66

I'm used to logging into my personal Mac which is a password-only field (like waking from sleep mode). Sometimes I have to use a Windows network on which I have an account, but of course I have to type my username first. Still, going right into my password is a natural habit.

In a careless moment recently, I woke a machine on that Windows network and, by habit, typed my password and hit enter. It actually put it into the username field.

I've changed my password since then, but was the old password compromised? How does Windows (7) handle such a login? Does it actually send the username out even though no password was supplied, or even log the event?

Adi
  • 43,808
  • 16
  • 135
  • 167
Matt
  • 3,192
  • 2
  • 21
  • 26

1 Answers1

69

If you have access, check the Security Event logs: eventvwr.msc .

Look for failed logon events and you will see your password as an unknown user account if the logging is set up to record those kinds of events.

EDIT

I just tested this on Win7 SP1. It requires that Failure Auditing is enabled. I tried to log in with a bogus username, and this was the result:

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       **PASSWORD!** [emphasis mine]
    Account Domain:     HOME

So, if failure auditing is in place, then mistyping your password in the username field exposes your password to those who have access to the logs.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Thanks Schroeder. I logged on today and was able to pull up the Event Viewer, but permissions were denied into the security events. I do suppose it was logged, though. Thanks for your experiment; I didn't know that before! – Matt May 14 '12 at 14:36