how-to block ads
|reply to dave |
Re: Windows 7 and Windows 8 Registries Reveal Password Hints
said by dave:Maybe their point was that you should encrypt the snot out of something that by nature is to be given away to anyone who asks because they don't really understand security or when to use it.
But it's hardly secret. If I'm trying to log in to your machine, I can click on the "give me my password hint" button and have your hint displayed. That's the whole point of the hint: that someone can get it displayed without having to log in first.
So what's the risk here? Presumably, that if you're already running malware with privileges (it's reading the SAM), it can find out your not-secret hint without having to be actually in a position to click on a 'hint' button in a login dialogue.
Big whoop, eh?
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
|reply to Smokey Bear |
That's for XP Home...why would you think I would have Home version? I have XP Pro and I don't have a password on my Admin account. I did set a password on the default Admin account when I first set up the computer and there was no "hint" I could set. Consequently, since it could be disastrous if I could not recall it, if I ever needed it, I wrote it down in several different locations. I set a very complex one that was 20+ characters. Later, I decided it was too complex since I can't see what I type on the screen, it would be way too easy to make a mistake over and over. So, I shortened it significantly and made it less secure just so I could know that I could type it right with a few tries. (Remember, this is a desktop and no one touches it except me...this is one reason I never want to get a laptop...too many vulnerabilities on them besides all the other reasons to avoid laptops if you can).
I have a Password set on my Vista Virtual machine Admin account and I repeatedly type it wrong the first time or two and it also is not a long, complex password. I haven't used that machine in ages and I have forgotten the password and I have no idea where I wrote it down. Luckily, I have a second account (the default hidden admin account which I unhid) and, after my experience with my own admin account, and putting a password on it and mistyping it because I cannot see what I am typing, I did not put a password on the default admin account. Thank goodness! So, if I decide to use that machine I can get into the default admin account and I will be able to reset the password for my admin account from there (although being Vista...who knows ....but I should be able to reset from there). There was no hint on Vista Ultimate either.
I think Microsoft is not serious about any of this or long ago Microsoft would have given us an option to show the passwords as we type them. Not everyone has someone standing behind them snooping their password so that option should be available. Since it isn't, I don't think complicated or long passwords should be used. In my situation, I was a fool to use a password on the Vista virtual machine. I won't make that mistake again.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson