Windows Vista Passwords


Here a password, there a password, everywhere a password! There's simply no shortage of user accounts that you'll need to work with as the owner of a Windows Vista system - and each is protected with a different password. In some cases, you'll be responsible for choosing and assigning passwords for these accounts; in others, third parties like your ISP will assign them to you. Regardless of the manner in which they're obtained, all passwords are important, and it's largely up to you to both remember them and ensure they're properly secured.

The primary types of account passwords that you need to deal with on a Windows Vista system include:

  • User account passwords

  • Web site passwords

  • E-mail and Internet service passwords

  • File security passwords

User Account Passwords

As you learned in Chapter 1, Windows Vista includes the capability to separate and secure the working environments of different users with user accounts. When protected by a strong password, your user account represents the first line of defense toward securing your files and improving your personal privacy.

On a Windows Vista system, user account passwords are stored in a protected part of the Registry known as the Security Accounts Manager (SAM) database. Instead of storing actual passwords in this database, Windows Vista first creates a one-way mathematical hash value of individual passwords, and then stores these hashed values in the SAM database. This database is protected by a system startup key stored on the hard drive, and then decrypted and encrypted as a part of the system startup and shutdown process.

The one-way hash function used to store user passwords is technically not reversible, but that doesn't mean that it offers perfect security. There are a number of tools and utilities that make it possible for a hacker with access to the SAM database to compromise its security, and then access another user's account. There's more about these types of software later in this chapter.

Although the password storage facilities in Windows Vista are far from perfect, that isn't an excuse not to protect user accounts with strong passwords. Many of the tools designed to crack or detect user account passwords rely on brute-force cracking methods, where thousands of different words (including the entire contents of English-language dictionaries) are used in an attempt to guess their way into a system. When you configure strong passwords for your Windows Vista user accounts, this cracking process becomes exceptionally difficult, to the point where the work associated with the undertaking is usually not worthwhile. Unless a hacker's motives are personal, most will not invest the time and effort required to hack a well-secured system. Quite simply, there's just no shortage of other low-hanging fruit (improperly secured systems) out there for them to take advantage of.

As the owner of a Windows Vista system, it's a safe assumption that you'll also be its primary administrator. From a security standpoint, it's up to you to educate other users on the importance of configuring a strong user account password, as well as changing it regularly. If you're running Windows Vista Professional, there is some help to be had on this front. By implementing policy settings (discussed later in this chapter), you can actually enforce strong user password requirements, ensuring that all users have no choice but to get with the program.

Web Site Passwords

Although most people only have to worry about remembering the details of a single Windows Vista user account, web sites' user accounts present another issue entirely. Needed for everything from entering the members' area of some sites to accessing web-based e-mail, it doesn't take long for these accounts to add up at an alarming rate.

In many cases your e-mail address serves as your username on these sites, but it's usually up to you to select a password. Although some sites do enforce password policies (such as requiring a minimum password length of six characters), most don't make the requirements very tough - they're too afraid to enforce strict password requirements, lest they scare away or frustrate a potential member.

Even in cases where a site enables you to select a weak password, it's important to take the high road and choose a good, strong password. This is obviously more critical for some sites - there's no denying that an online banking user account is more important than the one used to access the member's area of a gardening web site - but treating all user accounts as being important is a good idea, even if only as part as developing better password habits.

Later in this chapter you'll see how password management software can make the process of implementing good user account password security much easier.

Caution 

Never use the same password for different web site user accounts. Many people sign up for a new web site user account, provide their e-mail address (typically required), and then configure the same password for the new site that they use to protect their e-mail account. Effectively, this is the same as sending the new site your e-mail username and password, which in turn provides all the information someone at that site would need to log on to your e-mail account. If you have done this in the past when creating web site user accounts, change the password associated with your e-mail account immediately as a precaution.

E-mail and Internet Service Passwords

Some passwords are easier to forget than others, especially when Windows Vista helps by remembering them for you. Such is typically the case with user accounts assigned to you by your Internet Service Provider (ISP). For example, if you use a dial-up or DSL-based Internet connection, your ISP likely supplied you with a username and password that must be used to connect to their service. After initially configuring these settings in Windows Vista, however, you can save the information so that you don't have to type the password manually each time you log on.

The same is usually true of the e-mail account details assigned by your ISP. This user account (which gives you access to your e-mail inbox) is usually configured once in an e-mail program like Microsoft Outlook or Windows Mail, with the password again remembered for future reference. Having the program remember the username and password associated with your account saves you the trouble of having to re-type your password each and every time you want to check for new messages.

In some cases an ISP allows you to choose passwords for these accounts, but many simply assign them to you. Although the username and password combination that you use for dial-up or DSL access typically cannot be changed, the password associated with your user account usually can. Many service providers give you access to a dedicated support web site from which you can change your e-mail account's password, as well as other account details. Check your ISP's web site to see whether you can change details like your password online. If you can, configure strong passwords for your e-mail accounts, and change them regularly.

File Security Passwords

Many programs include the capability to secure files, folders, and even entire disks with a password. A great example is the password protection that can be incorporated into a ZIP file, where the correct password must be supplied to open the file and get at its contents. Similarly, many encryption programs use individual passwords as the key to encrypt and decrypt files.

The major difference between user account passwords and those used to secure files is that file passwords are sometimes shared with other users. For example, you might password protect a file that you send to another user, and that user will need to supply that same password to open the file. If sharing a file in this way is your goal, come to an agreement with the other user about a suitable password in advance; never use one of your own personal passwords, which would ultimately need to be shared with the other user.

Cross Reference 

Public key encryption is a better option for securely exchanging files with other users. You'll find more about encryption and other methods of securing files, folders, and disks in Chapter 14.




PC Magazine Windows Vista Security Solutions
PC Magazine Windows Vista Security Solutions
ISBN: 0470046562
EAN: 2147483647
Year: 2004
Pages: 135
Authors: Dan DiNicolo

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net