Does keeping login passwords make your computer secure?
Well, it doesn’t. There are many ways by which even the login passwords could be cracked there are several ways by which the cracking could be prevented. Following is a list of methods to secure a user computer their best practices and also ways by which their security could be hampered.
Note: Please do make a note that the following document is just for educational purpose and it serves as a base for knowledge to prevent malicious activities.[divider]
Protection Methods and Ways they could be hampered.
- WinLogin Authentication: The most largely used and trusted way of securing a Windows based PC, this is what most of us think, but it isn’t true, there are many ways to crack windows login password,1. By Removing the password: This is what i think, is the simplest method to break into a windows PC, as Windows OS saves its login passwords at the SAM (Security & Accounts Manager) it saves them in a hashed format,(a hash is a cryptography technique that is used to provide confusion, i.e change the original characters in random text) so instead of cracking the hash function simply the entry in the SAM file could be removed. This can by done by a tool called pogo stick which is available for free, at: http://pogostick.net/~pnh/ntpasswd/bootdisk.html , The details for the same are provided on the webpage.2. By doing a bruteforce attack: The most naive form of attack, here all the attacker does is tries various permutation and combinations of the password, the success of the attack completely depends on the creativity and common sense of the attacker.
Preventing Bruteforce attacks: Choose passwords that are not familiar or passwords that don’t have any resemblance to the real world. By doing this the task of the attacker is increased.
3. By finding the password: This technique is not a suggested one for cracking the windows passwords as it requires to crack the hashed passwords stored in the SAM file, Software tools like Rainbow hash crack, John The Ripper etc. all of which are avail for free.
- BIOS Password: Not so famous as the WinLogin, this method provides the owner of the system a bottom level security for their PC. As the BIOS is the most foremost thing that loads into a PC the above methods can be prevented by keeping a BIOS Password.But even BIOS authentication can be bypassed, BIOS store the passwords and usernames into its hardwired memory, the only way it does remember it after every logout session is due to the CMOS battery, thus removing the CMOS would reset the BIOS Authentication.
- Thus all the possible methods we discussed have some bypass mechanisms, so its always better to use a third party software, which have better authentication mechanisms and protocols. Stay tuned for more tips, and have a cyber safe day!