QuickBooks Internals: Password Replacement
QuickBooks company files contain two types of records: sensitive records and normal records. Sensitive records (bank account and routing numbers, credit card numbers, etc.) represent a really small subset with encryption based on sensitive data keys, that is an additional level of encryption. All other records are normal records. You have several variants and options if your company file Administrator password is lost:
1. Sensitive data keys are auto-recoverable.
Recovered encryption keys allow instant Admin user password replacement in order to regain full access to company file normal and sensitive records. Our only recommendation is to set new Admin (and other users) password(s) in QuickBooks immediately to reset all security details.
2. Sensitive data keys cannot be recovered automatically:
a) Sensitive data is not required (too old, can be reentered, etc.);
b) There are non-Admin accounts with known passwords;
c) There are different versions (backups) with known passwords;
d) There are Apps with access to company data;
e) Password recovery / password search;
1.a Sensitive data is not required:
Only a small subset of data is encrypted: all employee details except for SSNs are normal records, all customer details and transactions except for credit card numbers, all bank details except for account and routing numbers, etc. Administrator password can be replaced without sensitive data keys in order to open file in QuickBooks with access to all normal records only. In that case encrypted records will be show in QuickBooks as random-like strings and can be cleared or replaced with known data. You can also check our notes on how to estimate number of encrypted records in your '.qbw' file.
1.b There are other accounts with known passwords:
If any of non-Admin users passwords is known (in some cases even one of the old passwords is enough) it can be used to recreate Admin sensitive data access and allows password replacement with full data access.
1.c Different file versions (backups) are available:
In QuickBooks Forensics encryption keys can be exported from previous (backup) or subsequent file versions with encryption keys recoverable into a version with unrecoverable keys. This technique can be used for current version password replacement with a backup file keys or to regain full access to an old backup using current version keys.
1.d There are Apps with access to company data:
Yet another QuickBooks Forensics advanced features is the ability to search for access keys saved by linked Apps & SDK tools like Point of Sale, etc.
1.e Password recovery / password search:
Admin password recovery (password search) is a guessing game - there is no guarantee - your password can be as simple as "1234" for example, but alphabetic-only search is not going to be successful in any timeframe when digits-based search expected to be quite fast.
QuickBooks Forensics can be used to search for any non-Admin user password as well. Method 1.b above can be used for Admin password replacement with non-Admin user password recovered. Password recovery basics are covered in Password Search FAQ.