How To Avoid Password Window in WIN XP?????? - Page 3
Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 54

Thread: How To Avoid Password Window in WIN XP??????

  1. #21
    Banned
    Join Date
    Jul 2004
    Posts
    297
    I believe xp passwords are plain text unless you go over 15 digits and its alpha numeric, or you have edit the reg to turn of LM passwords.

    edit: heres the link to the info. 15 characters is key because it automaticaly disables lm passords, which also will disallow 9x/me machines from accessing that pc via lan.(they require lm passwords apparently.)

    http://www.microsoft.com/resources/d....mspx?mfr=true

  2. #22
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by spamdies
    I believe xp passwords are plain text unless you go over 15 digits and its alpha numeric, or you have edit the reg to turn of LM passwords.

    edit: heres the link to the info. 15 characters is key because it automaticaly disables lm passords, which also will disallow 9x/me machines from accessing that pc via lan.(they require lm passwords apparently.)

    http://www.microsoft.com/resources/d....mspx?mfr=true
    LM, NTLM and NTLMv2 have nothing to do with the discussion we're having... so it has nothing to do with 15 character passwords...

    However, you are correct that it is stored in plain text (http://support.microsoft.com/kb/315231)

    Once again though... They have a virus on your system or local access to your machine... so having it in plain text in the registry is no different then them already having the access to your machine...

    However most people that run AutoLogin get their computer that way out of the box... Generally with an "owner" or "user" account that has no password... Now the password cannot be stored (it doesn't exist)... Additionally XP won't allow remote connections to log in using accounts with no password set so you, in reality, have an additional layer of remote security.

    As I said... and I stand by it... Physical Access is Physical access regardless of AutoLogin being enabled or not... Give me your machine and I will get into it.. it just changes the time from 30 seconds (to reboot) to 2 minutes (to reboot and pop in a CD)

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #23
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Give me your machine and I will get into it..
    But not everybody is the Almighty HT!
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #24
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    But not everybody is the Almighty HT!

    exactly....I just dont want my kids into my data or profile....so I use profiles with passwords....works great.

    Also when scanning and cleaning...I can usually tell what profile get most of the crap...everyone is limited...except the admin

    I am sure you would understand my point if you had 3 tweens..and an upcoming so to be tween having access to your computers.

    As for my work machines...they are behind lock and key at work......

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #25
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by morganlefay
    exactly....I just dont want my kids into my data or profile....so I use profiles with passwords....works great.

    Also when scanning and cleaning...I can usually tell what profile get most of the crap...everyone is limited...except the admin

    I am sure you would understand my point if you had 3 tweens..and an upcoming so to be tween having access to your computers.

    As for my work machines...they are behind lock and key at work......

    MLF
    Once again this has nothing to do with kids either... this goes back to the original quote

    Automatic logins: the lazy man's way to get hacked.
    profiles are great... I'm not arguing that... this has nothing to do with the usefulness of profiles.. I fully agree that profiles rock... This has to do with that one statement which is false... nothing else.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #26
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Ok ...I understand that HT.

    having an autologin though.....would allow my kids access to my data etc.....and then compromise the computer my email etc...with very little or no skill.....

    hacked by tweens.......OMG

    so ...I dont think the statement is all that "false"

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #27
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by morganlefay
    Ok ...I understand that HT.

    having an autologin though.....would allow my kids access to my data etc.....and then compromise the computer my email etc...with very little or no skill.....

    hacked by tweens.......OMG

    so ...I dont think the statement is all that "false"

    MLF
    And I disagree... I think of that as "screwed over by the kids" and I dunno if I consider that being hacked...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #28
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    And I totally disagree

    Its not just kids....could be a spouse...or a guest..or .........or family...or some jerk that breaks into your house and steals your computer...doesnt know **** about them...hooks it up ...and looky looky...it works....and logs you in...

    It is not the ultimate sercurity...but it can be a deterrent....one more hoop to jump through....

    And most people are lazy....

    Its like locking your car...or leaving it open...if they really want to steal it...they will...a locked car will take more work.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #29
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    ...could be a spouse...or a guest.
    Yup, seen that happen...

    ...it can be a deterrent....one more hoop to jump through....
    Ultimately, that's all computer security is...a deterrent. And manual logons are obviously a valid deterrent considering their widespread use on corporate networks.

    I stand by my original statement: automatic logons are the lazy man's way to get hacked (or whatever you want to call compromising a computer).
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #30
    Member tin.roof.rabbit's Avatar
    Join Date
    Apr 2006
    Posts
    63
    But do you use the welcome screen? Or display the last user logged in, in the password dialog box?

    Personally, I have no issues with my guests looking through the data on my machines. Because if you are my guest and have that access to my house when I am not around then we have a transitive respect and trust. That includes my son, my wife, and my future child. I password protect my adminstrative accounts. There is no personal data on my machine that my friends and family shouldn't have access to. But the only data on my machines is pictures, school projects, saved game data, or lab configurations (which are all backed up, pictures and projects in two places).

    That said I have to agree with HT on this. Unless you are treating your personal machine(s) like those at work or you have data that you need to secure having a auto loggin is not such a big deal. If I am so terribly worried about someone exploiting my machine via physical access I will put a preboot authetication in place. If I was further paranoid about my data I would put a form of encryption on the drive (FIPS or RSA certified).

    Just my two cents

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides