[sk-]

I live in a dorm and my computer has a windows password on it. But today I came back from class and my roommate told me that one of his friends was ****ing with my computer and he got into windows some how.

My roommate said it was only a joke and he had no bad intentions but still I dont like this invasion of privacy. Is there a program that adds better protection then the windows password.

Oh and he didnt use any cd's or floppy's to get into windowsXP pro. I guess he was lucky with the password.

[Oni]

2 words: "l337sp34k passwords"

[Xaotic]

Disable Guest, if it's activated.

Hard drive and BIOS passwords(HDD passwords are usually not easily cracked and almost impossible to bypass).

Use NTFS for the filesystem, keeps DOS boot disks from being used(unless someone is really motivated). You could disable FDD and CD boot for normal operation.

Use complex passwords. No caps to start. Minimum 8 characters. At least 2 must be numeric. Minimum 2 capitalized letters. No words, names or places.

Use password protected screen savers and lock the computer when you are away from it.

These are some of the basic security steps for unattended machines. There are many more.

[I.M.O.G.]

Here's the method I use to make secure passwords.

Choose a phrase you will remember:

"You Can't Crack This Uber Password."

Take the first letter from each word:

"YCCTUP"

Append a number prefix or suffix that you can remember (personal like birthdate or system information like ram timings work well):

"19YCCTUP82"

No one is gonna guess a password like that, and creating it from a phrase makes it super easy to remember right from the point you make it. I'm real forgetful, so this works well for me.

[engjohn]

an even more secure password is something like

St@rBr!9ht (starbright)
sT@rl!9hT (starlight)
!33T$pE@k (l33tspeak)

or
( . )( . )

[KraziKid]

A few things come to mind in your case. Either a) your passwords are way too simple, b) Your Administrator password is null (meaning there is none), or c) Guest account is enabled. If the Administrator account has no password, poof, instant access. I doubt he used a brute force method, but if he used a boot floppy and decrypted the SAM file, here are some pointers. Any password 15 characters or more makes a Lan Man Hash invalid (it cannot be reversed). Also, characters from the extended ASCII table also make the Hash invalid, but, some values are represented by lower ASCII values, so it can make it potentially easier to crack. On my workstation, the password isn't that secure, but my server password is 31 characters long (that is basically impossible to crack). Also, do what engjohn said, replace common characters with characters that look the same, but aren't (a and @ for example).

[pik4chu]

My laptops that I carry around and leave running at various semi public places usually have entire sentences for passwords (uncommon ones )with numbers and caps added here and there. with BIOS passwords (both standard and supervisor) the admin and guest accounts have been renamed, then the guest account disabled. recovery console restricted access to partition. NTFS file system. Auto workstation lock on screen saver. with SS password. disabled floppy and cd read on startup and on local access unless authenticated admin. Guess Im a little paranoid

in fact my normal passwords for this machine are about 15 chars long with numbers letters caps and a symbol or two

[powerme]

make sure you "disable" a real "administrator" in winxp because it is there.

boot into safemode and you will see this administrator account along with your account.

you have 2 choices: delete your account and add password for this administrator account

or use your account and add password for your account and this administrator.

if you are using a laptop computer, take out the hard drive and carry it with you. Nobody will get access to your windows when they don't have this hard drive

when they try to do that, they will see "no operating system found". End of the story

[engjohn]

Quote:

Originally posted by KraziKid
Any password 15 characters or more makes a Lan Man Hash invalid (it cannot be reversed).

This is true, but the passwords can still be reversed by using the NTLM hash. It will take longer, but it can be done. Reversing a LM hash is fast and easy for passwords under 14 char. The LM hash is NOT case sensitive, and usually a quick NTLM hash is run after cracking the LM hash to get the proper Caps.

using special symbols @$#%&( and the like makes it even harder to crack. On a P4 2.8 it took 40 Hours to crack a 9 letter password using one special symbol and a number. do NOT place these only at the begining or the end. This is also easy to crack. They must be in the middle of the password...

Also, you can use an inline PS2 key logger to capture passwords...

Just some thoughts.

1. Secure passwords.
2. Disable un-used accounts.
3. set a bios boot password.
4. Make sure that your computer will lock if not being used.
5. Dont temp people to hack your system (and DONT tell people your password, or let them logon to your system)

[I.M.O.G.]

Thanks for your comments John, they're very informative.