Both PIN and picture password are new and innovative ways to log in to your Windows 8 computer. But compared to a traditional text-based password, these two sign-in options are much less secure and they can be cracked easily!
With the small utility Mimikatz you can quickly grab plain-text passwords from Windows 8 or 8.1 system, no matter how strong your passwords are! Any local user with Admin privileges can decrypt the text passwords of all users whose accounts were set to a PIN or picture password.
How to Recover Windows 8 PIN and Picture Password in Seconds?
- Go to http://blog.gentilkiwi.com/mimikatz and download the latest mimikatz binary. Extract the contents, access the either the Win32 or x64 folder (depends which OS you have installed, 32 or 64 bit) and run mimikatz.exe as administrator.
- A Command prompt will appear. We’ll need to enable debug mode with the privilege::debug command.
- Next run the token::elevate command which will force mimikatz to elevate to SYSTEM.
- Run the vault::list command and it will dump plain-text credentials. As you can see it pulled the 4-digit PIN code, picture password as well as my local account password. If you used a Microsoft account as your computer’s login, this tool can also dump your email account password.
This is a security hole in Windows 8/8.1 that makes it easy for someone to steal the plain-text passwords from memory. Remember that never switch to PIN or picture sign-in options as this will expose your local/Microsoft account password.
Windows To Go is a new feature from Windows 8 that allows to install Windows 8 to a portable USB drive. It works much like a WinPE or Linux Live CD but it’s definitely not an ordinary bootdisk. It is to place a complete, fully manageable Windows 8 installation on a USB drive.
Although the built-in Windows To Go creation tool is only available in Windows 8 Enterprise, there are third-party softwares out there to set up a Windows To Go USB drive on any Windows PC. Here we’ll explain how to make a Windows To Go USB drive with the freeware ISO2Disc.
- A USB 3.0 flash drive with at least 32GB of storage, or an external USB hard drive.
- Windows 8 or 8.1 ISO image
How to Create A Windows-To-Go USB Drive with ISO2Disc?
- Plug in the USB flash drive you want to use for Windows To Go.
- Download and install the ISO2Disc application.
- Launch the ISO2Disc program. Click on Browse to select your Windows 8 or 8.1 ISO image, or simply drag the ISO file to the program.
- Click on Burn to USB Flash Drive and then select one of your attached USB drives. Make sure you’ve backed up all important data on your USB drive as the drive needs to erased completely.
- If you want to create a Windows To Go USB drive to boot off a UEFI-based machine, make sure you use a 64-bit ISO image of Windows 8/8.1 and choose GPT partition style. Otherwise choose the default option: MBR.
- Under the Bootdisk type, select “Windows To Go (install Windows to USB)” from the list.
- Click on Start Burn to begin installing Windows, which could take up to 30 minutes or longer depending on the speed of your USB drive.
- Once the job is done, you’ll see the “Burn finished” message. You can now restart your computer to test your newly prepared Windows To Go USB drive. If your PC won’t boot from your USB drive then you’ll need to enter into the BIOS and change the boot order so that your USB drive is first on the list.
The first time you boot from a Windows To Go USB drive, you’ll have to go through the same first-time setup process you’d see after installing Windows on a computer normally. Once setup, you’ll be able to boot much more quickly in future.