Is it true that Windows 7 or 8 user account password is a joke?


  1. dc2000
    Posts : 153
    Windows
       New #1

    Is it true that Windows 7 or 8 user account password is a joke?


    I was under impression that the user account password security in Windows 7 or Windows 8 has been improved by Microsoft since the old days of Windows XP, and that it is now virtually impossible to bypass it... well, I thought so until I read this, or watched this.

    Can someone confirm or deny that it is that easy to bypass someone's Windows user account password? If so, why even setting it up? It just makes life more complicated...

    Also a follow-up question. If I use something like disc encryption (TrueCrypt), or Microsoft's own BitLocker, will it be as easy to get into my data too?
      My Computer
    Quote Quote

  3. Dude
    Posts : 5,915
    Windows 10 Pro X64
       New #2

    dc2000, nothing is 100% safe
      My Computer
    Quote Quote

  4. dc2000
    Posts : 153
    Windows
    Thread Starter
       New #3

    Dude said:
    dc2000, nothing is 100% safe
    Well, I agree. But this one is not even 10% safe. I think even my mom can follow those instructions to reset my Windows 8 password :)
      My Computer
    Quote Quote

  6. logicearth
    Posts : 5,642
    Windows 10 Pro (x64)
       New #4

    Lets cover something. Physical access to a machine, that computer is owned. No amount of security could Microsoft or any other vendor (say Apple) could do to protect it. However, forcibly removing a password from an account has the side effect of destroying access to any encrypted files, which if you do not have a recovery key those files are gone. The encryption is tied to a users password, changing it without going though the proper steps removes the ability to decrypt those files.

    The fact of the matter is, users want to have accounts that don't require passwords, this there must be the ability for user account not to have a password. Thus it can be removed by force. There is no way to protect from that. Not that it would matter, if some one has physical access they could just take the HDD out and claim all data that way.

    Bitlocker and TrueCrypt HDD encryption are designed to defend against physical access attacks like this.

    And no, this is not a security hole or oversight. Being able to wipe out passwords has been easy enough for anyone with administrative power, or physical access. Hell, I've done it a few times at work when a user forgets their password. Few clicks in the User and Group control panel clears their password or change it to whatever.

    This "Password reset hack" is not a hack, just script kiddies thinking they are big stuff. Speaking of which, it requires administrative power on the computer to change one file for another. So the attacker must already have access to an account with administrative power. You are on the other side of the air-tight-hatch. I wouldn't even need to do this "hack" to reset your password. They went the long way round.
      My Computer
    Quote Quote

  7. dc2000
    Posts : 153
    Windows
    Thread Starter
       New #5

    logicearth said:
    Lets cover something. Physical access to a machine, that computer is owned. No amount of security could Microsoft or any other vendor (say Apple) could do to protect it. However, forcibly removing a password from an account has the side effect of destroying access to any encrypted files, which if you do not have a recovery key those files are gone. The encryption is tied to a users password, changing it without going though the proper steps removes the ability to decrypt those files.
    OK. Good point. So at least my HDD files encrypted with BitLocked will not be that easily accessible, right?
      My Computer
    Quote Quote

  8. lehnerus2000
    Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       New #6

    Backup HDD Image


    I'm not sure if this is the right way to phrase this.

    If your files are encrypted, it is even more important to keep backup HDD images.

    If your files aren't encrypted, there are easy ways to recover your data if there is a Windows OS problem (e.g. use a Live Linux CD/DVD).
      My Computer
    Quote Quote

  10. King Arthur
    Posts : 548
    Windows 7 Ultimate x64 SP1
       New #7

    The way I view user passwords on Windows, I consider them adequate to keep out the random passerby that might stumble across my computer by accident. Against an actually serious threat though? I don't even consider user passwords as even existing, far more effective to concern myself with stuff like NATs and firewalls against network attacks and encryption against local attacks.
      My Computer
    Quote Quote

 

  Related Discussions
How to Reset the Password of a User Account in Windows 7 This tutorial will help show you how to reset the password of a user account in Windows 7. This can be handy if the password was lost or forgotten to be able to regain access. Password are case sensitive in Windows. Double check to...
i can't finish the setup process. i'm trying to create a "standard" account, but when i go to create a password for it, no matter how many characters and no matter how complex (uppercase, lowercase, numbers, etc) it will absolutely not accept anything as a password (and i am copying/pasting the...
I have a Panasonic FZ1000 camera that is wi-fi capable. However, I'm having the worst time getting the PC and camera to pair, as have many others. One suggested workaround was to disable "Password protected sharing" in the control panel's Advanced Sharing Settings. However, windows won't let me...
Hi, I have Windows 7 Home premium OS on my gateway laptop which has only one user account and on turning on laptop that user password gets entered Automatically which is unexpected and its very long. Then i have to hit enter which shows Wrong password message and then it allows me to enter my...
Hello, I am new to this forum and I am hoping that someone here can help me with the problem I am having on one of my laptops. I bought a laptop for my daughter awhile back. I set up a user account as the administrator being me. The issue I am having is the admn password keeps expiring. So I have...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:39.
Find Us