Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is it true that Windows 7 or 8 user account password is a joke?


29 Apr 2013   #1

Windows
 
 
Is it true that Windows 7 or 8 user account password is a joke?

I was under impression that the user account password security in Windows 7 or Windows 8 has been improved by Microsoft since the old days of Windows XP, and that it is now virtually impossible to bypass it... well, I thought so until I read this, or watched this.

Can someone confirm or deny that it is that easy to bypass someone's Windows user account password? If so, why even setting it up? It just makes life more complicated...

Also a follow-up question. If I use something like disc encryption (TrueCrypt), or Microsoft's own BitLocker, will it be as easy to get into my data too?

My System SpecsSystem Spec
.

29 Apr 2013   #2

Windows 8.1 Pro | Windows 7 Home Premium 64-bit SP1
 
 

dc2000, nothing is 100% safe
My System SpecsSystem Spec
29 Apr 2013   #3

Windows
 
 

Quote   Quote: Originally Posted by Dude View Post
dc2000, nothing is 100% safe
Well, I agree. But this one is not even 10% safe. I think even my mom can follow those instructions to reset my Windows 8 password
My System SpecsSystem Spec
.


29 Apr 2013   #4

Windows 8.1 Pro (x64)
 
 

Lets cover something. Physical access to a machine, that computer is owned. No amount of security could Microsoft or any other vendor (say Apple) could do to protect it. However, forcibly removing a password from an account has the side effect of destroying access to any encrypted files, which if you do not have a recovery key those files are gone. The encryption is tied to a users password, changing it without going though the proper steps removes the ability to decrypt those files.

The fact of the matter is, users want to have accounts that don't require passwords, this there must be the ability for user account not to have a password. Thus it can be removed by force. There is no way to protect from that. Not that it would matter, if some one has physical access they could just take the HDD out and claim all data that way.

Bitlocker and TrueCrypt HDD encryption are designed to defend against physical access attacks like this.

And no, this is not a security hole or oversight. Being able to wipe out passwords has been easy enough for anyone with administrative power, or physical access. Hell, I've done it a few times at work when a user forgets their password. Few clicks in the User and Group control panel clears their password or change it to whatever.

This "Password reset hack" is not a hack, just script kiddies thinking they are big stuff. Speaking of which, it requires administrative power on the computer to change one file for another. So the attacker must already have access to an account with administrative power. You are on the other side of the air-tight-hatch. I wouldn't even need to do this "hack" to reset your password. They went the long way round.
My System SpecsSystem Spec
29 Apr 2013   #5

Windows
 
 

Quote   Quote: Originally Posted by logicearth View Post
Lets cover something. Physical access to a machine, that computer is owned. No amount of security could Microsoft or any other vendor (say Apple) could do to protect it. However, forcibly removing a password from an account has the side effect of destroying access to any encrypted files, which if you do not have a recovery key those files are gone. The encryption is tied to a users password, changing it without going though the proper steps removes the ability to decrypt those files.
OK. Good point. So at least my HDD files encrypted with BitLocked will not be that easily accessible, right?
My System SpecsSystem Spec
29 Apr 2013   #6

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Backup HDD Image

I'm not sure if this is the right way to phrase this.

If your files are encrypted, it is even more important to keep backup HDD images.

If your files aren't encrypted, there are easy ways to recover your data if there is a Windows OS problem (e.g. use a Live Linux CD/DVD).
My System SpecsSystem Spec
29 Apr 2013   #7

Windows 7 Ultimate x64 SP1
 
 

The way I view user passwords on Windows, I consider them adequate to keep out the random passerby that might stumble across my computer by accident. Against an actually serious threat though? I don't even consider user passwords as even existing, far more effective to concern myself with stuff like NATs and firewalls against network attacks and encryption against local attacks.
My System SpecsSystem Spec
Reply

 Is it true that Windows 7 or 8 user account password is a joke?




Thread Tools



Similar help and support threads for2: Is it true that Windows 7 or 8 user account password is a joke?
Thread Forum
User Account - Reset Password in Windows 7 Tutorials
User Account Password - Change Tutorials
Solved Password For The User-Administrator Account System Security
I need help with user account password General Discussion
can any one help me? i forgot my user account password General Discussion
User Account Password - Remove Tutorials
Administrator Password In User Account General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:35 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33