How to prevent my operating system from extracting password dumps?

There were many tools like mimikatz which extracts passwords from memory and display as plain text [working at windows 10 too :(] ,

is it there any reliable way to hide passwords from tools which fetch dumps from memory,

Preventing execution of such tools were one kind of solutions other than that any other configuration way ?

Before asking over here : the following work i did for studying how it extracts :

The key feature of this tool that sets it apart from other tools is its ability to pull plain-text passwords from the system instead of just password hashes. If your intention is to stay within the Windows environment and pass the hash this may not be that big of a deal. However, if you are exploring the curious case of password reuse across different environments—the plain-text password can be quite useful The architecture was as follows :

is it possible to detect mimikatz while executing ?or any other machine side tweak to prevent this kind of attacks?

BlueBerry - Vignesh4303

Posted 2015-09-11T05:12:34.737

Reputation: 7 221

OTP, One time passwords expire after each use and in seconds so it limits your exposure. That limits risk quite a bit. Yubikey and others offer solutions. – StackAbstraction – 2015-09-11T05:21:43.887

@StackAbstraction but otp cant be set for user accounts,is it there any way to set otp for windows accounts,even if we set the otp its extracting from memory ,so there were less chances of securing it right?kindly correct me if my statement was wrong – BlueBerry - Vignesh4303 – 2015-09-11T05:24:23.730

Yes you can Yubikey and google authenticator are supported Google Authenticator OTP for Windows Login Rohos paid Other options available if you search

– StackAbstraction – 2015-09-11T05:27:52.790

Answers

I don't think so.

If you've got rogue programs running on your computer, especially if they're running with "root" access, I doubt there's anything you can really do to stop them from stealing your passwords or doing whatever they want.

If the programs you're entering passwords/passphrases into were to wipe their ram afterwards it might help, but ram could be swapped to disk at any moment, I read somewhere that could possibly happen even if the program tells the OS not to.

To really protect your passphrases, don't use them on computers running suspect programs. And be diligent about using all the regular boring "safe computing" tips like keep the OS & software updated, don't run untrusted programs, don't keep passphrases in plaintext files or on post-it notes next to the computer, maintain physical security of your computer, don't let strangers or "frenemies" play with it.

Xen2050

Posted 2015-09-11T05:12:34.737

Reputation: 12 097

preventing from running as administrator was a solution at local machine,but how about some metasploit payload attacks which cant be prevented – BlueBerry - Vignesh4303 – 2015-09-11T06:26:50.613

Run risky activities or unknown websites in isolated virtual machines. (air gapped networks are better but much less convenient) Qubes has a security by VM isolation approach that you may like. Even network drivers are isolated from the rest of the system. – StackAbstraction – 2015-09-11T19:40:25.307

@StackAbstraction There is a risk of "virtual machine escape" that I'd last read was largely theoretical, but appears more real lately; The VENOM "virtual machine escape" bug - what you need to know

– Xen2050 – 2015-09-16T23:28:38.353