[RESOLVED] Windows User Password - discussion
Hi everyone,
I just wanted to start a discussion about Windows User Password. No I am not asking how to get a password nor am I inquiring about programs that do this. I already know and have a program that does this. My discussion is why Windows still uses an unsecured method for its password storage. The particular program I use basically blanks the password so none is needed. I take it that the registry key that is holding the password is deleted. However, I know of another program that actually finds the password for a user. This is what I'm curious about. Didn't MS stop using the NTLAN hash method back in w2k? How are programs still able to find the password? Aren't they using something stronger that can't be really cracked by these programs? If not, why wouldn't Windows include a way to reset a password itself if other programs can do it? I know I'm asking questions that only MS could answer but that's why I call this a discussion among us. :wave:
Re: Windows User Password - discussion
The NT LAN hashing method is still used in Windows 2000/XP.
As far as I know Windows (XP anyway) does include a way to reset a password, by removing it.
Re: Windows User Password - discussion
it's stored in one of the registry files. I got in a discussion with a guy about mac OSX because they include a password reset on the disk. Now, he was all about how windows is more secure. I pointed out that there are dozens of aftermarket programs that can reset or display the password, and the mac password change doesn't affect keychain so it still keeps you out of encrypted stuff. So the mac password reset is a useful feature, and microsoft sucks for not including it. Let's face it, all you can really do is set a bios password on your system set to require password on boot, and have the case in a steel box with a padlock on it, otherwise someone can bypass the bios password in less than a minute.
Re: Windows User Password - discussion
So the NT LAN hash method is still used? I had read that windows included a gpo policy setting that allowed you to change that method to something more secured. Has this been changed in Vista or is it still using the hash?
The password reset on a Mac sounds useful. So I guess it's possible to get a Linux password if the Mac can do it. What does Linux use for a "registry"?
Yeah taking the CMOS battery out should clear the password. Physical access rules.
Re: Windows User Password - discussion
i have a cd on my desk that i can put into a computer and remove your password, or change it. I burned it because my neighbor forgot her password :)
Re: Windows User Password - discussion
Quote:
Originally Posted by drivenbywhat
So the NT LAN hash method is still used? I had read that windows included a gpo policy setting that allowed you to change that method to something more secured. Has this been changed in Vista or is it still using the hash?
The password reset on a Mac sounds useful. So I guess it's possible to get a Linux password if the Mac can do it. What does Linux use for a "registry"?
Yeah taking the CMOS battery out should clear the password. Physical access rules.
actually mac is Unix not linux. Common misconception.
You don't need to take the battery out. If the computer is less than probably 15 years old there is a jumper to reset the cmos next to the battery. Much faster than battery removal. and computers that don't reset it have a jumper in the same place that acts like a "bypass cmos password" toggle.
Re: Windows User Password - discussion
Yeah the jumper thing is easier but I think it's easier to take out the battery if you don't have the jumper settings from the manual. :D
Well I guess I'll close this thread now. It didn't spark enough responses. :wave:
Re: [RESOLVED] Windows User Password - discussion
IMO anything that offers a security flaw that can easily provide access to a system is a big mistake. You just need to know how to reboot your computer and surf the web. Honestly how stupid do they think the common computer user is? OK being on a programming forum I doubt anybody here is that stupid.
I just hope Linux has a superior form of operating system security than Windows seems to.
Re: [RESOLVED] Windows User Password - discussion
nope not really. Windows server is as secure. Any method that requires local access to the system can be nullified by locking the system behind a door, and there has to be SOME way to fix a user forgetting his password. At least the mac method doesn't give you access to encrypted data. keychain password is unchanged.
Re: [RESOLVED] Windows User Password - discussion
Lord Orwell, are you saying that windows does give users access to encrypted data when you say "at least Mac doesn't give access to encrypted data"? I thought that encrypted data in Windows was tied to the user id and password. After all, when you reset a password in windows it will give you a msgbox telling you that changing the password will make you lose access to encrypted data.
Re: [RESOLVED] Windows User Password - discussion
sure but how much is encrypted by default? Plus it's not always accurate. I've changed my password before with no issues. The only time i've ever lost data is when i did a reinstall and forgot to back up my security certificates.
Mac's Keychain is not completely intertwined with the current password. If you reset the user's password, it does not reset the password on encrypted data. The old password is still needed. The boot disk can not be used to give access to encrypted data. And mac encrypts a lot of stuff by default.