Breaking into my Friend's Laptop
Published by Peter Mains on September 01, 2009 at 10:01 AM
I got a response to my tweet last night about breaking "into a friend's latop." Now, they gave me their laptop specifically because they were locked out and didn't have the latest password written down. So, I haven't gone rogue and started stealing bank account numbers between contracts.
This is the great mystery to me regarding computer security. Most systems have a mechanism that allows you to login in as an Administrator or "superuser" without a password. I've had to do this on Windows XP (for a college room mate) as well as Ubuntu Linux (for work). Even Vista with its vaunted security has back doors built in. You can promote regular users to Administrator status, erase passwords, and even crack shorter passwords. No 1337 h4x0r skills needed. (Beyond 8 or 9 characters, though, cracking a password can difficult, from what I've seen.)
The thing to keep in mind, though, is that this is a feature, not a bug. For your home system, you're not worried about hackers physically stealing your computer. You're concerned about online attacks. Most of the tools that allow you to recover, erase or bypass password security require physical access to your computer. You insert a "live CD," boot into a Linux variant, and you're on your way. When you accidentally lock yourself out of your system (maybe because you twice mistyped your new password in the same wrong way, as I've done) you're glad these weaknesses exist and that all your files are not irrecoverably lost.
So, moral of the story is, writing down your password may save you a big hassle down the road. If someone is able to dig through your desk drawers to find your password, they can already get into your system. If you're really concerned about prying eyes near your desk, scramble the passowrds with your Batman Decoder Ring, keep the list in your wallet and be done with it.
By the way, if you have these sorts of Vista problems, I recommend "Offline NT Password & Registry Editor."