In　this　paper,　we　improve　the　password　recovery　attack　to　Authentication　Post　Office　Protocol　(APOP)　from　two　aspects.　First,　we　propose　new　tunnels　to　control　more　fixed　bits　of　MD5　collision,　hence,　we　can　recover　passwords　with　more　characters,　for　example,　as　long　as　43　characters　can　be　recovered　practically.　Second,　we　propose　a　group　satisfaction　scheme,　apply　divide-and-conquer　strategy　and　a　new　suitable　MD5　collision　attack,　to　greatly　reduce　the　computational　complexity　in　collision　searching　with　high　number　of　chosen　bits.　We　propose　a　fast　password　recovery　attack　to　application　APOP　in　local　that　can　recover　a　password　with　11　characters　in　＞　1　min,　recover　a　password　with　31　characters　extremely　fast,　about　6　min,　and　for　43　characters　in　practical　time.　These　attacks　truly　simulate　the　practical　password　recovery　attacks　launched　by　malware　in　real　life,　and　further　confirm　that　the　security　of　APOP　is　totally　broken.