Microsoft Outlook is one of the most popular email clients around, regularly ranking among the top clients. It’s only beaten by Apple’s integrated mail solution and Gmail for global email opens.
Most people use Outlook at some point in their lives. Given those millions of users, it is understandable that, at some point, someone will forget their Outlook password. And in those moments, you need a tool that can retrieve the password while keeping your data intact.
Here are three tools to help with Outlook password recovery. But first, we need to understand the difference between PST and OST files and how they store and password-protect your mail in Outlook.
The Microsoft Outlook PST Password Protection Bug
When you enter a password on a website, the site (hopefully) doesn’t store it in plaintext. The plaintext is what you’re reading now, so you can see why storing a password in this form isn’t so wise. The website takes your password and creates a hash.
A hash is a long string of alphanumeric characters representing your password that is tied to your username. When you type your username and password combination, the database returns a positive response, and you enter your account. But if an attacker enters the database, all they see is a long list of confusing hash values.
Here’s the problem with Outlook: Instead of using a complex hashing algorithm (ideally with a salt), Microsoft appears to have cut some security corners using the basic CRC32 algorithm.
The bad news is that each CRC32 hash has a lot of matching values, meaning there’s a strong chance a password retrieval programme will unlock your file. This is great if you need your PST file unlocked, but utterly terrible if you want to keep it secure.
This is where Outlook password recovery tools come in.
PST Tools to Recover Your Microsoft Outlook Password
There are several tools you can use to retrieve PST passwords and unlock your data file.
PSTPassword is a great free utility that automatically retrieves PST passwords for local data files. Due to the encryption bug, PstPassword displays three potential passwords. If the first option fails, you have two more choices. (PstPassword generates a long list of CRC32 hashes that might unlock the data file.)
PstPassword doesn’t require installation, either. However, your system might detect it as a malicious file (as it is harvesting passwords, something that you don’t want at other times).
Kernel Outlook PST Password Recovery Tool is a limited, free utility. The major limitation is the size of the PST file the tool will unlock. Kernel’s tool will unlock PST files up to 500MB for free; however, if your data file size exceeds that, you will need to upgrade to the Home Licence for $39.
The tool quickly analyses your PST files, providing a hash value for you to enter. Unlike PstPassword, Kernel only grants a single password hash to try. However, if that doesn’t work, Kernel also has the option to remove the password protection from the PST file (as well as add a new one if you desire).
Our final tool is Recovery Toolbox for Outlook Passwords. Recovery Toolbox costs $19 but comes with a few more options than either free option. For example, Recovery Toolbox can:
- Recover and show passwords for PST data files
- Reset PST data file passwords
- Recover and remove some passwords for OST data files
The major difference is support for OST files. The paid version of Recovery Toolbox shows and removes OST passwords, too, giving it a slight advantage. That said, other free online tools will uncover even the most secure Outlook OST data file passwords, too.
Testing the PST Password Protection Bug
You can check the password protection bug out for yourself using PstPassword.
Open Outlook and head to File > Account Settings > Data Files. Press Add to create a new data file, giving it a temporary name. Next, head to Settings > Change Password. Leaving the “Old password” field empty (as it is a new data file), enter a strong new password in the “New password” and “Verify password” fields. (In fact, I’m using a Secure Password Generator to create a super-strong 16-character password.)
You might note that despite the 16-character password, Outlook only accepts 15-characters. Regardless, press OK, close the panel, and then close Outlook.
Download, then open PstPassword. It should automatically detect your newly created PST file, as well as any existing data files, too. Now, alongside your test file, there are three potential passwords. Because the password is over a certain amount of characters, PstPassword displays the hash values.
Open Outlook again and enter one of the hash values. If it doesn’t work, try the next one. In the event, the first three don’t work, right-click the test data file and select Get more passwords.
Mail PassView is another free password viewing and recovery tool from Nirsoft. Mail PassView uncovers OST data file passwords, rather than PST data files. However, as OST data file passwords are usually set via the mail server rather than in Outlook itself, the tool cannot remove passwords or offer alternatives. Still, Mail PassView is a useful free tool for recovering your Outlook password.