Announcement

Collapse
No announcement yet.

ID account to log in

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ID account to log in

    Hi,

    I have this question:

    If someone steals my laptop ( Windows 8 ), does he/she need to know my Hotmail password?.

    I mean: Could he/she break into the laptop by using one of those utilities that leaves the Administrator password blank ?

    Thanks in advance.
    Last edited by loureed4; 13th October 2015, 21:18.
    -
    Madrid (Spain).

  • #2
    If they have physical possession of the device then they OWN it (assuming they have an iota of IT skills).

    Just think for a minute here Luis. Where does your User ID (account) authenticate to? The device or the Cloud?
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Thanks Biggles77.

      It does authenticate to the cloud ( I think ) , which is great because as soon as I change my Hotmail password, they just won't have access to the laptop, ever !

      But...I was reading last night that Windows 8 holds a local Administrator account, so, they in fact can reset that password to blank, if I am not mistaken.
      -
      Madrid (Spain).

      Comment


      • #4
        The Administrator account is called Administrator so Peter Nordhal has this brilliant app that can unlock and blank the Administrator account (or any other physical account on the device for that matter) and once that is done your laptop, desktop, server is owned (or pwned if you are into leetspeek). Any files you have stored on your device is also owned. Any files you have in the Cloud is only owned by NSA, GCHQ and various other TLAs (Three Letter Agencies).

        If you really want to make you device more secure then lock it down heavy. This can be done of you have a UEFI BIOS on your laptop. You can also password protect your HDD so it will not work in other devices. You can encrypt your HDD so only you can access it (don't forget the password/passphrase/key that encrypts it). I have only had a fairly shallow look at an actual UEFI equipped device and I do like some of the security aspects. Locking out the ability to boot from a USB flash drive is nice. Password protecting the BIOS is good so you can't change the ability to boot from a USB flash drive is also good though I don't know if the backdoor BIOS passwords can still bypass your password. I hope you are also not able to reset the BIOS to a Factory Default (jumper pins 2 & 3) where the password is then blanked. On the one I looked at, I believe resetting it left the customised password intact. Now if I can just borrow my daughter's machine I will test that some day. Her machine also has a tracking option in the UEFI BIOS that can enable it to be located if stolen. Works if you aren't using it through a VPN or Proxy.

        Might I suggest you use a 120GB or a 160GB HDD that you may have spare , throw a quick install on it and then set about securing it. If it gets screwed up then you may be able to blow away the install and try again. Assuming that you haven't put a HDD password on the HDD though I don't think those 2 drives have that facility unless you use a 3rd party app.

        I have never used the Cloud authentication for the Windows 8 to 10 versions as I have no wish for MS to track what I do and when I do it. Makes installing MS Solitaire, Hearts and Spider a bloody pain as a result but a small price to pay for a little anonymity.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Wow, that was informative!

          I am watching several videos on youtube and articles on google, watching (shocked) how easy resetting the password is:

          https://www.youtube.com/watch?v=01yAYz2NAEg ( A four-minute process! )

          Anyways, I am testing this password-resetting technique on my Windows 8 laptop and when I get to the CMD, I am asked to provide a profile, which is great but I don't know why it is happening.

          I am looking into UEFI BIOS too.

          As for encrypting the HDDs, I find it great because otherwise, just a bootable UBUNTU or any other Linux distribution would make all accessible !!

          Thanks.

          P.S: Yes, I think I happen to have one of those 120GB or 160GB you mention. . I will perform the test there
          -
          Madrid (Spain).

          Comment


          • #6
            Just watched that tutorial Luis and wasn't too impressed. Peter Nordhal's tool gets the same result a lot quicker and you don't need the Windows physical media. However if you have a UEFI BIOS securely configured it wouldn't allow you to boot from the Flash Drive with the password reset tool. I have even read that on some machines you need the original Windows DVD that came with the machine or that too will not boot. Good for security but not so good if you are trying to remove the Luser's forgotten password.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Thanks again Biggles77.

              I quote from my previous post:

              "...Anyways, I am testing this password-resetting technique on my Windows 8 laptop and when I get to the CMD, I am asked to provide a profile, which is great but I don't know why it is happening..."

              Maybe is it happening because there is no local accounts but only cloud-based ones?. It appears a name, which I suspect is my hotmail account.
              -
              Madrid (Spain).

              Comment


              • #8
                Can you get a screen capture of the profile request as seeing it may trigger something for someone.
                Is the password resetting technique the same or similar to the one used in the YouTube video?
                When you first created the User Account was it an online one or did you create a Local one first and then change it to Online? I am just guessing at this as I have only ever used a Local Account on Windows 8/8.1. Being anti-Cloud can have a downside when questions like this arise.
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment


                • #9
                  Yes, I was following that youtube video.

                  I dont have that laptop available for the weekend to make the screenshot.

                  I really dont remember creating a local account. I always logged in with my hotmail account.
                  -
                  Madrid (Spain).

                  Comment

                  Working...
                  X