QuickBooks Internals: Password Replacement

QuickBooks company files contain two types of records: normal records and sensitive records. Sensitive records (credit card numbers, SSNs, etc.) represent a really small subset with encryption based on sensitive data keys, that is an additional level of encryption. All other records are normal records. You have several variants and options if your company file Administrator password is lost:

1. Sensitive data keys are auto-recoverable:
Recovered encryption keys allow instant Admin user password replacement in order to regain full access to company file normal and sensitive records. Our only recommendation is to set new Admin (and other users) password(s) in QuickBooks to reset all security details.


2. Sensitive data keys cannot be recovered automatically:
    a) Sensitive data is not required (too old, can be reentered, etc.);
    b) There are non-Admin accounts with known passwords;
    c) There are different versions (backups) with known passwords;
    d) There are Apps with access to company data;
    e) Password recovery / password search;

1.a Sensitive data is not required:
Only a small subset of data is encrypted: employees SSNs and birthdates, customers credit card numbers, bank account and routing numbers, vendors tax ids. Administrator password can be replaced without sensitive data keys in order to open file in QuickBooks with access to all normal records. In that case encrypted records will be removed. You can also check our notes on how to estimate number of encrypted records in your '.qbw' file.

1.b There are other accounts with known passwords:
If any of non-Admin users passwords is known (in some cases even one of the old passwords is enough) it can be used to recreate Admin sensitive data access and allows password replacement with full data access.

1.c Different file versions (backups) are available:
In QuickBooks Forensics encryption keys can be exported from previous (backup) or subsequent file versions with encryption keys recoverable into a version with unrecoverable keys. This technique can be used for current version password replacement with a backup file keys or to regain full access to an old backup using current version keys.

1.d There are Apps with access to company data:
Yet another QuickBooks Forensics advanced features is the ability to search for access keys saved by linked Apps & SDK tools like Point of Sale, etc.

1.e Password recovery / password search:
Admin password recovery (password search) is a guessing game.
QuickBooks Forensics can be used to search for any non-Admin user password as well. Method 1.b above can be used for Admin password replacement with non-Admin user password recovered. Password recovery basics are covered in Password Search FAQ.