Why set a strong Windows password?

Discussion in 'other software & services' started by CrusherW9, Jan 29, 2014.

Thread Status:
Not open for further replies.
  1. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    With the ability to remove/change Windows passwords so easily from a bootable drive, is there any point to having a "secure" one?

    EDIT: I don't know, maybe the password is used for some internal mechanism I'm not aware of.
     
    Last edited: Jan 29, 2014
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    I'd say at least 90% of people don't know how to boot their PC other than from their OS.

    So whatever that means to you there's your answer.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    In addition to what zapjb said, if your system is encrypted, then I believe that one can't use a bootable OS to change your Windows password(s).
     
  4. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Thanks for responding. I just didn't know if maybe there was a networking aspect that a stronger password helps with.

    @MrBrian, I ended up not using FDE because I didn't like the inflexibility of imaging with it.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    Pretty much for RDP and network shares. If they have physical access, it is just easier to blow it out with a boot disk. Also as mentioned, if you have encrypted your drive, then a good password will actually keep most people out.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Get a very good password for system encryption and don't worry too much about Windows password, which is quite easy to by-pass anyway.
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    So you don't use lock or sleep? Mind sharing how easy it is to crack those?
     
  10. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Not sure who this is aimed at but yes, I do lock and sleep my computer. Obviously this is an instance where password strength is more important but it just seemed trivial to me so I didn't bother mentioning it (thanks for covering everything though). But, who's to say someone can't just turn your computer off and boot from a usb drive like mentioned(rhetorical question).
     
  11. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Both of you, but especially dogbite who claims you only need a good password for system encryption.
    If someone turned off my computer, they just made their jobs harder and gets a fully encrypted hard drive. Most people don't know what you're talking about in the first place.

    It's a matter of perspective, why set a weak Windows password? What benefit would that have other than a little more convenience?
     
  12. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Well, the reason why a use an easy Win password is that I have a mandatory setting that locks PC after 15min idle. So I have to type it frequently.
    I do use Sleep but only when at Home. Also, PC never stays locked in other places than Home or Office, where honestly I am not worried about a cracking threat.

    In conclusion, I decided to opt for covenience, addressing security efforts to other systems.

    We could also question about what easy means. In my case it's an alphanumeric password of 8 characters.
     
    Last edited: Feb 3, 2014
  13. Virmaline

    Virmaline Registered Member

    Joined:
    Feb 2, 2014
    Posts:
    16
    Location:
    Rhode Island
    In my case, I use a Windows password to keep out the opportunistic snoop. The more secure option I have available to me is a hard drive password. When coming out of standby/sleep or the Windows lock screen I have to enter the Windows password. When coming out of hibernation or at startup I have to enter the hard drive password before I can even get to Windows.
     
  14. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Anyone worth salt in security/IT disables RDP by default on any computer they touch unless it has some important reason to leave it on. It's one of those settings you just don't leave checked.

    As for passwords, they keep the normal run of the mill people off your windows, and don't even need to be complicated because anyone serious about getting in would bypass the entire password system anyway - so a long/complicated one wouldn't do anything.

    Besides, some of the best passwords are like; !!!!!!!!!T@nk!!!!!!!!!! easy to remember, difficult to cypher due to the length, and other factors. Often the length is what is important, rather than the content of that length. “Simple length”, which is easily created by padding an easily memorized password with equally easy to remember (and enter) padding creates unbreakable passwords that are also easy to use.
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Yeah, it would be foolhardy in putting sensitive data on a non-encrypted drive/partition. The password strength won't matter in this case.
     
  16. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Or at the very least, encrypted files/folders.

    Drive encryption is often too extreme for many people, especially casual computer users. So a good strong folder encryption usually solves the issue. Giving them extreme privacy in 'specific' system areas, while not making the system have potential negatives of full encryption, or the multiple password logins.

    Besides, we don't know if Truecrypt is actually fully secure until the audit finishes, and that may take another year or more. Truecrypt shouldn't be fully trusted until that audit has been completed. That seems to be the encryption software most people turn to for full drive encryption. (and anything based off Truecrypt code)
     
Loading...
Thread Status:
Not open for further replies.