-
August 14th, 2006, 01:36 PM
#21
I believe xp passwords are plain text unless you go over 15 digits and its alpha numeric, or you have edit the reg to turn of LM passwords.
edit: heres the link to the info. 15 characters is key because it automaticaly disables lm passords, which also will disallow 9x/me machines from accessing that pc via lan.(they require lm passwords apparently.)
http://www.microsoft.com/resources/d....mspx?mfr=true
-
August 14th, 2006, 02:21 PM
#22
Originally posted here by spamdies
I believe xp passwords are plain text unless you go over 15 digits and its alpha numeric, or you have edit the reg to turn of LM passwords.
edit: heres the link to the info. 15 characters is key because it automaticaly disables lm passords, which also will disallow 9x/me machines from accessing that pc via lan.(they require lm passwords apparently.)
http://www.microsoft.com/resources/d....mspx?mfr=true
LM, NTLM and NTLMv2 have nothing to do with the discussion we're having... so it has nothing to do with 15 character passwords...
However, you are correct that it is stored in plain text (http://support.microsoft.com/kb/315231)
Once again though... They have a virus on your system or local access to your machine... so having it in plain text in the registry is no different then them already having the access to your machine...
However most people that run AutoLogin get their computer that way out of the box... Generally with an "owner" or "user" account that has no password... Now the password cannot be stored (it doesn't exist)... Additionally XP won't allow remote connections to log in using accounts with no password set so you, in reality, have an additional layer of remote security.
As I said... and I stand by it... Physical Access is Physical access regardless of AutoLogin being enabled or not... Give me your machine and I will get into it.. it just changes the time from 30 seconds (to reboot) to 2 minutes (to reboot and pop in a CD)
Peace,
HT
-
August 14th, 2006, 02:28 PM
#23
Give me your machine and I will get into it..
But not everybody is the Almighty HT!
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
August 14th, 2006, 02:54 PM
#24
But not everybody is the Almighty HT!
exactly....I just dont want my kids into my data or profile....so I use profiles with passwords....works great.
Also when scanning and cleaning...I can usually tell what profile get most of the crap...everyone is limited...except the admin
I am sure you would understand my point if you had 3 tweens..and an upcoming so to be tween having access to your computers.
As for my work machines...they are behind lock and key at work......
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 14th, 2006, 03:07 PM
#25
Originally posted here by morganlefay
exactly....I just dont want my kids into my data or profile....so I use profiles with passwords....works great.
Also when scanning and cleaning...I can usually tell what profile get most of the crap...everyone is limited...except the admin
I am sure you would understand my point if you had 3 tweens..and an upcoming so to be tween having access to your computers.
As for my work machines...they are behind lock and key at work......
MLF
Once again this has nothing to do with kids either... this goes back to the original quote
Automatic logins: the lazy man's way to get hacked.
profiles are great... I'm not arguing that... this has nothing to do with the usefulness of profiles.. I fully agree that profiles rock... This has to do with that one statement which is false... nothing else.
-
August 14th, 2006, 03:13 PM
#26
Ok ...I understand that HT.
having an autologin though.....would allow my kids access to my data etc.....and then compromise the computer my email etc...with very little or no skill.....
hacked by tweens.......OMG
so ...I dont think the statement is all that "false"
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 14th, 2006, 03:17 PM
#27
Originally posted here by morganlefay
Ok ...I understand that HT.
having an autologin though.....would allow my kids access to my data etc.....and then compromise the computer my email etc...with very little or no skill.....
hacked by tweens.......OMG
so ...I dont think the statement is all that "false"
MLF
And I disagree... I think of that as "screwed over by the kids" and I dunno if I consider that being hacked...
-
August 14th, 2006, 03:51 PM
#28
And I totally disagree
Its not just kids....could be a spouse...or a guest..or .........or family...or some jerk that breaks into your house and steals your computer...doesnt know **** about them...hooks it up ...and looky looky...it works....and logs you in...
It is not the ultimate sercurity...but it can be a deterrent....one more hoop to jump through....
And most people are lazy....
Its like locking your car...or leaving it open...if they really want to steal it...they will...a locked car will take more work.
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 14th, 2006, 04:24 PM
#29
...could be a spouse...or a guest.
Yup, seen that happen...
...it can be a deterrent....one more hoop to jump through....
Ultimately, that's all computer security is...a deterrent. And manual logons are obviously a valid deterrent considering their widespread use on corporate networks.
I stand by my original statement: automatic logons are the lazy man's way to get hacked (or whatever you want to call compromising a computer).
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
August 14th, 2006, 04:32 PM
#30
But do you use the welcome screen? Or display the last user logged in, in the password dialog box?
Personally, I have no issues with my guests looking through the data on my machines. Because if you are my guest and have that access to my house when I am not around then we have a transitive respect and trust. That includes my son, my wife, and my future child. I password protect my adminstrative accounts. There is no personal data on my machine that my friends and family shouldn't have access to. But the only data on my machines is pictures, school projects, saved game data, or lab configurations (which are all backed up, pictures and projects in two places).
That said I have to agree with HT on this. Unless you are treating your personal machine(s) like those at work or you have data that you need to secure having a auto loggin is not such a big deal. If I am so terribly worried about someone exploiting my machine via physical access I will put a preboot authetication in place. If I was further paranoid about my data I would put a form of encryption on the drive (FIPS or RSA certified).
Just my two cents
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|