Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is it true that Windows 7 or 8 user account password is a joke?

29 Apr 2013   #1
dc2000

Windows
 
 
Is it true that Windows 7 or 8 user account password is a joke?

I was under impression that the user account password security in Windows 7 or Windows 8 has been improved by Microsoft since the old days of Windows XP, and that it is now virtually impossible to bypass it... well, I thought so until I read this, or watched this.

Can someone confirm or deny that it is that easy to bypass someone's Windows user account password? If so, why even setting it up? It just makes life more complicated...

Also a follow-up question. If I use something like disc encryption (TrueCrypt), or Microsoft's own BitLocker, will it be as easy to get into my data too?


My System SpecsSystem Spec
.
29 Apr 2013   #2
Dude

Windows 10 Pro X64
 
 

dc2000, nothing is 100% safe
My System SpecsSystem Spec
29 Apr 2013   #3
dc2000

Windows
 
 

Quote   Quote: Originally Posted by Dude View Post
dc2000, nothing is 100% safe
Well, I agree. But this one is not even 10% safe. I think even my mom can follow those instructions to reset my Windows 8 password
My System SpecsSystem Spec
.

29 Apr 2013   #4
logicearth

Windows 10 Pro (x64)
 
 

Lets cover something. Physical access to a machine, that computer is owned. No amount of security could Microsoft or any other vendor (say Apple) could do to protect it. However, forcibly removing a password from an account has the side effect of destroying access to any encrypted files, which if you do not have a recovery key those files are gone. The encryption is tied to a users password, changing it without going though the proper steps removes the ability to decrypt those files.

The fact of the matter is, users want to have accounts that don't require passwords, this there must be the ability for user account not to have a password. Thus it can be removed by force. There is no way to protect from that. Not that it would matter, if some one has physical access they could just take the HDD out and claim all data that way.

Bitlocker and TrueCrypt HDD encryption are designed to defend against physical access attacks like this.

And no, this is not a security hole or oversight. Being able to wipe out passwords has been easy enough for anyone with administrative power, or physical access. Hell, I've done it a few times at work when a user forgets their password. Few clicks in the User and Group control panel clears their password or change it to whatever.

This "Password reset hack" is not a hack, just script kiddies thinking they are big stuff. Speaking of which, it requires administrative power on the computer to change one file for another. So the attacker must already have access to an account with administrative power. You are on the other side of the air-tight-hatch. I wouldn't even need to do this "hack" to reset your password. They went the long way round.
My System SpecsSystem Spec
29 Apr 2013   #5
dc2000

Windows
 
 

Quote   Quote: Originally Posted by logicearth View Post
Lets cover something. Physical access to a machine, that computer is owned. No amount of security could Microsoft or any other vendor (say Apple) could do to protect it. However, forcibly removing a password from an account has the side effect of destroying access to any encrypted files, which if you do not have a recovery key those files are gone. The encryption is tied to a users password, changing it without going though the proper steps removes the ability to decrypt those files.
OK. Good point. So at least my HDD files encrypted with BitLocked will not be that easily accessible, right?
My System SpecsSystem Spec
29 Apr 2013   #6
lehnerus2000

W7 Ultimate SP1, LM18 MATE, W10IP VM, W10 Home, #All 64 bit
 
 
Backup HDD Image

I'm not sure if this is the right way to phrase this.

If your files are encrypted, it is even more important to keep backup HDD images.

If your files aren't encrypted, there are easy ways to recover your data if there is a Windows OS problem (e.g. use a Live Linux CD/DVD).
My System SpecsSystem Spec
29 Apr 2013   #7
King Arthur

Windows 7 Ultimate x64 SP1
 
 

The way I view user passwords on Windows, I consider them adequate to keep out the random passerby that might stumble across my computer by accident. Against an actually serious threat though? I don't even consider user passwords as even existing, far more effective to concern myself with stuff like NATs and firewalls against network attacks and encryption against local attacks.
My System SpecsSystem Spec
Reply

 Is it true that Windows 7 or 8 user account password is a joke?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
User Account - Reset Password in Windows 7
How to Reset the Password of a User Account in Windows 7 This tutorial will help show you how to reset the password of a user account in Windows 7. This can be handy if the password was lost or forgotten to be able to regain access. Password are case sensitive in Windows. Double check to...
Tutorials
Virus that enters Windows user account password automatically
Hi, I have Windows 7 Home premium OS on my gateway laptop which has only one user account and on turning on laptop that user password gets entered Automatically which is unexpected and its very long. Then i have to hit enter which shows Wrong password message and then it allows me to enter my...
System Security
User Account Password - Change
How to Change the Password for Your or Another User Account in Windows 7 This will show you how to change the password for either your user account, or for another user account through the Control Panel in Windows 7 and Vista.If you change the password of a user account that is automatically...
Tutorials
can't create user account password
After migrating to new windows 7 pc from windows XP using Easy Transfer I am refused the addition of a main user log on p/w. I suspect it may be because I didn't set a password before the transfer. Help!:confused:
General Discussion
Password For The User-Administrator Account
"administrator user - Is an unelevated administrator account that is created by default during the installation of Windows 7, or is already setup or you on a OEM (ex: Dell) computer. An administrator account has complete access to the computer, and can make any desired changes. To help make the...
System Security
I need help with user account password
Hello, I am new to this forum and I am hoping that someone here can help me with the problem I am having on one of my laptops. I bought a laptop for my daughter awhile back. I set up a user account as the administrator being me. The issue I am having is the admn password keeps expiring. So I have...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App