The Picture Password used in Windows 8 machines are more vulnerable than Microsoft hoped, a research team claims. The Picture Password is encrypted with the algorithms that can be turned back into the original plain-text password. As long as you can log on to Windows 8 with administrator privileges, you can break Windows 8 Picture Password security in no time. In this article we’ll show you how to crack Windows 8 Picture Password with the freeware Mimikatz.
How to Break Windows 8 Picture Password Security?
- Download the Mimikatz tool (mimikatz_trunk.zip) from Benjamin Delpy’s blog. Decompress the zip file and you’ll then find that the tool has both 32-bit and 64-bit versions – make sure you pick the correct version.
- Right-click on the Mimikatz.exe file and select Run as administrator from the context menu.
- You’ll be provided with an interactive prompt that allows you to perform a number of different commands. Firstly we’ll need to enable debug mode with the privilege::debug command:
- Next run the token::elevate command to elevate your privilege to NT Authority\SYSTEM.
- Execute the following command and it will quickly extract all types of plain-text passwords from Windows Vault, including Pin code, Picture Password and traditional text password.
If you use a Microsoft account to log on to Windows 8 and then switch to a Picture Password or a Pin, the Mimikatz tool will be able to dump your Microsoft account password as well. This is the first critical security flaw in Windows 8/8.1 that has already been discovered.