Since the day that password protection was invented, users (and the people that help them) have been dealing with the “lost password problem.” You know how it goes; you or someone you know can’t log in to their account because they can’t recall their password.
Take it from me, it happens. A lot.
For a long time – at least since Windows XP and probably before – Windows has included the ability to create a password reset disk that you can use in cases where you’ve forgotten your Windows login password.
There are a few prerequisites to using this tool. The most important one is you must create the disk before you actually need it.
Become a Patron of Ask Leo! and go ad-free!
What the password reset disk can and cannot do
Before we get started, let’s be clear about what this thing can do.
- You must create a password reset disk before you need it.
- A password reset disk can only reset the password of the account for which it was created.
- A password reset disk can only reset your password; it cannot reveal or tell you what the password currently is.
So if you think that the password reset disk is some magical skeleton key that’ll let you reset the password to just any account at any time, then you’re wrong. It can, however, reset your password as long as you made the disk before you forgot the password.
If you’ve ever experienced a lost password, or if you use a particularly complex and secure (i.e. hard to remember) password, you may want to create the disk before it’s too late.
Creating the password reset disk
We start in Control Panel. Navigate to User Accounts. There, you’ll find a Create a password reset disk link:
Click that and you may find yourself up against the first obstacle (as I was):
You do need to have a floppy disk (who has those any more?) or a USB drive inserted and ready. After you attach a USB drive (an inexpensive thumb-drive dedicated to this account’s recovery information should do), try again and you’ll get the Forgotten Password Wizard:
Click Next and you’ll have the option to select which connected USB drive to use:
Click Next again and you’ll need to confirm your password for security:
This is done simply to prevent someone from being able to walk up to your logged in machine and create a password reset disk for your account. They could then later use that disk to reset your password and access your machine. Click Next and the disk is created.
One final Next for the last page of the wizard:
Before we even use the disk, however, we need to talk a little bit about security.
Keeping the reset disk secure
The final screen of the wizard contains a very simple, understated instruction:
Label this disk “Password Reset” and keep it in a safe place.
Label it however you like (I’d include the account login name as well), but keep it in a safe place. That is incredibly important.
Naturally, you’ll want to be able to find it should you ever actually need it – that part is easy.
But think about it – anyone with this disk in their hands can reset your Windows password. In other words, having this disk is just as good as having your password. As we’ll see in a moment, it’s just a couple of steps to use it.
So do more than keep it in a safe place; keep it in a secure place, a place that people who shouldn’t have access won’t have access – accidentally or otherwise.
Using the reset disk
You wake up one morning and for whatever reason, you simply cannot remember your Windows login password. But you do remember your password reset disk.
Here’s how you use it.
After a failed login attempt, Windows will show you your password hint (if you created one) and a link to “Reset password…” if you’ve created a password reset disk.
Make sure that your password reset disk is inserted and click Reset password… Windows will once again ask you to select the drive containing the password reset disk and then display this dialog:
You can now enter a new password which will replace whatever that forgotten password may have been. Make sure to also include a password hint that might also help you (but not someone else) remember the password in the future.
Click Next and you’ll be taken to the Windows login screen to login with your newly reset password.
Do you really need a password reset disk?
Is all that really necessary?
Maybe. Maybe not.
In all the years that I’ve been using Windows, the first time that I created a password reset disk was in writing this article. My approach to passwords allows me to remember them easily while still keeping them secure.
On the other hand, perhaps you’ve run into forgotten password situations before. Or perhaps you’re setting up a machine for a friend who’s not as comfortable with passwords, computers, and the like. Especially in the later case, a password reset disk can be a very quick and handy recovery tool.
Leo, how does this affect encrypted files? Does Windows use your password as an encryption key? One of my email accounts does, and it warns me that if I lose my password it can be reset but I will lose access to all my old emails
I strongly dislike Windows built-in encryption because it’s very easy to lose access to the files should you ever lost your account. I think in this case a password reset disk will preserve your encrypted file access (the encryption uses that same underlying token that identifies your account, or something based on it, and not your actual password). There is a separate procedure to save the encryption certificate should you ever permanently lose access to the (one and only) account that created it and can access it, but that’s very easy to forget or overlook. I strongly recommend solutions like TrueCrypt instead.
I don’t use Windows’s built-in password reset disk feature as it only works for one account. Instead, I use Offline NT Password & Registry Editor. It comes with the program ‘chntpw’ preinstalled. Of course, you can boot into any live Linux distribution and install the package manually. It instantly blanks out Windows passwords for any user(s) of your choice, administrator or not. The downside is it doesn’t work for encrypted systems, and only works for local accounts. (Log on to ‘this computer’, not a domain.) For encrypted file systems, you’ll have to use a brute-force password cracker, such as Ophcrack. This method might take longer, and may not be able to crack a very secure password. However, if Ophcrack does succeed, you will gain access to an encrypted file system.
I’ve actually been disappointed by Ophcrack. I have what I’d consider only a semi-secure password on my home machine, and yet when I tried Ophcrack to see how well it would do it failed. The Offline disk is one I’ve used and recommended.
I signed up for and provided all necessary information and thought that the Password reset would occur or tall me what the next step is. Nothing has happened.
I don’t understand what you “signed up” for … the password reset disk described in this article is for your Windows password, and has no “sign up” involved.
I keep all my passwords in LastPass. When I forget the Windows password, I can log into my LastPass account from another computer and have it displayed.
i have no problem with email pass word i can repeat my password at any time.i have not at all for gotten my password. but still i am not getting my mail saying that it is website security problem.so pl. help me to read my mail. ok thanks leo sir.
I’m afraid I don’t understand your question, but it appears to be unrelated to the topic of this article which is about Windows passwords, not email. Please submit new questions here.
Would the password reset disc still work if the account’s password had been changed since the disc was created?
The side note to the article answers that question. The password reset disc will still work.
I followed all of the steps but it only says “An error occurred while the wizard was attempting to set the password for this user account.”. What should I do?
I woke up this morning and my password won’t work. I have Windows 7. I tried to reset, but it asking for Disk to reset. I never set up a disk. I do have two users on the computer and the other user does not have a password. I can still use my computer on the other user, but not as administrator. How do i fix this. I have always used the same password, I did not changed it. I really don’t understand what is going on. Please help.
The kind of password reset disk you’d need in this case is a bootable Linux disk which can reset a Windows login password. It is described in this article:
I’ve lost the password to my Windows Administrator account. How do I get it back?
I’d start you here: https://askleo.com/ive_lost_the_password_to_my_windows_administrator_account_how_do_i_get_it_back/
Ah, memories.
When I first set up our computer, I was dismayed, amid all the myriad setup tasks, to find that I couldn’t log into the Administrator account! I racked my brain trying to remember what password I’d entered, and tried every password I could think of to no avail… until finally, in some desperation, I simply tapped ENTER on an empty prompt… and gasped when I was told “Welcome!”
I hadn’t set an Administrator password!
Oh boy, did I ever change that in a hurry, LOL!!! :)