Skip to main content

A closer look at password management and recovery

In the past, we’ve talked about making sure your passwords are up to scratch by crafting super-strong and memorable passwords. However, that can be a lot of work if you've got a ton of passwords to remember.

So, in this article, we’re going to look at the best tools you can utilise for creating and saving your passwords, while still providing all the safety and security you need.

Password managers

With the right software installed, you only need one password. Full-stop.

That's because password management software uses a master password. When you visit a website, the software will enter the secret, encrypted, strong password for your account. All you need to do is know the master password. Sure, you could rely on your browser to remember all your passwords, but that means leaving yourself exposed to possible interlopers.

Most of these programs double as – or indeed started as – form-fillers (apps that remember your name, address, and credit card info) and offer other identity protection services. And these days, most of them are cross-platform affairs, so they can handle your security not just on your computer, but also your mobile devices.

Which password managers do we recommend? Check out LastPass, Dashlane, KeePass and Kaspersky Password Manager. A special mention goes to RoboForm, recommended by our readers.

For more details on these, see our closer look at the best password managers.

Two-factor authentication

A password is great and all, but sometimes it's not enough. Two-factor authentication is a lot stronger, for it requires not only the knowledge of your password, but the physical presence of something you own. This means you not only type in a password, but also use some hardware, called a token. The most common token is the ubiquitous USB flash drive. Some companies may issue them with special chips for performing two-factor checks.

Or some systems like the Personal Locker feature in McAfee All Access 2014 go all out, using both facial recognition and voice recognition to authorise access to your protected storage. A cyber-crook can't fool it with a photo and a voice recording, as the voice recognition component asks you to read a different statement each time.

For an in-depth look at this topic, see our feature entitled: A good password isn’t enough – why you should use two-factor authentication.

Password recovery

Eventually, you're going to forget a password (if you don’t use a password manager, that is). The vast majority of websites offer some kind of recovery solution – typically a link that sends the password (and even the username, in some cases) via email.

You may have to fill out some extra security questions (e.g. "Name of the city where you were born"). If you haven't already answered them, you could have problems. So for accounts that are important, like your bank and credit cards, go back to the preference settings in your account to see if you need to hand over some extra security info to stave off problems in the future.

Another example: With a company as complicated but important as Google – where you use the same username/password combo to get access to multiple service, such as Gmail, Google Drive, YouTube, and so on – recovery can be the difference between getting things done and getting fired. Visit your Google Account page and click on the Security option, where you can set up recovery and alert options (and also 2-step verification). It’s all well worth doing.

Windows password

What about passwords on your own computer? That's when many of us run into issues. You don't have anyone to turn to if you forget your own Windows login, or inherit a computer with someone else's passwords. Rather than format the hard drive and start over, try Asterisk Key first. This freebie is for individual programs that have passwords stored but masked behind a field of asterisks (*********) on the off-chance someone is peaking over your shoulder. It's made by Passware, which has a slew of tools for password recovery, including a full Password Kit for recovering passwords used in Microsoft Office and a Windows Key for resetting your Windows password without reinstalling.

If you'd rather avoid paying money because you've forgotten a Windows password, Ophcrack is free and runs from a LiveCD (you'll need to burn the downloadable ISO image to a disc to run it). Let it boot in your Windows computer and it'll soon display all your passwords on screen for Windows XP, Vista, and Windows 7. (Note that running Ophcrack without the LiveCD might trigger your anti-malware software).


One other area where you might need to recover a password is your network router. NirSoft's RouterPassView will help by pulling out data from router config files, but whether it works or not will depend on what model router you have.

If you never even changed the default settings on the router, look for the default usernames and passwords from the master list for all known routers found at (where else)