Associating
a password with your user account is your first line of defense against
those who would like to snoop around in your files. Because the Welcome
screen shows every user account, if you don't set passwords,
anyone who has physical access to your computer can log on by simply
clicking a name on the Welcome screen. If the chosen name belongs to an
administrator account, the person who clicks it has full, unfettered
access to every file and setting on the computer. Requiring a password
for each account (particularly administrator accounts) goes a long way
toward securing your computer.
Note:
You needn't worry
about someone who's not in your homegroup logging on to your computer
remotely (over the network, the internet, or with Remote Desktop
Connection, for example) if your account doesn't have a password.
Security features in Windows prevent remote logon by any account with a blank
password. When you don't have a password in Windows, the risk comes
only from people who have physical access to your computer.
This feature is enforced by a
policy setting, which is enabled by default. If you have the
Professional, Enterprise, or Ultimate edition, you can confirm that the
policy setting is enabled, as follows. At a command prompt, type
secpol.msc to open Local Security Policy. Open Local Policies\Security
Options and be sure that the Accounts: Limit Local Account Use Of Blank
Passwords To Console Logon Only policy setting is enabled. (If you use
the Starter or Home Premium edition, you needn't worry; the policy
setting can't be disabled.)
1. Creating a Secure Password
A password is of little
value if it's easily guessed by an intruder. Obviously, you shouldn't
use your name or something equally transparent. However, even a random
word provides little security against a determined intruder—some hackers
use tools that try every word in the dictionary. By observing the
following guidelines, you can create a password that's difficult to crack in a reasonable amount of time:
Use at least eight characters. Longer is better, which is why some security experts suggest using a pass phrase. A password or phrase can (and should) include spaces and punctuation; the maximum length is 127 characters.
Use a mixture of uppercase letters, lowercase letters, numbers, and punctuation.
Avoid including your name or user name in the password.
Use random sequences instead of words, or intersperse numbers and punctuation within words—W!nd()wS 7 1ns!dE ()uT for example.
With a little thought,
it's pretty easy to come up with a password that is memorable and
secure. For example, start with a phrase about yourself or your
hobbies—one that you can easily remember, such as I'm addicted to Solitaire. Make a few letter substitutions, misspell a word or two, and you come up with I'm +Icted 2 $ol!ta!re.
It's long, uses all four types of characters, contains no dictionary
words, and is easy to remember—so you won't be tempted to write it on a
sticky note attached to your monitor.
|
You can't log on
Even when you're certain
you know the password, you might have trouble logging on. First, be
aware that passwords are case sensitive: You must type capital letters
and lower case letters exactly as you did when you created the password.
If you still can't get on, be sure the Caps Lock key is not on.
|
2. Setting a Password
The simplest way to
set a password for yourself or for another user (if you have
administrator privileges) is with User Accounts in Control Panel. Click
the name of the user for whom you want to set a password and then click
Create A Password. A window like the one shown in Figure 1 appears.
To change your password, you must provide your old password as well as a new one.
|
The fastest path to a password-setting
screen for your own account is to press Ctrl+Alt+Delete and then click
Change Password. There you can set a password along with an updated
hint.
|
You can use other account
management tools to set a password, but User Accounts is the only tool
(along with Ctrl+Alt+Delete, described above) that lets you specify a
password hint. The password hint appears after you click your name on
the Welcome screen and type your password incorrectly. Be sure your hint
is only a subtle reminder—not the password itself—because any user can
click your name and then view the hint.
Warning:
If another user has
files encrypted with EFS, do not create a password for that user;
instead, show the user how to create a password for his or her own
account. Similarly, do not remove or change another user's password
unless the user has forgotten the password and has absolutely no other
way to access the account. (For more information, see the following
section, "Recovering
from a Lost Password.") If you create, change, or remove another user's
password, that user loses all personal certificates and stored passwords for websites and network resources. Without the personal certificates, the user loses access to all of his or her encrypted
files and all e-mail messages encrypted with the user's private key.
Windows deletes the certificates and passwords to prevent the
administrator who makes a password change from gaining access to
them—but this security comes at a cost!
|
You can't access encrypted files because an administrator changed your password
When an
administrator removes or changes the password for your local account,
you no longer have access to your encrypted files and e-mail messages.
That's because your master key, which is needed to unlock your personal
encryption certificate (which, in turn, is needed to unlock your
encrypted files), is encrypted with a hash that includes your password.
When the password changes, the master key is no longer accessible. To
regain access to the master key (and, by extension, your encrypted files
and e-mail messages), change your password back to your old password.
Alternatively, use your password reset disk to change your password.
When you change your own password (through User
Accounts or with your password reset disk), Windows uses your old
password to decrypt the master key and then re-encrypts it with the new
password, so your encrypted files and e-mail messages remain accessible.
|
3. Recovering from a Lost Password
It's bound to happen:
someday when you try to log on to your computer and are faced with the
password prompt, you will draw a blank.
Windows offers two tools that help you to deal with this dilemma:
Password hint
Your hint (if you've created one) appears below the password entry box
after you make an incorrect entry and then click OK. You can create a
hint when you set a password with User Accounts.
Password reset disk
A password reset disk allows you (or anyone with your password reset
disk) to change your password—without needing to know your old password.
As standard practice, each user should create a password reset disk and
keep it in a secure location. Then, if a user forgets the password, he
or she can reset it using the password reset disk.
Note:
You can make a
password reset disk only for your local user account. If your computer
is joined to a domain, you can't create a password reset disk as a back
door to your domain logon password. However, in a domain environment, a
domain administrator can safely reset your password and you'll still
have access to your encrypted files. Also, on a computer joined to a
domain, password hints are never shown, even for local user accounts.
Both solutions require a
little forethought on your part. You must create the hint when you set
your password, and you must create the password reset disk before you
actually need it.
To create a password reset
disk, you'll need to know your current password and you'll need to have
removable media available. (You can use a floppy disk, USB flash drive,
external hard drive, or memory card.) Follow these steps:
Log on using the account for which you want to create a password reset disk.
If you want to use a USB flash drive as a password reset disk, insert it in your computer's USB slot.
In Control Panel, open User Accounts.
In the left pane, click Create A Password Reset Disk to launch the Forgotten Password wizard.
Follow the wizard's instructions.
You can have only one password reset disk for each user account. If you make a new one, the old one is no longer usable.
To use the password reset disk when password amnesia sets in:
On
the logon screen, make an entry in the password box. If you guess
right, you're in! If you're wrong, Windows informs you that the password
is incorrect.
Click OK. The logon screen reappears, but with additional text below the password box.
If the first bit of additional text, your password hint, jogs your memory, enter your password. If not, click Reset Password to open the Password Reset wizard.
The
Password Reset wizard asks for the location of the password reset disk,
reads the encrypted key, and then asks you to set a new password, which
it then uses to log you on. Your password reset disk remains usable for
the next attack of forgetfulness; you don't need to make a new one.
If you can't remember the
password, the hint doesn't refresh your memory, and you don't have a
password reset disk, you're out of luck. An administrator can log on and
change or remove your password for you, but you'll lose access to your
encrypted files and e-mail messages and your stored credentials.
