Windows 8 Microsoft account password hack.

By chillipig
in Microsoft (Windows)

 Share

Recommended Posts

Contributor

chillipig

Posted
Posted

I've started to come up against a problem at work due to the new ability to use a Microsoft account to login to windows 8.

I often have to test PCs when customers return them with alleged faults for a well known company, but frequently the person returning the machine is not the user /only user.

This hasn't been a problem until now as there are lots of Windows password removal tools including some free programs but now I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can.

Having had a good look out there I can find only one title that claims to do it: http://www.top-password.com/reset-windows-password.html

Problem is the company actually has this site blocked by its content filtering software and the rules state that the company expenses account can only be used through the company Internet connection by the designated employee.

I can request this site be taken off the blacklist but the process takes 4-8 weeks and I am getting 2-3 a day which is causing me a backlog.

I have tried proxies but they are all blocked and wouldn't be a good idea when using a credit card anyway.

So can anyone advise me how I could remove/find this type of password manually or any other software they know of retail or freeware?

Many Thanks.

Veteran

Shane Nokes

Posted
Posted

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

Grand Master

ahhell

Posted
Posted

"I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can"

That's the whole point in them using a Microsoft account so that people CAN'T reset/"hack" the account.

Is there a way to enable the admin account and log in?

Contributor

chillipig

Posted
  • Author
Posted

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

there is no way to do this without having their MS password
Grand Master

Detection

Posted
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

That's like saying you want access to their hotmail emails but you don't want their password to do it

Windows 8 Live Login, IS their email account to put it simply.

Tell the company to start forcing users to use Local accounts instead

What you are asking is contradicting what you are wanting to do

Contributor

chillipig

Posted
  • Author
Posted

Have the user set a 4 digit PIN or use Picture Password to unlock their Microsoft Account.

If everyone used a local A/C with no password that would suit me down to the ground but the reality is they just assume a computer company has some special tool to temporarily turn off their password in the same way USA customs does with TSA locks. Actually most customers just see it as the companies problem and couldn't give a toss. Beyond that trying to call them multiple times a day to get their password isn't practical, even when they write them down the handwriting can be bad/ misspelled /just wrong.

All I need is access to their desktop in a local sense, if their login credentials for MS on line are removed in the progress thats fine.

Veteran

Shane Nokes

Posted
Posted

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

Contributor

chillipig

Posted
  • Author
Posted

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

I do understand what you are saying in that Windows 8 is designed so that it aligns itself with the users on line services as soon as the login window is presented but thats why I titled this thread "password hack." the resulting "damage" to the account credentials and ability to resume using the account locally is of no importance as long as I can see why their webcam isnt working under that particular user for example.

I suppose you could loosely say I am trying to manipulate windows so I can turn the MS A/C into a local A/C stripped of its personalised attributes.

The customer has formerly signed a data loss agreement anyway so I can restore the machine to factory default but of course doing things that way takes longer and time is a big issue for me.

I can see this isn't something thats going to be easy if at all possible from the replies but thanks to everyone for taking the time :)

Contributor

chillipig

Posted
  • Author
Posted

As a side not this site http://www.top-password.com/reset-windows-password.html claims they can do it saying:

"New! Support password reset for Windows 8 local account and Microsoft account."

"The cached passwords are stored as hashes in the local system registry, so it is difficult to crack or recover the original password. However, it?s possible to update the cached password hash using a new password, so you can log in the system with a new password in case your actual Hotmail password is lost or forgotten. Reset Windows Password is the right software which can help you easily reset Microsoft account password by running from a bootable CD or USB drive."

Interestingly they do write genuine software that has been removing local account passwords for a while now.

Grand Master

+Eternal Tempest MVC

Posted
  • MVC
Posted

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

Veteran

Shane Nokes

Posted
Posted

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

You can just say Microsoft Account. That is the new term.

Grand Master

Detection

Posted
Posted

Does windows 8 really stores cached password of online Microsoft Account? If they does, wow, online account cracking just become much easier.

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

Enthusiast

jackkk1

Posted
Posted

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

Grand Master

Detection

Posted
Posted

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

It must store something because you can log in offline using your Live ID

Enthusiast

jackkk1

Posted
Posted

It must store something because you can log in offline using your Live ID

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

Grand Master

Detection

Posted
Posted

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

Agreed, to maintain security, having the user create a local & online account during setup would have been better, for cases when their connection is unavailable, they are logged into their local account instead

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Zen Browser 1.21b

      By Copernic · Posted

      Zen Browser 1.21b by Razvan Serea Zen Browser is a privacy-focused, open-source web browser built on Mozilla Firefox, offering users a secure and customizable browsing experience. It emphasizes privacy by blocking trackers, ads, and ensuring your data isn't collected. With Zen Mods, users can enhance their browser experience with various customization options, including features like split views and vertical tabs. The browser is designed for efficiency, providing fast browsing speeds and a lightweight interface. Zen Browser prioritizes user control over the browsing experience, offering a minimal yet powerful alternative to traditional web browsers while keeping your online activity private. Zen Browser’s DRM limitation Zen Browser currently lacks support for DRM-protected content, meaning streaming services like Netflix and HBO Max are inaccessible. This is due to the absence of a Widevine license, which requires significant costs and is financially unfeasible for the developer. Additionally, applying for this license would require Zen to be part of a larger company, similar to Mozilla or Brave. Therefore, DRM-protected media won't be supported in Zen Browser for the foreseeable future. Zen Browser offers features that improve user experience, privacy, and customization: Privacy-Focused: Blocks trackers and minimizes data collection. Automatic Updates: Keeps the browser updated with security patches. Zen Mods: Customizable themes and layouts. Workspaces: Organize tabs into different workspaces. Compact Mode: Maximizes screen space by minimizing UI elements. Zen Glance: Quick website previews. Split Views: View multiple tabs in the same window. Sidebar: Access bookmarks and tools quickly. Vertical Tabs: Manage tabs vertically. Container Tabs: Separate browsing sessions. Fast Profile Switcher: Switch between profiles easily. Tab Folders: Organize tabs into folders. Customizable UI: Personalize browser interface. Security Features: Inherits Firefox’s robust security. Fast Performance: Lightweight and optimized for speed. Zen Mods Customization: Deep customization with mods. Quick Access: Easy access to favorite websites. Open Source: Built on Mozilla Firefox with community collaboration. Community-Driven: Active development and feedback from users. GitHub Repository: Contribute and review the source code. Zen Browser 1.21b changelog: New Features Updated to Firefox 151.0.4 Added 'Space Routing', a new feature that allows you to route links to a specific Space. To get started, click on the three dots in your Space name and click on 'Space Routing Settings'. Fixes Fixed extension-opened tabs not being created with the correct container (#14100) Fixed a bug with the Boosts editor having the wrong theme colors (#14099) Improved overflowing space icons being inaccessible and improved the feeling when hovering over them (#13747) Other minor bug fixes and improvements Download: Zen Browser | 89.8 MB (Open Source) Download: Zen Browser ARM64 | Other Operating Systems View: Zen Browser Home Page | Screenshots 1 | 2 | Reddit Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Louis Rossmann suing Samsung over "990 Pro SSD warranty scam"

      By AsherGZ · Posted

      I am currently using a 4tb stick in combination with a 4tb 9100 Pro. It's only been six months since I bought them but the 990 has already dropped 1% health. Fingers crossed it doesn't go any lower.
    • Louis Rossmann suing Samsung over "990 Pro SSD warranty scam"

      By dustojnikhummer · Posted

      But it opens the floodgates to anyone who gets a refund instead of a replacement (since refund will buy you a 1/3rd of the capacity it did years ago)
    • Louis Rossmann suing Samsung over "990 Pro SSD warranty scam"

      By AsherGZ · Posted

      He has planned to file a lawsuit in small claims court so it'll only be a $1000 lesson assuming he wins. That's likely a fraction of what Samsung spends on toilet paper on a daily basis.
    • Windows Server gets DNS over HTTPS (DoH) support

      By Usama Jawad96 · Posted

      Windows Server gets DNS over HTTPS (DoH) support by Usama Jawad For the past few months, Microsoft has been previewing DNS over HTTPS (DoH) for Windows DNS Server, touting it as a foundational upgrade for zero-trust enterprise networks. It essentially introduces encrypted, authenticated DNS for the networks rather than transmitting DNS traffic in clear. Now, the company has introduced the general availability (GA) of this feature. The GA of DoH encourages organizations to deploy the solution in production environments without implementing a new client-to-resolver architecture. DoH helps improve the overall security of the network and reduces the risk of spoofing due to its zero-trust design. This is a significant change because pretty much every interaction with the network requires interfacing with DNS. DoH offers several advantages over standard DNS traffic, such as encryption using HTTPS, preventing unauthorized inspection, man-in-the-middle attacks, and traffic analysis. Since it leverages TLS certificates so that clients can verify the identity of the DNS server, it prevents spoofing through this authentication mechanism. Additionally, it's built on the DoH standard defined by the Internet Engineering Task Force (IETF), which means that it should work with modern RFC 8484-compliant clients. Finally, it integrates into the existing network architecture seamlessly and can even run in parallel with standard DNS, so that customers can migrate to the new technology at their own pace. Microsoft says that in the past few months of preview, DoH has become more stable, and customers can confidently deploy it in production environments with proper guidance. Microsoft has emphasized that migrating to DoH is necessary for organizations that are moving toward zero-trust DNS solutions. Windows clients already support DoH, but the latest availability on Windows Server provides encrypted DNS to all endpoints. The company has also mentioned that "while this release focuses on encrypting client-to-resolver communication, support for encrypted communication between Windows DNS Server and upstream DNS resolvers is planned for a future update." You can follow Microsoft's guidance to deploy DoH here, but keep in mind that you need a Windows Server 2025 installation with the latest Patch Tuesday updates installed.

  • Recent Achievements

    • Week One Done
      davidbazooked earned a badge
      Week One Done
    • One Month Later
      Jamswaz earned a badge
      One Month Later
    • Week One Done
      Jamswaz earned a badge
      Week One Done
    • Rookie
      Marzoid went up a rank
      Rookie
    • Community Regular
      coch went up a rank
      Community Regular

  • Popular Contributors

    1. 1
      +primortal
      511
    2. 2
      PsYcHoKiLLa
      185
    3. 3
      +Edouard
      159
    4. 4
      Steven P.
      83
    5. 5
      ATLien_0
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!