A few weeks ago, I got a phone call from a close friend who owns a small trucking company. My friend’s IT person had quit and my friend was in dire need of some computer work. I don’t usually do that type of consulting, but this was a friend, so off I went.

Upon arrival, I discovered that one of the many problems they were having was related to a corrupted Outlook profile. The solution was easy enough; I just needed to create a new profile. When I did, however, it turned out that my friend had no idea what the SMTP or POP3 password was supposed to be. To make a long story short, we were eventually able to get Outlook running again by calling the ISP and getting the password reset. However, this repair job illustrates a very common problem: recovering embedded passwords. Luckily, there is a new tool that can help—even in Windows XP.

When a helpful feature becomes problematic
Like so many other applications, Outlook stores user passwords so that they don’t have to be entered each time the application is started. Once users enter their Windows passwords, they don’t have to know any of their other passwords (with some exceptions) because Windows stores them all within the user’s profile. As handy as this feature is though, it causes some problems because users tend to forget passwords they don’t routinely use. And if the system ever needs repairing, it’s helpful, if not often crucial, to know some of the embedded passwords.

Figuring out an embedded password is no big trick. Just take a look around the Internet, and you’ll find dozens of different password recovery utilities. The problem is that when Microsoft released Windows XP, it changed the password storage and encryption mechanism. This means that none of the existing password recovery utilities work with Windows XP.

A company called iOpus Software has solved the problem by creating a product called iOpus Password Recovery XP. This product is specifically designed to recover passwords from applications that obscure their password with asterisks and run under Windows XP, as well as earlier versions of Windows.

Using Password Recovery XP
Using the software is extremely simple. The download arrives in the form of a self-extracting executable file, and the installation process is almost completely automated. Once the software has been installed, you can run it by selecting the iOpus Password Recovery XP command from the Start | All Programs | iOpus Password Recovery XP menu.

Figure A
This is the iOpus Password Recovery XP interface.

When the program initiates, you’ll see an interface that is similar to the one shown in Figure A. Simply click on the key icon and then drag it to the field containing the password you are trying to decrypt. The decrypted password will then appear within the Password Recovery XP window, as shown in Figure B. Decryption is extremely fast. In my own experimentation with the product, I had a few problems decrypting some Web-based passwords, but all of the others I tried were deciphered with no trouble.

Figure B
This is a sample of the decryption process.

System requirements, availability, and pricing
Password Recovery XP has minimal system requirements. On a hardware level, Password Recovery XP requires a 486 or higher processor and 1 MB of hard disk space. The utility is equally lenient on the operating system. Password Recovery XP supports Windows 95, 98, Me, NT, 2000, and XP.

You can download Password Recovery XP from iOpus’ Web site. You can either download a free trial or buy the full version. The free trial will reveal only the first three characters of the password. Although three characters may not always be enough to help you guess the passwords stored on an unfamiliar system, the free trial version will at least show you whether the software will work on your system before you shell out the money for the full version. If you choose to purchase the full version, the price is $29.95 (plus $7.99 for shipping and handling if you want the CD-ROM version).

Before you purchase the software, though, be advised that the software’s license is based on the machine rather than on the user. This means that a support tech would need to buy a separate copy of the software for every machine on which he or she planned on using the software, in order to stay legal.