The more numbers, uppercase letters,
symbols and digits in your password, the harder it is to discover. Microsoft
themselves recommend using no less than 6-digit passwords with at least three of
the following: lower case, uppercase, numbers and special characters. Make sure
ALL enabled user accounts have been assigned passwords.
It's a pain to have to memorize
complicated passwords, but if you use the laptop primarily for traveling, simply
jot the password down and carry it somewhere on your person (not in the laptop
bag).
While you are at it, changing the
'administrator' account to an alternate name is also a good measure to make it
harder to break in. Everyone knows that Windows XP uses an administrator
account, and that it cannot be disabled, so it is the prime target for data
thieves. By renaming it 'Bob' or something stranger still, you can add some time
and frustration to your thief's life. To do this:
Log into windows using an account that
has administrative privileges (any user created during install process or the
administrator account itself)
Right click on 'my computer' and
select 'manage.'
From the computer management window,
Expand 'local users and groups' then open the 'users' folder and highlight the
'administrator' account. Right click and select 'rename' to change
it.
STEP 3: Encrypt vital
data
Again, if you've read our recent
article on password recovery you'll
have realized that it is not really necessary for an intruder with physical
access to the computer to actually hack the passwords of your user accounts in
order to get at your data. There are a slew of utilities out there that will
happily boot your computer into an alternate OS like Linux and then reset your
user passwords. It is also quite simple to grab a portable operating system that
boots itself from CD (such as Knoppix), or a DOS boot disk with an NTFS reader on it and then copy the
information straight off your laptop's drive. For that matter, laptop hard disks
are generally easy to remove anyway.
An intruder could purchase an adaptor
or a USB case and hook your laptop's hard drive up to his or her own system and
siphon off your files. So what use are Windows user passwords? Well, plenty of
use when you combine them with proper encryption…
Windows XP Professional, like Win 2000
before it, features built in strong file encryption based on the identity of the
user. When you use the Encrypting File System (EFS), a file is encrypted with an
algorithm derived from the unique SID (System Identifier) number generated for
each user account. Once the file is encrypted, it cannot be decrypted except by
the original user (and anyone he chooses to grant access to the file). This
means that any other user account will not be able to view the file, period.
The encryption is permanent and
remains on the file even when Windows is not running. It doesn't matter if a new
account with the exact same name and password is created, only the original
account with the original SID number can decrypt and read the file.
The benefits of using file encryption
are obvious. The only feasible way to break it without a supercomputer is to
bypass it by gaining access to the user account that did the encrypting. If you
set strong passwords, as above, this is very tough to do. None of the
conventional methods of getting at secured data will work on encrypted files.
Of course, encryption carries its own
set of dangers. If the original user account is destroyed due to a system
failure or user error, you too will lose all access to the encrypted data. It is
possible (and highly recommended) to create a 'recovery agent' which provides a
secondary account with the ability to recover the data. This can be created as a
digital certificate which can be exported to a floppy disk, then applied to a
user account when needed.
RSS Newsletter
