Windows 8 Microsoft account password hack.

[chillipig]

I've started to come up against a problem at work due to the new ability to use a Microsoft account to login to windows 8.

I often have to test PCs when customers return them with alleged faults for a well known company, but frequently the person returning the machine is not the user /only user.

This hasn't been a problem until now as there are lots of Windows password removal tools including some free programs but now I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can.

Having had a good look out there I can find only one title that claims to do it: http://www.top-password.com/reset-windows-password.html

Problem is the company actually has this site blocked by its content filtering software and the rules state that the company expenses account can only be used through the company Internet connection by the designated employee.

I can request this site be taken off the blacklist but the process takes 4-8 weeks and I am getting 2-3 a day which is causing me a backlog.

I have tried proxies but they are all blocked and wouldn't be a good idea when using a credit card anyway.

So can anyone advise me how I could remove/find this type of password manually or any other software they know of retail or freeware?

Many Thanks.

[Shane Nokes]

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

[Ambroos]

I doubt it's possible. If people forget their Microsoft Account password just have them go through Microsoft's own recovery steps.

[ahhell]

"I'm starting to encounter Microsoft account passwords which cannot be reset in the same way a local password can"

That's the whole point in them using a Microsoft account so that people CAN'T reset/"hack" the account.

Is there a way to enable the admin account and log in?

[Detection]

Just tell the company you can't repair the machine without the log in details, any machine sent without them will be returned

[chillipig]

I can guarantee you that the software will not be able to offer you resets on another persons Microsoft Account.

So don't waste your time trying to pay for their services when it's not something they can do. They don't have access to any of the tools required to do so.

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

[HeyRatFans]

Just tell the company you can't repair the machine without the log in details, any machine sent without them will be returned

Unless you're (the op that is) charging them for data recovery too, then this.

[Brandon H Supervisor]

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

there is no way to do this without having their MS password

[Detection]

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

That's like saying you want access to their hotmail emails but you don't want their password to do it

Windows 8 Live Login, IS their email account to put it simply.

Tell the company to start forcing users to use Local accounts instead

What you are asking is contradicting what you are wanting to do

[jordanspringer]

Have the user set a 4 digit PIN or use Picture Password to unlock their Microsoft Account.

[Detection]

Have the user set a 4 digit PIN or use Picture Password to unlock their Microsoft Account.

Good thinking, that would work

[chillipig]

Have the user set a 4 digit PIN or use Picture Password to unlock their Microsoft Account.

If everyone used a local A/C with no password that would suit me down to the ground but the reality is they just assume a computer company has some special tool to temporarily turn off their password in the same way USA customs does with TSA locks. Actually most customers just see it as the companies problem and couldn't give a toss. Beyond that trying to call them multiple times a day to get their password isn't practical, even when they write them down the handwriting can be bad/ misspelled /just wrong.

All I need is access to their desktop in a local sense, if their login credentials for MS on line are removed in the progress thats fine.

[Shane Nokes]

I'm not trying to reset their account login with microsoft itself, just to gain access to the the windows 8 desktop under their user so I can replicate the fault they have reported. I cant ask a customer for their MS account password in the same way I could with a local account as I would then have access to all their MS services too.

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

[chillipig]

My point (as others have pointed out) is that the account used for sign-in and their Microsoft Account are one and the same in those cases.

The only way to request a reset for that password is to actually reset their MA password. That software is not going to do that...if they claim otherwise it's a scam and should be avoided.

Reading your latest post...I honestly think you should hand this off to someone else. I think this may be a case where the depth is a bit much for your level of expertise. I don't mean that as an insult, but an honest assessment based on what I've read.

I do understand what you are saying in that Windows 8 is designed so that it aligns itself with the users on line services as soon as the login window is presented but thats why I titled this thread "password hack." the resulting "damage" to the account credentials and ability to resume using the account locally is of no importance as long as I can see why their webcam isnt working under that particular user for example.

I suppose you could loosely say I am trying to manipulate windows so I can turn the MS A/C into a local A/C stripped of its personalised attributes.

The customer has formerly signed a data loss agreement anyway so I can restore the machine to factory default but of course doing things that way takes longer and time is a big issue for me.

I can see this isn't something thats going to be easy if at all possible from the replies but thanks to everyone for taking the time :)

[Detection]

Tell them to press the 'Refresh my PC' button

Job done

[chillipig]

As a side not this site http://www.top-password.com/reset-windows-password.html claims they can do it saying:

"New! Support password reset for Windows 8 local account and Microsoft account."

"The cached passwords are stored as hashes in the local system registry, so it is difficult to crack or recover the original password. However, it?s possible to update the cached password hash using a new password, so you can log in the system with a new password in case your actual Hotmail password is lost or forgotten. Reset Windows Password is the right software which can help you easily reset Microsoft account password by running from a bootable CD or USB drive."

Interestingly they do write genuine software that has been removing local account passwords for a while now.

[Shane Nokes]

Just for kicks I'm downloading it just to see what type of crap it tries to pull.

I can tell you already that their server capacity must be balls with how slow it's going. I still have about 5 minutes left on a 28MB download...

[+Eternal Tempest MVC]

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

[Shane Nokes]

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.

The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

You can just say Microsoft Account. That is the new term.

[jackkk1]

Does windows 8 really stores cached password of online Microsoft Account? If they does, wow, online account cracking just become much easier.

[Detection]

Does windows 8 really stores cached password of online Microsoft Account? If they does, wow, online account cracking just become much easier.

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

[jackkk1]

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

[Detection]

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

It must store something because you can log in offline using your Live ID

[jackkk1]

It must store something because you can log in offline using your Live ID

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

[Detection]

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

Agreed, to maintain security, having the user create a local & online account during setup would have been better, for cases when their connection is unavailable, they are logged into their local account instead