Find Saved Wi-Fi Passwords in Windows via CMD

You've connected to a Wi-Fi network before, but you can't remember the password and need to share it or connect a new device. Windows stores credentials for every network you've previously connected to, and you can pull them back out in plain text using a single netsh command. No third-party tools required.

When Would You Use This?

📱

Connecting a new device

Need the password to connect a phone or tablet but can't get to the router admin panel.

🔧

IT troubleshooting

Verifying the stored credentials on a device match what's configured on the access point.

📋

Documenting networks

Auditing and recording all saved Wi-Fi profiles on a managed device before a rebuild.

🔑

Recovering a forgotten password

The router's been reset and the sticker's worn off, but a device that was connected still has the old password saved.

ℹ️

Admin rights required

You need to run Command Prompt as Administrator to retrieve passwords in plain text. Standard user accounts can see profile names but the key=clear parameter will return an empty Key Content field without elevation.

Method 1, Single Network Lookup

💻 Command Prompt

This is the quickest way to retrieve the password for one specific network you already know the name of.

1

Open Command Prompt as Administrator

Press Win + S, type cmd, then right-click Command Prompt and select Run as administrator. Click Yes on the UAC prompt.
2
Open the netsh shell

Type netsh and press Enter. Your prompt will change to netsh>.
CMD
```
netsh
```

List all saved Wi-Fi profiles

Run the command below to see every network your device has connected to and saved credentials for.

netsh

wlan show profile

# Example output:
# Profiles on interface Wi-Fi:
#
# Group policy profiles (read only)
# ---------------------------------
#     <None>
#
# User profiles
# -------------
#     All User Profile : HomeNetwork
#     All User Profile : OfficeWifi
#     All User Profile : JackPhone

Retrieve the password for a specific network

Replace Example with the exact SSID name from the list above. The key=clear flag tells netsh to show the password in plain text.

netsh

wlan show profile "Example" key=clear

# Look for this section in the output:
#
# Security settings
# -----------------
#     Authentication         : WPA2-Personal
#     Cipher                 : CCMP
#     Security Key           : Present
#     Key Content            : YourPasswordHere

The password appears next to Key Content under the Security settings section. That's it.

✅

SSID names are case-sensitive

The network name in the command must match exactly, including capitalisation and any spaces. Copy it directly from the wlan show profile output to avoid typos.

Method 2, Dump All Passwords at Once

⚡ One-Liner

If you need to retrieve passwords for every saved network in one go, useful for device audits or before a rebuild, this one-liner loops through all profiles automatically.

Run this directly in an elevated Command Prompt (not inside the netsh shell):

CMD, Run as Administrator

# Paste this entire line into an elevated Command Prompt and press Enter
@for /f tokens^=2delims^=^: %i in ('netsh wlan show profiles') do @set "_ssid=%~i" && @for /f tokens^=2delims^=: %I in ('cmd/v/c netsh wlan show profiles "!_ssid:~1!" key^=clear^|findstr /vi "absent"^|findstr "Key"') do @echo/%i: %I

The output will be a list of every saved network and its stored password, formatted as NetworkName: Password.

⚠️

How this one-liner works

It uses nested FOR loops, the outer loop iterates through each line of netsh wlan show profiles to extract SSID names, then the inner loop runs wlan show profile key=clear against each one and uses findstr to filter down to just the Key Content line. Delayed variable expansion (/v) is required for the inner variable to resolve correctly, which is why it spawns a cmd /v/c subprocess.

PowerShell Alternative

⚙️ PowerShell

If you prefer PowerShell, you can do the same thing with cleaner output. Run this in an elevated PowerShell window:

PowerShell, Run as Administrator

# Get password for a single network
(netsh wlan show profile name="YourNetworkName" key=clear) |
  Select-String "Key Content"

# Output:
#     Key Content            : YourPasswordHere

PowerShell, Dump all saved passwords

# Loop through all profiles and output SSID + password
(netsh wlan show profiles) |
  Select-String "\:(.+)$" |
  ForEach-Object {
    $ssid = $_.Matches.Groups[1].Value.Trim()
    $pass = (netsh wlan show profile name="$ssid" key=clear) |
             Select-String "Key Content" |
             ForEach-Object { ($_ -split ":")[1].Trim() }
    [PSCustomObject]@{ SSID = $ssid; Password = $pass }
  } | Format-Table -AutoSize

# Output:
# SSID          Password
# ----          --------
# HomeNetwork   hunter2
# OfficeWifi    C0rpP@ssw0rd!

Where Windows Stores Wi-Fi Passwords

📁 Storage Location

Windows stores every Wi-Fi profile as an XML file on disk. You can find them at:

C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{adapter-guid}\

Each file is named after the network's profile GUID and contains the full configuration including the encrypted key material. The password is encrypted using Windows DPAPI (Data Protection API) tied to the local machine account, which is why you need to be running as Administrator (or SYSTEM) to decrypt and display it in plain text via netsh.

⚠️

Security implication

This is a good reminder that any local administrator on a Windows device can retrieve all saved Wi-Fi passwords in seconds. On managed corporate devices, this is one reason to limit local admin rights, a compromised admin account doesn't just own the device, it can recover credentials for every network the device has ever connected to.

How to Find Saved Wi-Fi Passwords in Windows Using CMD

When Would You Use This?

Method 1, Single Network Lookup

Method 2, Dump All Passwords at Once

PowerShell Alternative

Where Windows Stores Wi-Fi Passwords

Get M365 tips in your inbox