Welcome to
Chic and Charming
a modern salon for
the discussion of
style, culture and etiquette.

14 October 2007

Gadget Guru: Password Woes


Think your computer is safe because you've password protected your accounts? Think again. About 80% of all home PC's have an easily exploitable back door, the Administrator account. I bet you're thinking "No problem, my account is an Admin account." While you may be an Administrator to your computer, if you're login name is not Administrator there is another Admin account lurking in the background and chances are it is not password protected. Most PC owners don't know about this because when your computer starts up and shows you the list of your accounts it doesn't show THE Administrator account. Without a password on this account, anyone can access ANY information on your computer, this includes changing the password on every account on your computer (including the Admin account), which could leave you out of luck accessing information on your computer until you can reset the password (worry not, I'll tell you how to prepare yourself for this situation).

I recently had an experience with this exploit. I was working on a project and walked away from my computer for a few minutes (mind you, I did lock my computer before leaving). When I came back one of my group members (yes, a member of my group, a person I trusted) was tooling around on the internet on MY COMPUTER. When I confronted him about this he locked the computer and ran away. Unable to get the kid to tell me my password I started to guess everything that might be obvious. When this failed I started calling everyone I know. I had no clue how he could have changed my password because the only way I knew how to change a password was with a change password disc, something I knew he didn't use as my DVD drive is external and was with me at the time.

After about 3 hours I was finally able to free my computer. How you ask? Simple, the change password disc I mentioned before. Go to this site and choose your poison: Most of these methods for resetting your password or recovering it require that you burn an image to a CD so it would be smart to do this now so you aren't stuck asking your friends to do this for you when someone resets your password. I used the "Offline NT Password and Registry Editor," but be warned this is not for the every day person. I work with computers everyday and I was still nervous about using this disc as it edits your Registry file on your computer, which is always a dangerous thing if you don't know exactly what you are doing. I'm told that this disc is relatively safe because most at home computer users will just go through the default options they offer (which was the case for me, even with multiple partitions on my hard drive). I have no experience with "Windows Password recovery" but it looks pretty safe so you might want to start off with that (as it recovers your password and doesn't mess with the Registry file). I'm guessing you could even test it now, when you actually know what your password is, just to see how it works. Please read all warnings on this website before trying anything!!

Now that I've covered how to recover your password if someone hacks your Admin account I should probably also cover how to protect your Admin account so you can greatly reduce your chances of ever needing to use the password recovery software. I would still recommend creating a password recovery disc just in case you ever have a senior moment and can't remember your password as Windows only lets your try to type in your password a few times before locking you out completely (you can restart your computer and try again, but that's annoying). Here's the quick and dirty solution. When you get to your login screen (either on start up or when you log off your account) hit Ctrl+Alt+Delete TWICE and you will be taken to the old school gray box login in screen. At this point you can type in any user name you please. Type in "Administrator" (remember to capitalize the "A"). Try leaving the password field blank and hit login. If it lets you login you know that you're Admin account is not password protected! If it doesn't let you log in...well...I wish you luck trying to remember what you set your Admin password to. Some of these newfangled computers force you to create an Admin password the first time you start up your brand new computer...and if you're like me, you're too excited about your new toy that you don't really pay attention to what you type in. Worry not, you can use your new disc to recover the password, login, and change your password to something you WILL remember.

For those who don't have password protected computers, here are the details of how to set one:

1. Login to your name.
2. Go to Start-->Settings-->Control Panel
3. Click on "User Accounts"
4. Click on "Change Accounts" (if your account has administrator privileges, I'm not sure what to click if your account doesn't have admin privileges)
5. Choose your account
6. Click "Create Password"
7. Set password
8. You're done!

Of course, there is always the good old standby of reinstalling Windows on your computer and starting over. However, remember, when you do this you WILL WIPE YOUR HARD DRIVE and any data that has not been backed up WILL BE LOST. Good luck and I hope no one messes with your passwords!

This article was written by "Marilyn," occasional co-conspirator on Chic and Charming

Image from

No comments: