Press "Enter" to skip to content

Tag: passwords

Techy: Resetting a Windows Vista Password

Due to staff changes at work, we had two Windows Vista PCs (Business Edition, but these instructions should work all all versions of Windows XP and Vista) which had installed/purchased software on them, but we did not know the user passwords and/or administrator passwords. We also did not have a “Password reset disc”. We therefore needed to “break into” them and it’s a lot easier than you expect.

  • First of all, from a machine which you do have access to, download the Trinity Rescue Kit (TRK) from http://trinityhome.org.
  • Now burn the ISO image to a CD/DVD (instructions will vary depending on which platform you downloaded the ISO from and what software you are using). Make sure you burn it as a “Disc Image (ISO)” (aka a “Bootable CD/DVD”) and not just storing the file “as is”.
  • Insert the TRK CD into the machine you need recovering and get the machine to boot from the CD drive (on Dell machines, just press F12 as it is booting for the “Boot Menu” and select “Boot from onboard or USB CD/DVD drive”).
  • Wait for TRK to load.
  • Select the first option on the TRK menu as you don’t need any fancy extras
  • Once booted, type “winpass -l” (that’s all in lower case and finishes with a hypen and then a lower case L for lima)
  • If you get a message about Windows already being mounted, just select the “Force” option.
  • You may then be asked to select a Windows installation – select one and see if it lists the username you are trying to reset. If it doesn’t, repeat the previous step and select another Windows installation
  • Make an exact note of the username as the spelling, spacing and capitalisation will matter
  • Type “winpass -u 'User Name'” where ‘User Name’ is the exact username you are changing. Select the same Windows installation as you did previously.
  • Select option 1 to reset the password for that account to “blank” and, if necessary, unlock the account with option 4 (if there have been too many resets previously).
  • When finished, type “q” and press return to exit winpass.
  • Eject the CD/DVD and reboot.
  • You should now be able to log into that user account without using a password (if it is the only Windows account on the machine, it should auto-boot into that account)

Needless to say, neither myself nor the makers of Trinity Rescue Kit can take any responsibility for any damage/problems caused by following these instructions and I can only say “it worked for me!” (twice).

Techy: Token Authentication instead of passwords

I’ve been spending quite a bit of time recently creating a login system (coping with OpenID, Facebook Connect and Microsoft LiveID/Passport) and, of course, the “common and/or garden” email address and password system.

Whilst we do deal with credit card and payment details on the system, it doesn’t need to be “that secure” relating to user authentication (hence we haven’t need to consider proper two-factor logins: where you login with one password and then need to login again using something else). However, recently security snafus (such as the WebHostingTalk database exploit) is making me think that perhaps we should consider offering an alternative to the standard password system.

There are a hardware one-time password tokens out there such as MyPW (which is very similar in looks to the token used by HSBC Bank) and YubiKey (as used by Tom at Nominet) along with Verisign’s VIP Authentication system for iPhones: however, all these OTP (One Time Passwords) systems are designed to be used in conjunction with an existing username and password (i.e. two-factor logins): but has anyone actually implemented a login system which uses the OTP as the SOLE password?

Any pluses/minuses or thoughts about it? Even if you haven’t implemented it, but just think it’s a good or bad idea – please let me know!