"Mayayana" wrote:

Windows password cracking software exists and
works quite well.

The other options you talk about require actions
on the part of software. I don't know of any function
like that in Windows -- and certainly not in other
software -- to do that. You can't just open the options
settings in any program and set high security startup
options.

A lot easier would be to set a BIOS password. Boot
into the BIOS and set a password for both the booting
and for access to the BIOS itself. Then the only likely
way to get around it is to remove the PC's battery for
long enough to wipe the BIOS, or to take out the hard
disk and hook it up elswhere. If the BIOS depends on
non-default settings then people won't be able to wipe
the BIOS without making the machine unbootable, so
that's further security. But there's only so much you can
do. If someone wants to get at the data on the disk
they can probably do it. The only question is how expert
they need to be.

A further option would be to encrypt data on disk.
You can password-protect ZIP files, for instance. I think
Win7 also has on-disk encryption options, but I'm not
familiar with them.


??????? I'm puzzled by this reply and most of the others in this
thread. Maybe I just don't express myself sufficiently clearly. Maybe
I confuse you with too much detail.

Let's try again.

I want to acquire a program which will do all the work for me. (Let's
call it PW-Manager.) I don't want to learn about Linux. I'm not
worried about people removing the HD and putting it in another
machine, nor about people resetting the BIOS, nor about any
super-sophisticated nerd doing any of the other things that people in
this thread seem to be concerned about. KISS! Didn't I say the NSA can
browse my machine at will? Or something similar.

I just don't want, wife, kids, grandkids, visitors, cable guy, etc.
deciding to see what hubby/dad/grandpa/etc has on his machine. And, my
memory what it is, I can't remember what I had for breakfast, let
alone any even slightly complex PW.

Let's beat it to death. Take my wife. If she's called on to put in a
PW she uses the name of the dog. Not enough characters? She adds 123
at the end. This also satisfies the occasional company who wants
something containing letters and numbers. If they insist she has to
change the PW once a month, OK, put the 123 at the front of the dog's
name. Following month she makes it name of the dog twice in a row
followed by the name of the city she was born in. After a couple of
months she can usually revert to the more simple name + 123. Even my
5-year old grandkid can crack this in a couple of minutes. In her
office, lots of the adjacent workers have similar schemes and no they
don't put a post-it on the monitor. Frowned upon, ya know! If you ask
her why she doesn't do something less easy to crack, she'll tell you
she can't remember it. I can't either!

As to the 1024 length, it's partially because I've been told that the
longer the PW, the harder it is to crack. Secondly, Win ... um ... NT
probably was the first 32 bit OS: why the hell did they limit
themselves to 32 bit? Don't these people ever learn their lessons?
Then it went to 64 bit... Yikes! Another short-sighted effort. What's
wrong with 256 bit addressing? And there's a practical problem here.
On a 32 bit machine you can't have memory more than 3 and change gig!
Eventually 64 will be too small and we'll have another painful
migration issue. So maybe 1024 for the PW is a bit overboard at the
moment but eventually there'll be a use for it.

(The other item that really annoys me is multiple users (also
introduced in NT IIRC). Who lets someone else use their machine,
except on a very limited basis? For one thing do you want those grubby
fingers on your keyboard? Why Msoft can't come out with a single user
OS I don't know.)

Well, back to the PW: I don't want to tell someone how to do it but it
probably requires modification to the OS at the point of asking for
the PW. I'd guess. Well, just as I use a physical key to unlock the
front door of the house, I'm suggesting that the physical key to the
computer is a USB stick (with a PW). Maybe if you just type "USB" for
the PW, your modified OS will know to look at the USB ports etc.

BTW, I already use a PW manager, known a Password Corral. It's free
and depends on nothing except running on a 32 bit Windows machine.
It's a bit clumsy and doesn't address the issue of a PW for the
machine but for issues such as a replacement for the dog's name that
you don't have to remember it's half way there.

On Wednesday, April 23, 2014 12:56:43 AM UTC-4, wrote:
"Mayayana" wrote:



Windows password cracking software exists and

works quite well.



The other options you talk about require actions

on the part of software. I don't know of any function

like that in Windows -- and certainly not in other

software -- to do that. You can't just open the options

settings in any program and set high security startup

options.



A lot easier would be to set a BIOS password. Boot

into the BIOS and set a password for both the booting

and for access to the BIOS itself. Then the only likely

way to get around it is to remove the PC's battery for

long enough to wipe the BIOS, or to take out the hard

disk and hook it up elswhere. If the BIOS depends on

non-default settings then people won't be able to wipe

the BIOS without making the machine unbootable, so

that's further security. But there's only so much you can

do. If someone wants to get at the data on the disk

they can probably do it. The only question is how expert

they need to be.



A further option would be to encrypt data on disk.

You can password-protect ZIP files, for instance. I think

Win7 also has on-disk encryption options, but I'm not

familiar with them.





??????? I'm puzzled by this reply and most of the others in this

thread. Maybe I just don't express myself sufficiently clearly. Maybe

I confuse you with too much detail.



Let's try again.



I want to acquire a program which will do all the work for me. (Let's

call it PW-Manager.) I don't want to learn about Linux. I'm not

worried about people removing the HD and putting it in another

machine, nor about people resetting the BIOS, nor about any

super-sophisticated nerd doing any of the other things that people in

this thread seem to be concerned about. KISS! Didn't I say the NSA can

browse my machine at will? Or something similar.



I just don't want, wife, kids, grandkids, visitors, cable guy, etc.

deciding to see what hubby/dad/grandpa/etc has on his machine. And, my

memory what it is, I can't remember what I had for breakfast, let

alone any even slightly complex PW.



Write the password down and put it in your wallet or wherever you
would put the proposed physical USB type key. Seems that is about as
secure as the physical key that you want.




Let's beat it to death. Take my wife. If she's called on to put in a

PW she uses the name of the dog. Not enough characters? She adds 123

at the end. This also satisfies the occasional company who wants

something containing letters and numbers. If they insist she has to

change the PW once a month, OK, put the 123 at the front of the dog's

name. Following month she makes it name of the dog twice in a row

followed by the name of the city she was born in. After a couple of

months she can usually revert to the more simple name + 123. Even my

5-year old grandkid can crack this in a couple of minutes. In her

office, lots of the adjacent workers have similar schemes and no they

don't put a post-it on the monitor. Frowned upon, ya know! If you ask

her why she doesn't do something less easy to crack, she'll tell you

she can't remember it. I can't either!



As to the 1024 length, it's partially because I've been told that the

longer the PW, the harder it is to crack.

To some extent that's true, but the problem with using the pets name
followed by 3 numbers isn't the length, it's that everyone knows the
pet's name. If you had a random password of the same length, it
would be secure from the types of intruders on your list. Just
5 letters/digits gives 37^5 possible combinations. Guessing that is
like winning the lottery.




Secondly, Win ... um ... NT

probably was the first 32 bit OS: why the hell did they limit

themselves to 32 bit?

Because the entire x86 CPU architecture at the tim e was only 32 bits,
ie that was the register size, the physical address size and the main data size
that the instruction set handles. If the hardware can only add two 32
bit integers, can only deal with 32 bit addressing, seems it would be a
huge burden to design an OS for something that wouldn't be needed for
another 15 years.



Don't these people ever learn their lessons?

Then it went to 64 bit... Yikes! Another short-sighted effort. What's

wrong with 256 bit addressing?

No CPU supports 256 bit addressing. The hardware doesn't support it,
the instruction set doesn't support it. And no one sees the need for
it for a very long time to come, probably never. It's kind of like TVs.
You don't design a TV to handle what won't be needed for another 20 years.



And there's a practical problem here.

On a 32 bit machine you can't have memory more than 3 and change gig!

Eventually 64 will be too small and we'll have another painful

migration issue.

Do you realize how big 2^64 is? It's so big I don't even know if we
have a name for it. Plot a chart of memory density increases, ie Moore's law and you'll see that it's a non-issue. You'd be beyond the ultimate limits
on semiconductor memory density imposed by physics.



So maybe 1024 for the PW is a bit overboard at the

moment but eventually there'll be a use for it.



I doubt it.




(The other item that really annoys me is multiple users (also

introduced in NT IIRC). Who lets someone else use their machine,

except on a very limited basis? For one thing do you want those grubby

fingers on your keyboard? Why Msoft can't come out with a single user

OS I don't know.)


It is single user if you're the administrator, you have a secure password,
and you don't add any other users.





Well, back to the PW: I don't want to tell someone how to do it but it

probably requires modification to the OS at the point of asking for

the PW. I'd guess. Well, just as I use a physical key to unlock the

front door of the house, I'm suggesting that the physical key to the

computer is a USB stick (with a PW). Maybe if you just type "USB" for

the PW, your modified OS will know to look at the USB ports etc.


AFAIK, that's what would have to be done to support what you want.
And in some ways, it's less secure than a PWD. I have a secure password
that only I know. The USB stick, I could leave in the PC. Or I could
leave it laying around somewhere. Where exactly are you going to put
yours, that your wife, grandkids, etc won't find it? Safe? If you
can remember the combination to a safe, I would think you could use those
numbers for a PWD that is secure enough.



BTW, I already use a PW manager, known a Password Corral. It's free

and depends on nothing except running on a 32 bit Windows machine.

It's a bit clumsy and doesn't address the issue of a PW for the

machine but for issues such as a replacement for the dog's name that

you don't have to remember it's half way there.

writes:
"Mayayana" wrote:

Let's try again.

I want to acquire a program which will do all the work for me. (Let's
call it PW-Manager.) I don't want to learn about Linux. I'm not
worried about people removing the HD and putting it in another
machine, nor about people resetting the BIOS, nor about any
super-sophisticated nerd doing any of the other things that people in
this thread seem to be concerned about. KISS! Didn't I say the NSA can
browse my machine at will? Or something similar.


Well, back to the PW: I don't want to tell someone how to do it but it
probably requires modification to the OS at the point of asking for
the PW. I'd guess. Well, just as I use a physical key to unlock the
front door of the house, I'm suggesting that the physical key to the
computer is a USB stick (with a PW). Maybe if you just type "USB" for
the PW, your modified OS will know to look at the USB ports etc.


What you want is called a secure access token.

Here's an example. There are other companies that make such tokens
as well. All the tokens are supported by Windows. None are free.

http://en.wikipedia.org/wiki/SecurID

| Well, back to the PW: I don't want to tell someone how to do it but it
| probably requires modification to the OS at the point of asking for
| the PW. I'd guess. Well, just as I use a physical key to unlock the
| front door of the house, I'm suggesting that the physical key to the
| computer is a USB stick (with a PW). Maybe if you just type "USB" for
| the PW, your modified OS will know to look at the USB ports etc.
|
|
| What you want is called a secure access token.
|

I'm afraid you may be just adding more confusion.
How is that going to prevent people from booting
Windows or using other software that hasn't been
designed to require the token?

On Wednesday, April 23, 2014 10:38:49 AM UTC-4, Mayayana wrote:
| Well, back to the PW: I don't want to tell someone how to do it but it

| probably requires modification to the OS at the point of asking for

| the PW. I'd guess. Well, just as I use a physical key to unlock the

| front door of the house, I'm suggesting that the physical key to the

| computer is a USB stick (with a PW). Maybe if you just type "USB" for

| the PW, your modified OS will know to look at the USB ports etc.

|

|

| What you want is called a secure access token.

|



I'm afraid you may be just adding more confusion.

How is that going to prevent people from booting

Windows or using other software that hasn't been

designed to require the token?

+1

Years ago when I was in the field and had a corporate notebook,
we used that type of device. It generated a number that I had to
enter which was then authenticated by the network before allowing
me to log on to the corp network.in. It's kind of like the
common rolling code garage door
opener codes or key codes for cars. The device you have and the
other device are generating pseudo-random codes based on the same
seed. I don't see how it solves the OP's issue of using a secure
USB key of some kind instead of the normal Windows PWD when the PC
boots.

On 04/22/2014 11:56 PM, wrote:
"Mayayana" wrote:

Windows password cracking software exists and
works quite well.

The other options you talk about require actions
on the part of software. I don't know of any function
like that in Windows -- and certainly not in other
software -- to do that. You can't just open the options
settings in any program and set high security startup
options.

A lot easier would be to set a BIOS password. Boot
into the BIOS and set a password for both the booting
and for access to the BIOS itself. Then the only likely
way to get around it is to remove the PC's battery for
long enough to wipe the BIOS, or to take out the hard
disk and hook it up elswhere. If the BIOS depends on
non-default settings then people won't be able to wipe
the BIOS without making the machine unbootable, so
that's further security. But there's only so much you can
do. If someone wants to get at the data on the disk
they can probably do it. The only question is how expert
they need to be.

A further option would be to encrypt data on disk.
You can password-protect ZIP files, for instance. I think
Win7 also has on-disk encryption options, but I'm not
familiar with them.


??????? I'm puzzled by this reply and most of the others in this
thread. Maybe I just don't express myself sufficiently clearly. Maybe
I confuse you with too much detail.

Let's try again.

I want to acquire a program which will do all the work for me. (Let's
call it PW-Manager.) I don't want to learn about Linux. I'm not
worried about people removing the HD and putting it in another
machine, nor about people resetting the BIOS, nor about any
super-sophisticated nerd doing any of the other things that people in
this thread seem to be concerned about. KISS! Didn't I say the NSA can
browse my machine at will? Or something similar.

I just don't want, wife, kids, grandkids, visitors, cable guy, etc.
deciding to see what hubby/dad/grandpa/etc has on his machine. And, my
memory what it is, I can't remember what I had for breakfast, let
alone any even slightly complex PW.

Let's beat it to death. Take my wife. If she's called on to put in a
PW she uses the name of the dog. Not enough characters? She adds 123
at the end. This also satisfies the occasional company who wants
something containing letters and numbers. If they insist she has to
change the PW once a month, OK, put the 123 at the front of the dog's
name. Following month she makes it name of the dog twice in a row
followed by the name of the city she was born in. After a couple of
months she can usually revert to the more simple name + 123. Even my
5-year old grandkid can crack this in a couple of minutes. In her
office, lots of the adjacent workers have similar schemes and no they
don't put a post-it on the monitor. Frowned upon, ya know! If you ask
her why she doesn't do something less easy to crack, she'll tell you
she can't remember it. I can't either!

As to the 1024 length, it's partially because I've been told that the
longer the PW, the harder it is to crack.



Problem is , if you lose your USB stick or it goes bad, then you are sunk

If you simply want to keep family members off your machine just a
simple, easy to remember P/W is fine