How secure are passwords in TweakUI autologon?

  • Thread starter Thread starter Franklin
  • Start date Start date
F

Franklin

In TweakUI for XP there is a section near the end where it will
automatically enter your password for you when you boot up to save
you having to log on.

How secure is this password being kept by TweakUI when compared to
how securely my XP Pro keeps logon passwords?

Am I unwise to trust my passwords to TweakUI because it is much
easier for someone to break into TweakUI's password store than into
XP's own password store?
 
They are not !

They are Clear Text.

Dave




| In TweakUI for XP there is a section near the end where it will
| automatically enter your password for you when you boot up to save
| you having to log on.
|
| How secure is this password being kept by TweakUI when compared to
| how securely my XP Pro keeps logon passwords?
|
| Am I unwise to trust my passwords to TweakUI because it is much
| easier for someone to break into TweakUI's password store than into
| XP's own password store?
 
Franklin said:
In TweakUI for XP there is a section near the end where it will
automatically enter your password for you when you boot up to save
you having to log on.

How secure is this password being kept by TweakUI when compared to
how securely my XP Pro keeps logon passwords?

Am I unwise to trust my passwords to TweakUI because it is much
easier for someone to break into TweakUI's password store than into
XP's own password store?
Click to expand...

Who cares if they get the password? You might as well leave your password
blank if you aren't going to be typing it in. (Unless your computer is on a
network that you don't 100% control.)

By the way, TweakUI just gives you an easy interface to edit certain parts
of the registry. It doesn't actually hold values such as your password.
You can set up an auto-login without using TweakUI.

Anyway, as mentioned, its not very secure. But then again, once someone has
physical access to the computer they could get into it anyway, without much
trouble, regardless of whether a password needs to be typed or not.
 
Franklin said:
In TweakUI for XP there is a section near the end where it will
automatically enter your password for you when you boot up to save
you having to log on.

How secure is this password being kept by TweakUI when compared to
how securely my XP Pro keeps logon passwords?

Am I unwise to trust my passwords to TweakUI because it is much
easier for someone to break into TweakUI's password store than into
XP's own password store?
Click to expand...

Why are you concerned about security? Obviously you want to bypass as
much security as possible by letting ANYONE to get into your auto-logon
account - and you're probably doing that with an administrator account,
too. Even if not auto-logging into an admin account, you are letting
ANYONE login to the auto-logon account who can then change the password,
disable auto-logon, and that is no longer an account that you get to use
anymore.
 
Vanguardx said:
Why are you concerned about security? Obviously you want to bypass as
much security as possible by letting ANYONE to get into your auto-logon
account - and you're probably doing that with an administrator account,
too. Even if not auto-logging into an admin account, you are letting
ANYONE login to the auto-logon account who can then change the password,
disable auto-logon, and that is no longer an account that you get to use
anymore.
Click to expand...

Can a designated autologon account (eg a basic user account-with no
admin rights) change password/etc... when the desiganted have NO
admin/oper rights??????
 
Can a designated autologon account (eg a basic user account-with no admin
rights) change password/etc... when the desiganted have NO admin/oper
rights??????
Click to expand...

The account can change its own password... but an admin account could then
change it back.
 
Franklin said:
In TweakUI for XP there is a section near the end where it will
automatically enter your password for you when you boot up to save
you having to log on.

How secure is this password being kept by TweakUI when compared to
how securely my XP Pro keeps logon passwords?

Am I unwise to trust my passwords to TweakUI because it is much
easier for someone to break into TweakUI's password store than into
XP's own password store?
Click to expand...


Not secure at all. They are stored unencrypted in the registry.
TweakUI does not have a password store. It simply provides a nice gui
for twaeking the autologon registry settings, which are under
HKlocalMachine/software/microsoft/windowsnt/currentversion/netlogon, if
I recall correctly.
 
Back
Top