• If you do not offer any file/print services (e.g. if you have a firewall with no exceptions or have disabled the service) then login passwords will only work for "console" logins -- ie. physical access is required.

• Beware, when your laptop is stolen:
  • The bad guy can attack the "Administrator" login at their leisure (a "system" ("BIOS" or "boot") password helps). However, they can remove the physical media and attach it to another system where they can ....
  • The bad guy can crack crypted passwords stored in the SAM database. Complex passwords are required, dumb passwords are trivial to crack.
  • The bad guy can find any passwords stored on the filing system in clear text -- that's why "encryption" is important.
  • The bad guy can glean all sorts of information from clear text -- mail folders, web cache, web history, auto-fill forms, saved passwords, etc.
  • With physical access to your computer a bad buy can boot a Linux based CD, or BartPE Windws CD, to get full access to your hard drive. And there are tools like chntpw (a bootable Linux) to change the Administrator's password.

• People tend to reuse the same passwords. Make your laptop password unique, complex and very hard to crack. Don't write your password down and store it with your computer!!

Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070

Contact Us | Give Us Feedback | Privacy Statement