Windows 7 Administrators Veiw of Computers on the Network. (School)

[Rhys Keown]

Ok, so the computers at my school are like may others. Bog standard HP's that can't really do much without serious slow down even with an I5 CPU, But thats not my question. So the IT people at my school have accses to the computers the hard drive, internet surfing history and much more. For security reasons school makes you change your password every now and again and this wouldn't be a problem if i could use previous passwords from any time i have been attending this school (Going to my 5th year in September). So i find my self coming up with crazy and ridiculous passwords that i would never use in real life and am more likely to forget. My question is does a school or any other network of computors administrator able to see what password you use and how?

 

[knoober]

If you authenticate with a remote server ( log in from your computer to their computers over a network), good security practices dictate that strong encryption be used for the password. This means that your password is scrambled and protected as it gets sent. Depending on what type of encryption is used, it may not be able to be reversed - which means that the admins will never see your actual password in normal circumstances. When you forget your password if they just reset it for you then they likely cannot view the password itself in its un-encrypted state. But one should always assume that admins are all seeing and all knowing about everthing that happens on their system, so dont bank on the fact that they cannot/willnot see your passwords.

http://keepass.info/ has some good word of mouth around here. I cant say that I use it myself, but I have considered it. I believe there are other competing products as well if you are interested in such a thing.

 

[Janus67]

As knoober stated, for all intents and purposes it is unlikely (assuming the school IT dept is following proper security practices) that they can see an un-hashed/decrypted version of your password. There have been leaks from various large internet institutions/companies that it was determined that the passwords were kept in plaintext -- I would imagine this is generally very very unlikely, but it has happened. And if that is the case no matter how strong you set your password it would be screwed, but it is increasingly unlikely due to the risks/publicity in the IT world when those issues have arisen.

That and it is incredibly unlikely that anyone would care. IT can just as easily change your password if they needed to access something and mark your account to need to change/update the password and send a password reset reminder. Which in places I have worked is incredibly unlikely outside of extreme circumstances (their account is causing a large issue, locking the account is out of the question, and they are unreachable).

I would stick to passwords that you can remember, if you are using passwords you have a hard time to remember then it leads to a more likely situation where someone just writes down/makes note of their password(s) and that is a much larger security issue than picking something that is "complex" but easy to remember.

 

[ihrsetrdr]

Large institutions can be 'kinda' sold on the change-your-password thing. Of course, users can be like kindergärtners and share all kind of diseases, forwarding emails with links, letting others use their account, etc.

My last job(@State prison) required password change every 60 days. Like others, I jotted it down on my Desk Pad Calendar, except that I would suppress the middle digits(19-H******2).

If I forgot those suppressed digits, I had to call Computer Services....