I've often noted that, when it comes to data security, password-protection cannot hold a candle to data encryption like AlertBoot. This was reinforced to me today while I was going through a PC Magazine article, "Computer Tools: Your At-Home IT Toolkit."
One of the toolkits listed is the "Offline NT Password & Registry Editor," a free to use program that will let you reset a password if "you forget the all important administrative password for your PC." Let me repeat that. It allows you to reset the password for what you mistakenly think is some kind of protective measure to keep the bad guys from stealing data in your computer. And it does it for free. And it actually works on NT, XP, Vista, and Windows 7. And it's free. And you don't really have to do much but pop a burnt-in copy of the software into the computer's loading tray: "You boot it from a CD and it will auto-detect other accounts and offer to reset them, whether for other users or the admin." And it's free. Did I mention it's free? I did? Good, because the last barrier to using it--price--has been eliminated. There are other methods of bypassing the Windows password-prompt which require a little elbow-grease, but a free program that pretty much does all the thinking for you blows everything else out of the water.
One of the toolkits listed is the "Offline NT Password & Registry Editor," a free to use program that will let you reset a password if "you forget the all important administrative password for your PC."
Let me repeat that. It allows you to reset the password for what you mistakenly think is some kind of protective measure to keep the bad guys from stealing data in your computer. And it does it for free. And it actually works on NT, XP, Vista, and Windows 7. And it's free. And you don't really have to do much but pop a burnt-in copy of the software into the computer's loading tray: "You boot it from a CD and it will auto-detect other accounts and offer to reset them, whether for other users or the admin." And it's free.
Did I mention it's free? I did? Good, because the last barrier to using it--price--has been eliminated.
There are other methods of bypassing the Windows password-prompt which require a little elbow-grease, but a free program that pretty much does all the thinking for you blows everything else out of the water.
If you click on the title right above, you'll see what I've written a couple of years ago on the subject, which I reproduce below. On password-protection: The real-world counterpart for password protection is hiding stuff beneath your mattress. Now you understand why data security professionals tear their hair out whenever they read that something was password protected. The game's over if someone decides to look under the mattress. On encryption: A process for keeping data secret. The only way it to unearth the secret is to provide the correct key. I won’t go into the details of how it works, but essentially it will take an entry like “keep this a secret, OK?” and turn it into “wKsn a@kn q si1n,z$ !nZ.” Provide the key, and that crazy jumble of words, numbers, and symbols will turn back into the original text. Modern strong encryption is so advanced that, if someone were to try every combination possible to crack the crazy jumble, they’d have to take all the computers in the world (including supercomputers) we have now and run them for centuries to take a guess at what the jumble means. What I should add to the above is that, because both password-protection and encryption require the use of a username and password, a lot of people confuse the one with the other. But, the difference between them is night and day Is encryption really that powerful? Consider the recent news that the governments of India and Saudi Arabia would shut down BlackBerry traffic because their intelligence communities cannot gain access to encrypted information in the BlackBerry's networks. Do you really think that they would go to such lengths if breaking encryption was as simple as downloading free software and running it, as found in certain "security" practices? Plus, consider this law in the UK, where it's illegal to keep your password to encrypted information from the police. Punishment is up to 5 years if you won't cooperate in revealing your password. If password-protection is as effective as encryption, where are the governments clamoring for more access to such "protected" data? There aren't any because password-protection can hardly be called protection.
If you click on the title right above, you'll see what I've written a couple of years ago on the subject, which I reproduce below. On password-protection:
The real-world counterpart for password protection is hiding stuff beneath your mattress. Now you understand why data security professionals tear their hair out whenever they read that something was password protected. The game's over if someone decides to look under the mattress.
On encryption:
A process for keeping data secret. The only way it to unearth the secret is to provide the correct key. I won’t go into the details of how it works, but essentially it will take an entry like “keep this a secret, OK?” and turn it into “wKsn a@kn q si1n,z$ !nZ.” Provide the key, and that crazy jumble of words, numbers, and symbols will turn back into the original text. Modern strong encryption is so advanced that, if someone were to try every combination possible to crack the crazy jumble, they’d have to take all the computers in the world (including supercomputers) we have now and run them for centuries to take a guess at what the jumble means.
What I should add to the above is that, because both password-protection and encryption require the use of a username and password, a lot of people confuse the one with the other. But, the difference between them is night and day
Is encryption really that powerful? Consider the recent news that the governments of India and Saudi Arabia would shut down BlackBerry traffic because their intelligence communities cannot gain access to encrypted information in the BlackBerry's networks. Do you really think that they would go to such lengths if breaking encryption was as simple as downloading free software and running it, as found in certain "security" practices?
Plus, consider this law in the UK, where it's illegal to keep your password to encrypted information from the police. Punishment is up to 5 years if you won't cooperate in revealing your password. If password-protection is as effective as encryption, where are the governments clamoring for more access to such "protected" data?
There aren't any because password-protection can hardly be called protection.
Related Articles and Sites:http://www.pcmag.com/slideshow_viewer/0,1205,l%253D253601%2526a%253D253597%2526po%253D0,00.asp?p=nhttp://pogostick.net/~pnh/ntpasswd/