UKC

Anyone know how secure a Windows password is?
Will someone nicking my laptop need to format the hard drive or are there back door entries possible?
Perhaps booting in DOS and using the command line? Though does your average burglar or fence have that nous?

And the same question for an Android tablet? Will that need a factory reset, or are there ways round the password screen?

TIA

In reply to Dispater:

Depends if you encrypt the hard drive (I think more recent versions of Windows can do this out of the box). If you don't, you just need to connect the drive to another PC to read it. If you do you can't so easily, but remember that will mean if you forget your password your data's gone.

Neil

In reply to Dispater:

with windows by default you can use one of the password reset tools available to blat the password. unless as neil pointed out the drive is encrypted. then it's a format and re-install job

however most windows computers now come with the "rebuild" tools available by just pressing one of the function keys when you switch the machine on. if you look through the support info for the vendors website it should be easy to see how. this means if you have things you want to protect on a laptop hard drive, you should encrypt the drive either using inbuilt windows encryption or using a third party tool like pointsec or safeguard (others may exist) i'm sure there are tools you could use to remotely trigger a wipe, but you need to preinstall them.

the tablet can probably be wiped and reset fairly easily, with most android devices (and ios i'm sure) you can even do this remotely. as soon as the device has access to the internet, it can be made to delete all personal data and reset the device... great for the thief to resell, but also means you're stuff doesn't get used

In reply to Neil Williams:


... or just boot with a linux live disc.

In reply to Neil Williams:

btw drive encryption has been available be default in windows since win2000 if you wanted it, but it does slow the machine down a bit and can be "tempramental"

In reply to Dispater:

If the disk is not encrypted, then accessing your windows install, and working out all of your passwords is trivial.

If the drive is encrypted then it is impossible. (unless you have access to the back-door in bitlocker, installed by the NSA)

Android is not secure.

In reply to John1923:


You can encrypt android as well. So far as I know that hasnt been broken. Although of course that does rely on it being turned off (then again same for a booted up or asleep windows install, if its in memory you are creamcrackered against someone skilled).

In reply to Dispater:

Got an hour to spare? In case you thought anything was secure this journalist from Der Spiegel paints a pretty dismal picture

youtube.com/watch?v=b0w36GAyZIA&

If the NSA and GCHQ are popping in and out of your devices at will, who else is?

In reply to Dispater:

What are you trying to secure? The laptop? Some of the files on it? All of the files on it?
What level are you trying to secure it to? Keeping casual thieves out? Industrial espionage? Keeping the NSA out?

As has been said, if the attacker has physical access to the machine, your windows password does nothing. Just whack a CD in the drive, follow the on screen prompts and they're in.

If your laptop supports it, a easy way of getting a fair bit of security without the general performance hit that comes with encryption would be to set some passwords at the BIOS and/or ATA level. The former protects the laptop, it won't power up without the BIOS password. The latter protects your data, the drive won't talk to a computer (your laptop or any other computer it's plugged into) without the ATA password. Done correctly, this will put stealing/recovering your data commercially into the hundreds of pounds range. How you do this varies between different laptop manufacturers, but most support in in one way or another.

Don't forget to apply the same level of protection to your backups...

In reply to Dispater:

I'd suggest using truecrypt with FDE to help against theft of computer.

Though you're using Windows, overall I'd just not put anything that needs to be kept confidential on the computer.

For what its worth I expect there are numerous children who could get around your windows password.