Best password recovery software of 2024 | TechRadar

Password recovery for software applications and hardware devices

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

The best password recovery software offers a simple solution for recovering lost or forgotten passwords for both software and hardware.

Password recovery software can help you regain access to your user accounts by recreating tactics used by cybercriminals such as brute forcing using variations of letters, numbers and special characters. Some solutions will even use combinations of passwords your remember. By recovering forgotten passwords, you can then change your credentials to enhance security, and store them in a password manager so you don't forget them again.

Our security experts have used each of the solutions on this list for recovering passwords, and have tested them across a range of devices and operating systems to ensure the ultimate level of compatibility and effectiveness, as well as considering ease of use, cost, and additional features such as password generators.

I have organized the best password recovery services from this testing into a handy guide to help you choose the best solution to fit your needs. Here are my recommendations:

We've also highlighted the best free password manager.

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

Passware is a leading password recovery software developer that has a success rate of about 70%, which is quite good, considering the task at hand. The Basic, Standard, and Standard Plus kits are all intended for home use, although there are Business and even Forensics solutions available, depending on how difficult the job is.

The Basic kit works on Microsoft Windows Vista, and Windows 7/8.x/10/11, as well as on Mac. The software can grant you quick access to a wide variety of file types, either through brute force attacks or Passware’s “Instant Recovery” method, as well as general Windows passwords.

The Kit Standard Plus version can also unlock password managers like LastPass, 1Password, Dashlane, and Keepass, as well as recent Windows local accounts, server accounts, and Microsoft Live ID accounts.

While somewhat costly and like all solutions, not guaranteed to work in every case, this is a good place to start for a robust password recovery application with a good track record. The latest update also brought the password recovery for bcrypt hash.

Recover My Password by Lazesoft is another freeware option for recovering a Windows admin password. You can remove the Windows password entirely, reset it to blank, and unlock, enable, or disable user accounts.

The Home edition has a graphical user interface, making it simple to use. Just follow the step-by-step instructions to create a bootable CD that you’ll use to recover your passwords. The business version builds on the free home edition and is priced from $39.99.

Lazesoft claims a 100% recovery rate when used on Windows 2000, XP, Vista, 7, 8, 8.1, and even 10. It can also be used to retrieve lost product keys from Windows installations.

Finally, Lazesoft has free technical support available, so if you get stuck, you can check out its comprehensive FAQ and knowledge base, and then if necessary, contact by email.

A well-known name in the password recovery business, Ophcrack is one of the best freeware solutions available. It’s designed for average users with little knowledge of cracking passwords, so even novices can follow the simple step-by-step instructions.

There’s no need to install Ophcrack on a separate device. Instead, you can download an ISO image directly from the website to be burned onto a CD or flash drive, and boot from either of these to access powerful password recovery options. Ophcrack will locate Windows user accounts and automatically recover the passwords.

Ophcrack currently supports Windows 2000/XP/Vista/7/8/10. It cracks passwords based on “rainbow tables”, which uses less processing time than a brute-force attack. These tables can be downloaded for free from the Ophcrack website. There’s also a brute-force mode for simple passwords.

The software is free and open-source, which is a big advantage both in terms of cost and transparency. While you may not have the user support of a paid solution, Ophcrack has a good track record and can be used to reliably recover many Windows accounts.

Don’t let the name scare you: John the Ripper is a reputable password recovery tool available for Unix, macOS, Windows, and others. The free version is only available in source code, which isn’t well suited to novice users. However, a Pro version is available for Linux and macOS, with a seven-day money-back guarantee.

In both cases, there’s no graphical user interface, so if you’re not familiar with command-line, this tool is probably not for you.

Even if you take the free version, however, the wordlists required to use the program are paid. There’s also a mailing list where you can ask questions if you run into any trouble, although responses may vary in promptness and usefulness.

Trininity Rescue Kit (TRK) is a live Linux distribution that can be used to recover Windows passwords, which can then easily be reset using a simple (text) menu interface. The software also includes five different virus scans and a tool for disk cleanup, with recovery and undeletion of certain files and lost partitions.

The documentation is also extensive—very extensive. Given this and the fact that it runs only on Linux, it may not be a suitable solution for many users. That said, it’s entirely free, has a small download size, and has a five-star rating from its users.

TRK works for Windows XP, Vista, 7, 8, and 10.

We've listed the best password generators.

When deciding which password recovery software to use, first consider what your actual needs are, as budget software may only provide basic options, so if you need to use advanced tools you may find a more expensive platform is much more worthwhile. Additionally, higher-end software can usually cater for every need, so do ensure you have a good idea of which features you think you may require from your password recovery software.

We probed Denis Gladysh, co-owner and head of Passcovery, a supplier of high-speed GPU-accelerated software solutions for recovering passwords of popular file format, to find out what the most popular ways to recover lost passwords are.

By skillfully customizing the range you may staggeringly reduce the number of trial passwords. This will still be a brute force attack, only with a limited range of combinations:

Mask is a part of the password that you know some specific details about. It remains unchanged throughout the entire attack, while only the unknown part is being changed. Not the most common case, of course. For example, if you know that the password begins with the name Jack, ends with the year of his birth - 56, and there are some characters in the middle, then by using the mask - Jack?????56 - you could check all 11-character passwords beginning with Jack and ending with 56.

When you do not know the exact characters of the password, but you do know its structure, then using the extended mask attack you can define an individual charset for each position in the password. Trial passwords will only consist of the characters from the defined charsets. Only a few password crackers offer this feature. Passcovery (review/website) is one of them. For example, you know that the password begins with a capital letter, ends with numbers, and there are only lowercase letters in the middle. So it only makes sense to try passwords that meet these specific criteria. The extended mask option allows to check such passwords.

Oftentimes a password is not a set of random characters, but a meaningful word: a name, date, nickname, favorite movie/cartoon/book character, dish, country name, etc. Such topical lists of words and their combinations are called dictionaries. And a password attack based on such wordlists is referred to as a dictionary attack. By running a dictionary attack you can quickly check all popular passwords. For example, over the last few years the password 1234567890 has been top-rated as the most popular one. OMG! 10 characters! Gotta be strong enough, you think? Yeah, right :)

What if we combine several words into a single password and alter characters in it? We'll get a password that is too long for a regular brute-force attack and that can never be found in any dictionary. And yet it is possible to recover it by combining multiple dictionaries and setting character mutation/substitution rules. Passcovery programs can handle such tasks. See for example the case of Apple iOS 13.x backup file. Then we compiled a list of likely words that could possibly make up the password, added mutations rules, ran the attack and successful ly recovered the lost password.

Which attack to choose from the four listed and its efficiency depends on each specific case. Say, you know the words that make up the password, then dictionary attack with rules is what you need. If you know the structure or a part of the password, then you'd better go for extended or regular mask attack. When you don't know any details about the password, it is recommended to run a dictionary attack using wordlists of popular passwords. And still, there is no guaranteed way to recover, let alone crack a properly made and secure password (and that is great, isn't it! otherwise what's the point in protection, if anyone who has a computer could crack it?). There is no 100% guarantee, but success is still possible.

With an effective software tool, high-performance hardware, and a little information about the password, you get pretty high chances to successfully recover your lost password.

NB: All of the above refers to the latest types of secure password protection with encryption and does not apply to protection against accidental editing. The latter can always be removed instantly (as, for example, in Microsoft Office 2-2019)

To test for the best password recovery software we first set up an account with the relevant software platform, then we tested the service to see how the software performed when accessed by different devices, as well as testing any additional tools that were provided. The aim was to push each password recovery software platform to see how useful its basic tools were and also how easy it was to get to grips with any more advanced tools.

Read more on how we test, rate, and review products on TechRadar.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

VPN usage soars in Mauritius amid pre-election social media shutdown

Hundreds of online shops have been hacked to show fake product listings in major phishing scam

Ugreen 10,000mAh Magnetic Wireless Power Bank review: capacious and light, but not built like the best