Locked out? Get back into Windows 8 by resetting your password

A forgotten password is no need for panic. There are several ways to get back into your Windows 8 PC if you've locked yourself out.

A forgotten Windows password isn't the end of the world. You don't have to trash the computer, or even perform a dreaded factory restore. There are many ways to remove or reset a Windows password, but how quickly and easily it can be done depends on the situation.

Password reset methods differ between Microsoft and local Windows accounts. If you aren't sure which type of Windows account you have, it's simple to find out: turn on your computer and see if an email address is displayed above where you enter your password to login. If there's an email, it's a Microsoft account. If not, it's a local account.

Resetting the password for Microsoft accounts can be relatively quick and easy. Resetting local accounts, however, takes a hack or a third-party tool. Since computers preloaded with Windows 8 include a new Secure Boot and the Unified Extensible Firmware Interface (UEFI) boot method, using a third-party tool complicates the process further.

Resetting the password of a Microsoft account

If you have a Microsoft-based Windows 8 account, you can use Microsoft's online form to reset the password. You can complete this from another PC, or even a smartphone or tablet. Although you can find a phone number for Microsoft support, I was told when calling that they can't help with password resets; you must use their online form.

It will be easier to reset your password online if your current email address or cell phone number are saved to your Microsoft account. The online form will show you an incomplete email address and cell number you have on file. You must then confirm the full address or number and choose which one you'd like them to send the reset code to.

If you don't remember the full email address or cell number that's on file, or don't have access to them anymore, you can fill out a questionnaire including account security questions. If your information checks out, the site will help you create a new password.

Once you successfully reset your password using Microsoft's online form, you should be able to login with the new password. Your computer must be connected to the Internet to be updated with the new password.

Removing the password of a local account

Although not great from a security perspective, there are many ways to reset or remove a Windows password for local accounts without having administrative access or passing the security checks from Microsoft's online form. These methods typically include using a bootable CD, DVD or USB drive. We've already discussed this in a previous article for Windows 7 and earlier, but that particular utility doesn't apply to Windows 8.

Caution:  Resetting a password using these methods means you will lose access to any encrypted files utilizing the Encrypting File System (EFS) built into Windows and stored passwords for Internet Explorer and network resources.

There are many other bootable password recovery and rescue tools that work with the latest Windows versions, but most require changing the boot settings of your computer.

If you have a genuine Windows 8 disc or flash drive, you should be able to boot from it without having to change the boot settings. If this is the case, you can use it to perform a so called "Sticky Keys" hack to reset your local Windows account password.

A previous article describes how to perform the Sticky Keys hack. The article was written for Windows 7 and earlier, but still applies to Windows 8 and later with a few caveats:

If you don't have a genuine Windows 8 disc or flash drive, you can use a third-party tool or utility. For example, the Offline NT Password and Registry Editor is included with other rescue discs like Hiren's BootCD.

Before you can boot up a third-party tool on a computer that came pre-loaded with Windows 8 or later, you must temporarily disable the new Secure Boot and UEFI features. Start by holding the Shift key down while you restart Windows 8, even from the initial login screen.

Once it boots into the Advanced Startup Options (ASO) menu click Troubleshoot, Advanced Options, and UEFI Firmware Settings. The exact settings differ between PC manufacturers, but find and disable the Secure Boot and UEFI features, which may include enabling the Compatibility Support Module (CSM) or legacy boot mode.

Once you run the bootable third-party tool and clear your Windows password, you should re-enable Secure Boot and UEFI. Then you should be able to boot into Windows again and login.

Prevent future forgotten password issues

Now that you're back onto your Windows account, consider setting some alternative login methods, like a PIN or picture password, which can be used if you forget your password.

If you're using a local Windows 8 account, you can create a password reset disk using a USB flash drive via the User Account settings in the Control Panel. If the password is ever forgotten, even if it has been changed since you made the reset disk, you can plug in the USB flash drive in order to reset your password.

A somewhat similar password reset function exists for Microsoft accounts. You can generate a Microsoft recovery code so that you can save it and enter it later if you forget your password, even if the password has been changed. You can generate this recovery code on the Microsoft security settings webpage.

Join the CSO newsletter!

Error: Please check your email address.

Tags Windows 8MicrosoftsecuritypasswordsWindowssoftwareoperating systemsWindows 8.1

More about AdvancedCSMMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Eric Geier

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts