to do

Contributor

chillipig

Posted
  • Author
Posted

Have the user set a 4 digit PIN or use Picture Password to unlock their Microsoft Account.

If everyone used a local A/C with no password that would suit me down to the ground but the reality is they just assume a computer company has some special tool to temporarily turn off their password in the same way USA customs does with TSA locks. Actually most customers just see it as the companies problem and couldn't give a toss. Beyond that trying to call them multiple times a day to get their password isn't practical, even when they write them down the handwriting can be bad/ misspelled /just wrong.

All I need is access to their desktop in a local sense, if their login credentials for MS on line are removed in the progress thats fine.

Veteran

Shane Nokes

Posted
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

Contributor

chillipig

Posted
  • Author
Posted

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

I do understand what you are saying in that Windows 8 is designed so that it aligns itself with the users on line services as soon as the login window is presented but thats why I titled this thread "password hack." the resulting "damage" to the account credentials and ability to resume using the account locally is of no importance as long as I can see why their webcam isnt working under that particular user for example.

I suppose you could loosely say I am trying to manipulate windows so I can turn the MS A/C into a local A/C stripped of its personalised attributes.

The customer has formerly signed a data loss agreement anyway so I can restore the machine to factory default but of course doing things that way takes longer and time is a big issue for me.

I can see this isn't something thats going to be easy if at all possible from the replies but thanks to everyone for taking the time :)

Contributor

chillipig

Posted
  • Author
Posted

As a side not this site http://www.top-password.com/reset-windows-password.html claims they can do it saying:

"New! Support password reset for Windows 8 local account and Microsoft account."

"The cached passwords are stored as hashes in the local system registry, so it is difficult to crack or recover the original password. However, it?s possible to update the cached password hash using a new password, so you can log in the system with a new password in case your actual Hotmail password is lost or forgotten. Reset Windows Password is the right software which can help you easily reset Microsoft account password by running from a bootable CD or USB drive."

Interestingly they do write genuine software that has been removing local account passwords for a while now.

Grand Master

+Eternal Tempest MVC

Posted
  • MVC
Posted

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

Veteran

Shane Nokes

Posted
Posted

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

You can just say Microsoft Account. That is the new term.

Grand Master

Detection

Posted
Posted

Does windows 8 really stores cached password of online Microsoft Account? If they does, wow, online account cracking just become much easier.

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

Enthusiast

jackkk1

Posted
Posted

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

Grand Master

Detection

Posted
Posted

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

It must store something because you can log in offline using your Live ID

Enthusiast

jackkk1

Posted
Posted

It must store something because you can log in offline using your Live ID

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

Grand Master

Detection

Posted
Posted

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

Agreed, to maintain security, having the user create a local & online account during setup would have been better, for cases when their connection is unavailable, they are logged into their local account instead

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Segra 1.6.2

      By Copernic · Posted

      Segra 1.6.2 by Razvan Serea Segra is a free, open-source OBS-powered game recorder offering fast gameplay capture, instant clips, AI highlights, deep game integration, and seamless uploads—perfect for gamers, streamers, and content creators. Lightweight, fast, zero bloat. Segra key features: Automatic Game Recording: Begin capturing gameplay the moment your game launches, with zero manual setup. Instant Clipping: Save important moments instantly using a customizable hotkey—perfect for highlights, montages, or quick shares. Segra AI Highlights: Let Segra automatically detect kills, assists, deaths, and key events to generate polished highlight reels without manual editing. Gameplay Uploads: Upload recordings and clips directly to Segra.tv for fast sharing and cloud access. Deep Game Integration: Enjoy advanced game-data tracking across hundreds of supported titles, enabling smart highlight generation and stat-informed clipping. High-Performance Capture: Record up to 4K at 144 FPS using OBS-powered technology with minimal performance impact, supporting NVENC, AMD VCE, and custom quality controls. Segra Editor: Edit recordings easily with timeline controls, segment management, and event-based navigation to build the perfect clip. Customization Options: Adjust hotkeys, output formats, storage paths, codecs, capture quality, and performance settings for a tailored recording experience. Segra 1.6.2 changelog: UI: Improved the transition from the loading skeleton to the real content card. Security: Added Segra.dll code signing and automatic VirusTotal upload. Settings: Fixed the settings header to highlight Account when scrolled to the top. Recording: Updated OBSKit.NET to 1.4.1. Download: Segra 1.6.2 | 74.5 MB (Open Source) View: Segra Homepage | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Hey Google, these are the Gemini features I want in 2026

      By Aditya Tiwari · Posted

      Hey Google, these are the Gemini features I want in 2026 by Aditya Tiwari Google Gemini has been around for over three years. The AI chatbot started its journey back in 2023 (as Bard) when ChatGPT was already a talk of the town. However, it quickly attracted criticism after misrepresenting facts about the James Webb Space Telescope. The search giant spent a year fine-tuning Bard before rebranding the chatbot and its underlying generative AI model to Gemini, drawing inspiration from NASA's first human spaceflight program. Note that Bard was initially powered by LaMDA and PaLM 2; Google has since added several new features and integrations to Gemini. That said, there is scope for improvement and a gap for new features. I have been using Gemini for a while now and have realized that the chatbot lacks several features, making it harder for me to research across topics. These are mostly function-over-form updates that can improve the overall experience. Delete individual messages from a conversation Image via DepositPhotos.com One good thing about Gemini is that it can maintain context throughout the conversation. But things might get chaotic when you want to ask a related question, but don't want it to be part of your conversation in the long run. You can't ask that related question in a fresh chat because Gemini will lose the active conversation context of what you're trying to research. If Google allowed you to delete individual question/answer pairs, you could simply ask about a sub-topic and remove it from the conversation to create a smooth flow of important stuff. Offline mode Image via DepositPhotos.com A big pain of using Gemini daily is that everything loads from the cloud. It takes time for your chats to appear, and you can't view your conversation history while offline. To get a better idea, you can open the Gemini app and see how it looks without an internet connection. While Gemini models run in the cloud, it wouldn't hurt if Google could store chats (at least the text part) on the device so we can refer to them when offline. Google can also offer a lightweight version of its AI model to help with basic drafting, summarization, and other tasks. It has the Gemini Nano model, which can perform on-device processing on Google Pixel, Samsung, and some other Android brands, but it's a system feature and not related to the cloud-based Gemini app. Make temporary chats permanent I can't thank Google enough for taking the time and effort to add incognito mode or temporary chat mode to the Gemini app. It lets you have conversations without worrying that the topics will end up in your chat history or used for model training (at least on paper). Google claims that it doesn't use your temporary chats to "personalize your Gemini experience or train Google’s AI models." However, the data is stored "up to 72 hours to respond to you and to process any feedback you choose to provide." That said, I often start researching something in a temporary chat, only to realize the chatbot's answer is good enough to refer to later. Sadly, Gemini doesn't have an option to make such temporary chats permanent. In other words, I won't be able to follow up on it if I close the temporary chat. I'm left with alternatives like copying the answers into notes or another app. My digital life will get a lot better if Gemini gets a button to make temporary chats permanent. Collapse answers for a cleaner view You're heavily invested in your research game and suddenly feel the need to go up in the chat to recall something. This is when the conversation thread starts to feel like an overwhelming, unending wall of questions and answers. What if Google added a way to collapse Q&A pairs in the Gemini chat thread? It would look quite clean and easy to navigate. You'll quickly get an overview of everything you have discussed with the chatbot. Add buttons to jump between messages Suggested mockup of the feature. This reminds me of a small but useful Gemini feature that Google could add to its chatbot: the ability to hop between prompts in a conversation. Just add simple up- and down-arrow buttons, similar to YouTube Shorts, so people can quickly scroll through the messages. A table of contents or Chat Overview It's hard to get a bird's-eye view of everything you have discussed with the chatbot during a lengthy conversation. This is where a table of contents, or Chat Overview, displayed at the top of the screen, possibly in a drop-down button, might come in handy. You'll be able to get an overview of the chat and jump between messages, serving as an alternative to the up/down arrow buttons. Temporary mode for Gemini Live Image: Google You can use Gemini Live to have real-time conversations with the chatbot, which feels like you're talking to someone in the same room. However, a downside is that Gemini Live doesn't work in Temporary Chat mode, so all your conversations end up in the chat history. Google should consider expanding the temporary chat mode to include Gemini Live. Default to a specific chat One thing that feels somewhat annoying to me is that Gemini always opens in a new chat, whether on web or mobile. Sometimes, you want to return to your last chat. Google can take cues from web browsers, which let you choose whether you want to go to a new tab or a specific web page(s). Gemini can also have options to default to a specific chat when reopened. That said, generative AI chatbots have endless possibilities given the vagueness of their work. You can mold them the way you want by attaching different connectors, adding custom instructions, and including source files. It remains to be seen what Google has in store for future updates and whether anything from this wishlist gets the green light. The search giant released a stream of new Gemini updates in recent months, including Gemini 3.5 Flash and Gemini Omni Spark, adding that it now has 13 products with more than a billion users each. What do you want to see in the Gemini app? Tell us in the comments.
    • What should AI detector tools show before users copy or export a report?

      By Barney T. · Posted

      Thank you for the post. Just a FYI that links to an outside site or promoting specific software is considered spamming here. Asking general questions is fine.
    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By Michal H. · Posted

      not in taskbar search
    • What should AI detector tools show before users copy or export a report?

      By sumytbe · Posted

      I have been thinking about AI detector tools as a software workflow rather than a single "AI score" widget. When someone pastes text or uploads a document, the UI can return a report with a probability-style score, sentence highlights, reliability notes, and limitations. The useful part is that it can point a reviewer toward passages worth reading again. The risky part is that a polished score can look more certain than it really is. For people who build or review web apps, what should happen before the user copies or exports that kind of report? The minimum I would expect is: A clear input boundary for pasted text versus document files. Limits shown near the workflow, including minimum text length and maximum file size. A report label that says the result is a signal, not proof of who wrote the text. Sentence highlights and evidence notes alongside the global score. Reliability notes when the sample is too short or lacks enough sentence variety. False-positive and false-negative caveats that remain visible in copied/exported summaries. I am trying to avoid the pattern where a clean report card becomes the whole product story. For AI detection, "review this evidence in context" seems more honest than "trust this score." Would you keep the warning text visible on every report, or make it collapsible so the main result stays easier to scan? Disclosure: I work on a small AI detector/reporting workflow, but I am intentionally not linking it here. I am asking about software and report design, not promoting a site.

  • Recent Achievements

    • Conversation Starter
      sumytbe earned a badge
      Conversation Starter
    • One Year In
      B4dM1k3 earned a badge
      One Year In
    • One Year In
      DarkWun earned a badge
      One Year In
    • Dedicated
      Almohandis earned a badge
      Dedicated
    • Dedicated
      JuvenileDelinquent earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      507
    2. 2
      +Edouard
      181
    3. 3
      PsYcHoKiLLa
      86
    4. 4
      Michael Scrip
      78
    5. 5
      Steven P.
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!