Is it possible to dump Windows passwords on a locked PC?

1

I want to have a really strong password as my Administrator password. Say ... if I lock down my PC with WIN+L (logout). Will anyone be able to get my password somehow with a USB device, for example? Can I use the password which I use at other places too?

(The hard drive is encrypted, so I doubt the people could get it any other way. Also, any more sophisticated attack which would require severe computer skills are out of league. The people I work with are not that good.)

Apache

Posted 2012-03-08T01:03:53.380

Reputation: 14 755

Answers

2

There are known I/O port and card slot based DMA exploits that allow an attacking device to freely read and/or write system memory. I don't know if these security holes have been patched in Windows 7. (And of course I don't know if your system has the vulnerable slots and ports in question.)

Kyle Jones

Posted 2012-03-08T01:03:53.380

Reputation: 5 706

0

Since your computer is still turned on, the RAM is holding the necessary information to decrypt the data on your computer. This is the nature of volatile memory. Computers that sleep or remain turned on will have this issue. It is a problem and security hole in encrypted drives. Someone could potentially reboot the machine and then use a USB stick to boot a LiveCD and then access your information. To further protect yourself, put a password on the BIOS and don't allow booting from CD/USB.

kobaltz

Posted 2012-03-08T01:03:53.380

Reputation: 14 361

Bios setting can be reset with jumper or remove battery. You should also lock your computer case to prevent physical contact with hardware component. – chmod – 2012-03-08T06:19:45.283

0

Yes, You could get at passwords the technological way, but consider the more physical aspects of password security, especially around people who are "not that good"...

  1. Don't use the same password for everything. (Ever. especially if you care about your security.)
  2. Look our for keyloggers (Physical; USB, PS2 and the software kind.)
  3. Don't let someone socially engineer the password or "shoulder-surf" the password by literally looking at your keyboard as you type.

thank you @jeff-Atwood and XKCD. http://www.codinghorror.com/blog/2011/09/cutting-the-gordian-knot-of-web-identity.html

http://imgs.xkcd.com/comics/password_strength.png

G Koe

Posted 2012-03-08T01:03:53.380

Reputation: 4 333

I have a very strong password which I use as my TC password too. That's why it would be easier to have one pw instead of two. That's why I'm concerned about it. – Apache – 2012-03-08T01:16:24.860

then change it, and change it regularly. – G Koe – 2012-03-08T01:18:49.513

1Added some for your enjoyment. – G Koe – 2012-03-08T01:22:40.617

Asked: 2012-03-08T01:03:53.380

Viewed: 215 times

Active: 2012-03-08T04:25:31.433