Password Security HELP

  • Thread starter Thread starter DUN1
  • Start date Start date
D

DUN1

Just because exists Rainbow tables i've read is more secure to create
randomic alfanumeric password with more than 14 chars, so that the hash is
not saved where rainbow tables look into.

The problem is that exists many other ways like Erd Commander to CLEAR the
administrator password.

known that doesn't exist salted password for windows xp, my request is:
there any way to lock users with empty password even if administator?
i tried with secpol.msc to change the minimum lenght to xxchar, but erd
commander cleard fine the password hard coding it into windows registry.

Any Idea?
 
Ok, but in 2 minutes any could set the jumper to clear cmos,
than start erd commander and clear the admin password.

This tips seems not applicable...
 
You don't say desktop or laptop.
It is practible for a laptop, because if they can not pick the factory
default Bios one(there are many), they have to install a new chip!
 
DUN1 said:
Just because exists Rainbow tables i've read is more secure to create
randomic alfanumeric password with more than 14 chars, so that the hash is
not saved where rainbow tables look into.

The problem is that exists many other ways like Erd Commander to CLEAR the
administrator password.

known that doesn't exist salted password for windows xp, my request is:
there any way to lock users with empty password even if administator?
i tried with secpol.msc to change the minimum lenght to xxchar, but erd
commander cleard fine the password hard coding it into windows registry.

You could use something like a Smart Card and/or encryption to protect the
data if you're talking about laptops. Otherwise, physical access trumps
everything.

If you want more focused advice, you should provide details of your
situation. You didn't even tell us if the computers in question are
laptops, desktops, on a domain, etc. You also need to identify the threat
you're trying to protect against.

Malke
 
Back
Top