Login    Forum    Search    FAQ

Board index » Upgrading and Repairing Forum » Windows OS




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: password to OS stored in plain text in same computer
 Post Posted: Sat Oct 27, 2007 10:01 am 
Offline

Joined: Sat Jun 30, 2007 10:36 am
Posts: 208
If you make the boo-boo of typing your password in the name field when you log into your OS, or of typing both your name and your password because you forgot to hit the tab key or you only tapped it, some security software stashes it as if it's a login name.

That means a skilled visitor can find your password.

Once in a while, use Find on your entire disk to find files named after your password or your name-and-password combination.

Also do it to find content in all your files that might match. On my setup, finding for content doesn't find filenames, so the two steps are separate.

Be case-insensitive. Don't bypass wrong-case matches.

Be sure nothing associated with Find stores recent Find requests. You may need special software designed to purge lists of recent find requests. Purging may need rebooting.

To be safer, don't search for your entire password. The cost will be to retrieve more possible matches which you will then have to examine to see if the full password can be matched. For example, if your login is Chris and your password is 5h8GyU48, search for Chris5 and then for 5h8. Where it finds a match, the next characters will obviously match or fail.

Text editors are best; hex editors are second-best.

If security software is the culprit, encryption could be present. If you can crack the encryption and then search, fine, but if not then your alternatives may be limited. Perhaps reinstalling the security software might help. Or you could console yourself with the fact that anyone else examining your machine will have to go to some effort to extract your password. If it would be just your luck that your unwanted examiner is an expert, a strong measure is to back up your data, scrub your hard drive with DBAN or the like, and reinstall everything starting with the operating system.

When you find a password lurking where it shouldn't, what to do may be tricky. In my case, I could just delete the line of text from a list of logins. But an edit could damage software functionality very inconveniently. Don't edit without certainty about effects. Probably back up all files and paths first, but don't assume you'll see any problems the next time you boot up. It may take weeks to see an adverse effect, and then it may be major.

In my case, one security software package stashing my password (as an erroneous login) was made by a reputable firm (no longer offering it) and was used with a well-known commercial OS (Win). A second security package was also storing it. Why they stashed, I don't know.

To be sure you don't type your password in the name field again, either (a) give up because you're going to login when you're distracted or tired and you know you can type in your sleep and so you're about to leave evidence of your human imperfection, so plan on repeating this procedure at intervals and being vulnerable until each time you do, or (b) remember what you hated to be fed for dinner when you were 3 years old and have it delivered.

--
Nick


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 1 post ] 

Board index » Upgrading and Repairing Forum » Windows OS


Who is online

Users browsing this forum: No registered users and 3 guests

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: