Home > Products > Windows Passwords > Reset Windows Password > Screenshots > SYSKEY password Lookup
search for SYSKEY startup password
OneNote password recovery v3.4
Support for Microsoft Office 365
Reset Windows Password v14.2
Telegram data recovery, Photo Database and Media Player investigation tools, and some more
Office password recovery tools
Resetting VBA passwords
New blog post
Dumping the history of users' IP addresses in Windows

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Reset Windows Password:
SYSKEY startup password lookup


Syskey is the additional layer of security, was introduced first in Windows 2000. It is always on by default and offers 3 types of protection:
1. Default - when the SYSKEY encryption key is stored in Windows registry.
2. Startup disk - the SYSKEY encryption key is stored on a diskette.
3. Startup password - the SYSKEY encryption key is generated from a user pass-phrase.

Scammers take advantage of the SYSKEY power and often set a SYSKEY startup password on a victim's PC. Usually, they contact you with a thick Indian accent identifying themselves as a member of Microsoft support and tells that your PC need to be fixed immediately because it has a critical problem. They will try convincing you to allow them to connect your system remotely and fix the issues. If you do make the mistake, they will set a SYSKEY startup password. Since you do not know the password, after reloading the system you will get the screen like that (see below) and will not be able to logon unless you pay for a fix.

syskey startup password

Fortunately, in most cases, the passwords they use are pretty trivial and can be decrypted using our SYSKEY password lookup feature. You will have to go through the 3 simple steps to start searching the password.

Setting SYSKEY password recovery options

syskey password recovery options

SYSKEY password lookup may take quite some time and consists of the following steps:

  • Searching for information in the Windows system cache. This method consists of over a dozen of mini sub-attacks, during which the program analyzes all kinds of user passwords: LSA secrets, DSL, VPN, WiFI, FTP, IM, browser passwords, etc.
  • Analyzing simple, short passwords, keyboard combinations, etc.
  • Scan, parse and analyze most recently used files of the target system.
  • Primitive dictionary attack. The application checks all passwords from the built-in dictionary for the Light and Standard editions or from several dictionaries (English.dic, German.dic, French.dic, Russian.dic, Spanish.dic) for the Advanced Edition. If the deep search option is on, simple word mutations will also be taken into account during the search.
  • Primitive brute-force recovery will try to reveal short passwords. The brute-force options also depend on the mutation level.
  • Artificial Intelligence attack analyzes network activity of a user on the computer. Upon the results of the analysis, the application generates user preferences and generates a semantic dictionary for the attack, which it later uses it for finding and guessing the password.
  • Look for passwords in deleted files.
  • Searching for complicated English passwords (Fingerprint attack).
  • Extract strings and words from huge files: RAM images, hiberfil.sys, pagefile.sys and so on. When this option is set, the program will try to skip files useless in password analysis like video, archives, audio files, etc.
  • Search passwords by reading and analyzing raw sectors of the selected drive. If the 'Password mutation level' is set to 'Deep search', the program additionally tries to generate different combinations and 'mutate' found passwords, thus walking through all sectors of the target drive may take quite a time. Note that the sector-based scanning algorithm is not effective against drives that have full-disk encryption set on.
To run a custom recovery method, turn on the 'Custom recovery' checkbox and select one of the available attacks. During the next steps, you will be prompted to set up and execute the selected attack.


Selecting data source

Selecting syskey data source

When searching for the SYSKEY startup password, special attention is to be paid to supplying correct files and folders required for the analysis process. Otherwise, password search will be inefficient or even not available. The application tries to locate the files automatically, but sometimes, e.g., when the computer has several operating systems installed, you may need to use the 'manual control' over it. Please also keep in mind that if the problem PC has 2 or more logical drives, the sequence of the letters for these disks may be set totally different than in the original system.


Searching for SYSKEY password

Searching and decrypting SYSKEY startup password

Finding/guessing the password may take some time, which depends on attack settings and type of your system.

Note that not all SYSKEY passwords can be extracted and recovered but only simple and vulnerable ones!


Setting back the system

Once you retrieve the SYSKEY plaintext password, all you need is to turn off the SYSKEY startup prompt and set your system back to its original state. Just log in your Windows account, hit 'Win+R' keys, type in 'SYSKEY' and click 'OK' button.

Running syskey options

This should bring up the SYSKEY options dialog. All you need here is to click the 'Update' button and switch the 'Password Startup' option back to 'System Generated Password' by supplying the found plaintext.

Setting syskey options