Nikhil Kothari's Weblog : Password Woes

Password Woes

Locked out of my Windows machine, wishing for a password recovery mechanism, and hacking the local Administrator account (oh yes, its possible, as I found out).

Last weekend, I had to take my desktop at home off the domain. Upon restarting I found myself locked out of the system... apparently my usual admin password was not what I used on this machine, and it soon became clear after several guesses that I was locked out. The only other local account I had on the machine did not have admin rights. There was just a ton of data stored under my redmond domain account so I could not afford re-installing the OS, or do anything that might result in data loss. Additionally, I did not have enough room to setup a parallel installation of Windows. Ouch!

Thats when I called the microsoft helpdesk. The person there said there was no way to reset the admin password. He also did not know of any boot disks or things along those lines that could help salvage the data I wanted to protect. Then in the middle of the phone call, he mentioned that he recieved instructions from his supervisor that he could not help on this issue - I guess helping one recover the admin password to a machine is not allowed for security reasons. Understandable...

So then I turned to google. After looking around a bit, I came across this password resetting tool, austrumi, that essentially is a linux boot disk, along with some functionality to load up the system registry from the windows installation on a partition, and allow me to unlock my now disabled admin account (all those failed login attempts?), and reset my password. And voila, I now had an admin account with a blank password, and was able to get into the system once again.

This tool helped me immensely... but it does leave the lingering thought... how does one truly safeguard a machine? Seems like you'd have to physically secure the machine. And perhaps remove the floppy and CD drives off the default boot sequence along with a BIOS password? But then what if someone forgets that password, and needs to legitimately get into the system? We really need better authentication mechanisms... whether its finger print based, or whatever else works technically. Perhaps Windows also ought to have a password retrieval mechanism... maybe based on multiple questions and answers, along with a smart card or finger print scan if one is possible.

Posted on Tuesday, 2/8/2005 @ 5:49 PM | #Life

Comments

6 comments have been posted.

David Stone

Posted on 2/8/2005 @ 5:56 PM

I used the Knoppix STD (Security Tools Distribution) recently for just that very purpose on a friend's machine. There's a utility called chntpw (change NT password) that allows you to mess with the SAM in just the same way.

And I thought the exact same thing. Regardless of how much technical security I have, I still need to keep my machine physically secure in order to protect it from this sort of thing. Even setting a BIOS password wouldn't work because anybody smart enough to know how to use one of these bootable Linux CDs is also going to know that you can just flip the jumper on the motherboard to cause the CMOS to reset itself. (Therefore wiping the password.)

My machine is secure...but only because it's my laptop and is always in my backpack when it's not in use...and I always have my backpack with me. :-p

Nikhil Kothari

Posted on 2/8/2005 @ 6:59 PM

I collegue of mine just said something similar about reseting the BIOS password. I didn't know about that until now... but I guess when faced with the need to know it, it is also possible to find information about it (and pretty easily too). Scary!

RichB

Posted on 2/9/2005 @ 1:15 AM

When Microsoft were bothered about getting C2 certification for NT, part of the C2 requirements were that the computer had no floppy drive.

Barry Kelly

Posted on 2/9/2005 @ 3:19 AM

Technological security is nothing without physical security. Thinking otherwise is folly. If people have access to the physical machine, they can open it up, put the hard drive into another machine and access to the contents.

A way around this is to encrypt files etc.; EFS for transparency, or pgp/gpg for a more disconnected portable solution. Of course, with EFS, once you lose your password, you lose your encrypted files too, unless you've specified a data recovery agent.

Even then, though, the security is an illusion if you access your machine regularly. All people have to do is add a keyboard sniffer to the internals or externals of the physical device (how often do you look at where your keyboard is attached to your PC?) and they'll pick up your password.

To reiterate, there is no technological solution.

wparish

Posted on 5/19/2005 @ 4:09 PM

Well, the password reset tools are good if the filesystem isn't encrypted. If you're really worried about someone stealing your computer and getting your data you need to use the encrypted file system. This won't help you if you lose your password, but if you're backing up regularly like you should be this is less important.

I guess you have to balance how badly you want security with how badly you want to be able to forget responsibility.

Jarred Nicholls

Posted on 8/16/2005 @ 9:30 AM

Actually, check this project out: http://msdn.microsoft.com/coding4fun/someassemblyrequired/isthatyou/default.aspx

That's a great way to log yourself in...click the button and you're in! =)

The discussion on this post has been closed. Please use my contact form to provide comments.