How effective are your password recovery settings?

Improving password recovery success rates

Limited time and resources are usually the two biggest constraints for password recovery. A live memory image could contain encryption keys and passwords, but what are the options if there is no such image available?

There are two important metrics for measuring effectiveness of password recovery: success rate and time spent. After all, we could do a full brute-force attack for all 16-character alpha-numeric passwords with 100% success rate, but waiting a billion years is not a viable option.

There is a lot of research to identify different patterns in passwords used, and the common view now is that there is no such thing as “the best” list of password recovery attacks. People choose different types of passwords to protect different types of data – corporate files, personal documents, or web accounts.

One of the questions we are asked often is, “How do I measure the efficiency of my set of password recovery attacks?”

That’s exactly the reason why Passware Kit now allows running password recovery attacks against a list of known passwords. For different types of passwords, this is the fastest way to see the success rate and estimate performance in real-life scenarios.

As an example, let’s use a list of 10,000 most common passwords (per Mark Burnett,

Let’s start with the default Passware Kit settings, to see how good they really are:

  • Launch Passware Kit

  • Click Tools|Test Settings…

  • Locate your known passwords list, e.g. “10k most common.txt”
  • Click “Advanced: Customized Settings (Ctrl+E)”
  • Click “Reset Attacks to Defaults” in the “Actions” pane:

  • Remove the last two attacks:
  • Click “Start Recovery”
8,551 of 9,999 passwords found (86%) in 20 min. 14 sec. 9,704,654,975 passwords checked in total:

86% is a decent success rate. But as we are cracking a list of online passwords, let’s try adding a 176MB “Frequent Passwords” dictionary:

  • Download the dictionary
  • In Passware Kit click “Back” toolbar button
  • Drag Dictionary attack to the end of the list:
  • Select “Custom…” from the Dictionary pull-down list:
  • Click “Browse…” and select FrequentPasswords.dic you downloaded, click OK.

  • Click “Start Recovery”

9,682 of 9,999 passwords found (97%) in 3 min. 45 sec. 2,553,899,750 passwords checked in total:

A single additional dictionary improved our password recovery rate to 97%! We have just checked that the default settings cover the most typical passwords, and that adding custom dictionaries could greatly improve the success rate.

Do you know any other tips or tricks to improve password recovery success rates?

Questions, suggestions for topics or feature requests? Please let us know.