Is it just me or are logon passwords worthless?

  Ben Avery 12:46 28 Jan 2004

Maybe I'm barking up the wrong tree here, but I upgraded my HDD to a 60GB one some time ago and placed the old one (with windows still installed) into a USB2 external casing to later be wiped and used as portable storage.

Now maybe it's just me but I'm pretty sure that I had a logon password on that old drive and windows installation, and for obvious reasons, if that said password was forgotton, you would be unable to boot into the OS (Win 2k).

However, as the drive is now a SLAVE drive in a USB2 casing, the entire structure of windows 2k on the old drive is still visable, albeit as a seperate HDD number, in my WinXP OS on the new HDD.

Doesn't this defeat the whole object of a logon password, if all somebody needs to do is remove the drive, place it in a casing and scroll through the old HDD, removing any documents/files as you go???


  Chegs ® 12:48 28 Jan 2004

Or use a floppy,then you can bypass most things password. :-)

  Ben Avery 12:48 28 Jan 2004

just re-read that, made about as much sense as an inflight magasine produced by Air Belgium...

...what I'm trying to say in simple terms is that, when a HDD is removed and setup as an eternal drive, the files are all accessible without needing a logon password like when you boot up.

That's better!


  Chegs ® 12:54 28 Jan 2004

If you wanted to make these files harder to access,then try using an encryption app on them.(such as The Lock,available from a PCA member,Martins Online is his moniker)click here

  Ben Avery 13:13 28 Jan 2004

I'm not worried about the files on the HDD at all, as I stated it's just my old operating system and I have no real files which are private on there.

All I was trying to emphasize is what appears to me to be a HUGE security flaw in windows.

Is this correct?


  spikeychris 13:24 28 Jan 2004

Not only is it true Ben, but if you install the drive as slave, as you have, then you can also reset the password on the slave drive and bingo. Its just a case of rummaging for the SAM files in %systemroot%.

Obviously theres a bit more to it but you never know whose looking :o)

  Ben Avery 13:33 28 Jan 2004

Because if so, it means that anybody can opena PC which contains private files, remove the HDD, stick it into their own PC, copy the drives files onto their own HDD and bingo, bye bye privacy!

What's even better, is that you can then stick the HDD back and the person who's files you've slolen would be none the wiser.

Something which needs to be seriously addressed if you ask me. It seems in essence to be far too simply in operation but if it's really IS that simple then I cannot see how this has been overlooked by the Mighty Microsoft?

What a waste of time!

Be warned everybody, your PC is NOT as safe as you may have previously thought! Unless somebody can find the loophole?


  Ben Avery 13:35 28 Jan 2004

...that should've read, "What's even WORSE", it almost sounds like I'm condoning it that way! Sorry, not intentional, jsut wanted to make you aware of a seemingly obvious threat.


  spikeychris 14:03 28 Jan 2004

Ben, Windows is not a secure environment. 9x didn't even pretend to be and 2K NT XP etc are so easily bypassed.

Third party tools that lock down drives and encryption are the only way of protecting data. If you install the drive as slave your not booting from it so its just another drive as far as Windows knows.

  Ben Avery 14:08 28 Jan 2004

From The Microsoft Windows XP site

"Designed for businesses of all sizes and for home users who demand the most from their computing experience. Windows XP Professional delivers...premier security and privacy features"

Yeah right!


  Ben Avery 14:11 28 Jan 2004

That is "premier security" that can be bypassed with a phillips head screwdriver and a 2nd PC.

Sorry, rant over - will tick as resolved now.


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?