Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How Secure Are Password Recovery Tools?

How Secure Are Password Recovery Tools?

By Zoltán G.Zoltán G. Verified by Adam B.Adam B. Last updated: July 17, 2024 (0)
Table of contents

“It’s breakingbad. No. Then it’s Bre@k1ngbAd. Nope. Great, I forgot my password!” Forgetting a password is a situation we all would desperately like to avoid, but without the right tools and methods then it’s destined to happen sooner or later. And there is nothing more annoying than having to reset a password – especially if it miraculously complied with the advice of security experts – and being forced to create and learn a new one.

So, it’s not surprising that many users would rather turn to unconventional methods like password recovery tools than to continue the never-ending cycle of trying to memorize a new login again. These programs certainly can do their job well, but are they the safest, most reliable way of recovering lost passwords? And if they aren’t, how can losing logins be prevented to begin with?

The working principle of password recovery tools

Whether it’s a simpler program like Ophcrack or an advanced behemoth like John the Ripper or Hashcat, the working principle behind password recovery tools – or, in certain cases, password reset tools – is usually the same. Basically, users can recreate the methods used by hackers like a dictionary attack – which is trying meaningful words in the chosen language – or an appropriately named brute force attack that tries every single combination of letters, numbers, and special characters.

However, there are some key differences in how these ‘attacks’ are performed by the recovery software. Ophcrack, for instance, doesn’t require anything from the user other than to burn the program to a CD or flash drive and then run it instead of booting up the computer. John the Ripper and Hashcat, on the other hand, don’t work unless they are first fed with word lists or the so-called rainbow tables – lists containing countless passwords alongside the hashes that they are encrypted with.

60% off RoboForm for Best Reviews readers
RoboForm logo
Commit to RoboForm using Best Reviews' exclusive discount and enjoy a discount of 60% off the regular price.
/goto/roboform/ Click to show code

Apply with caution

Although there is no doubt that password crackers can be useful for retrieving lost passwords from online accounts, programs or even from the OS itself, there is still no guarantee that they’ll be successful and should only be considered as a last resort. For starters, more advanced password crackers need to go through complex settings adjustments to work properly, which could be quite a challenge for less tech-savvy users. Then there is the fact that certain password cracking programs automatically destroy the retrieved password, therefore leading to the very thing that users are trying to avoid, namely creating a new password.

Additionally, these tools typically take their time in cracking passwords, especially if the slowest method – the brute force attack – is chosen. In certain cases they cannot be even launched from the most recent operating systems. And last but not least, password crackers will immediately disclose usernames and passwords, meaning that if these tools fall into the hands of criminals – particularly the patient kind – then they can easily gather any valuable information from a computer.

Password recovery tools vs password managers

To be honest, there is actually one program that password crackers aren’t able to extract passwords from: password managers. If you think about it, this is pretty logical as password management solutions are all equipped with military-grade encryption with which the program stops any trespassers from being able to find or read any login credentials and other data that are stored within the software. This effectively showcases how data stored within password managers are indeed safe from any kind of attack.

However, the fact that master passwords cannot be retrieved from password management solutions also means that the program could in theory stay locked for good with all the stored information trapped inside, unless there is another way than the master password to access the vault such as a PIN code or a one-time password. And to make things even more complicated, for security reasons the moment a master password is reset the data stored inside the program is deleted as well.

Prevention is the best medicine

Since password recovery tools are like double-edged swords their use is only recommended if you have exhausted every other possibility. As such, it’s better to prevent the loss of passwords from the get-go by either relying on strong but easily memorable passwords or, better yet, creating truly uncrackable logins and then storing them within a password manager to pass-on the hassle of remembering those passwords. In fact, the second option is the best approach for everyday users since it is safe and convenient – provided that they don’t forget their master passwords…


Best password managers of 2024

Editor's choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us