How secure are passwords in TweakUI autologon?

Discussion in 'Computer Security' started by Franklin, Oct 21, 2004.

  1. Franklin

    Franklin Guest

    In TweakUI for XP there is a section near the end where it will
    automatically enter your password for you when you boot up to save
    you having to log on.

    How secure is this password being kept by TweakUI when compared to
    how securely my XP Pro keeps logon passwords?

    Am I unwise to trust my passwords to TweakUI because it is much
    easier for someone to break into TweakUI's password store than into
    XP's own password store?
    Franklin, Oct 21, 2004
    #1
    1. Advertising

  2. They are not !

    They are Clear Text.

    Dave




    "Franklin" <> wrote in message
    news:1098397381.0KVgoBbDTAug35loyXbVsw@teranews...
    | In TweakUI for XP there is a section near the end where it will
    | automatically enter your password for you when you boot up to save
    | you having to log on.
    |
    | How secure is this password being kept by TweakUI when compared to
    | how securely my XP Pro keeps logon passwords?
    |
    | Am I unwise to trust my passwords to TweakUI because it is much
    | easier for someone to break into TweakUI's password store than into
    | XP's own password store?
    David H. Lipman, Oct 21, 2004
    #2
    1. Advertising

  3. "Franklin" <> wrote in message
    news:1098397381.0KVgoBbDTAug35loyXbVsw@teranews...
    > In TweakUI for XP there is a section near the end where it will
    > automatically enter your password for you when you boot up to save
    > you having to log on.
    >
    > How secure is this password being kept by TweakUI when compared to
    > how securely my XP Pro keeps logon passwords?
    >
    > Am I unwise to trust my passwords to TweakUI because it is much
    > easier for someone to break into TweakUI's password store than into
    > XP's own password store?


    Who cares if they get the password? You might as well leave your password
    blank if you aren't going to be typing it in. (Unless your computer is on a
    network that you don't 100% control.)

    By the way, TweakUI just gives you an easy interface to edit certain parts
    of the registry. It doesn't actually hold values such as your password.
    You can set up an auto-login without using TweakUI.

    Anyway, as mentioned, its not very secure. But then again, once someone has
    physical access to the computer they could get into it anyway, without much
    trouble, regardless of whether a password needs to be typed or not.
    Colin Nash [MVP], Oct 21, 2004
    #3
  4. Franklin

    Vanguardx Guest

    "Franklin" <>
    wrote in news:1098397381.0KVgoBbDTAug35loyXbVsw@teranews:
    > In TweakUI for XP there is a section near the end where it will
    > automatically enter your password for you when you boot up to save
    > you having to log on.
    >
    > How secure is this password being kept by TweakUI when compared to
    > how securely my XP Pro keeps logon passwords?
    >
    > Am I unwise to trust my passwords to TweakUI because it is much
    > easier for someone to break into TweakUI's password store than into
    > XP's own password store?


    Why are you concerned about security? Obviously you want to bypass as
    much security as possible by letting ANYONE to get into your auto-logon
    account - and you're probably doing that with an administrator account,
    too. Even if not auto-logging into an admin account, you are letting
    ANYONE login to the auto-logon account who can then change the password,
    disable auto-logon, and that is no longer an account that you get to use
    anymore.

    --
    _________________________________________________________________
    ******** Post replies to newsgroup - Share with others ********
    Email: lh_811newsATyahooDOTcom and append "=NEWS=" to Subject.
    _________________________________________________________________
    Vanguardx, Oct 22, 2004
    #4
  5. Franklin

    Era Guest

    Vanguardx wrote:
    > "Franklin" <>
    > wrote in news:1098397381.0KVgoBbDTAug35loyXbVsw@teranews:
    >
    >> In TweakUI for XP there is a section near the end where it will
    >> automatically enter your password for you when you boot up to save
    >> you having to log on.
    >>
    >> How secure is this password being kept by TweakUI when compared to
    >> how securely my XP Pro keeps logon passwords?
    >>
    >> Am I unwise to trust my passwords to TweakUI because it is much
    >> easier for someone to break into TweakUI's password store than into
    >> XP's own password store?

    >
    >
    > Why are you concerned about security? Obviously you want to bypass as
    > much security as possible by letting ANYONE to get into your auto-logon
    > account - and you're probably doing that with an administrator account,
    > too. Even if not auto-logging into an admin account, you are letting
    > ANYONE login to the auto-logon account who can then change the password,
    > disable auto-logon, and that is no longer an account that you get to use
    > anymore.
    >


    Can a designated autologon account (eg a basic user account-with no
    admin rights) change password/etc... when the desiganted have NO
    admin/oper rights??????
    Era, Oct 22, 2004
    #5
  6. "Era" <> wrote in message
    news:4178735c$...

    >
    > Can a designated autologon account (eg a basic user account-with no admin
    > rights) change password/etc... when the desiganted have NO admin/oper
    > rights??????


    The account can change its own password... but an admin account could then
    change it back.
    Colin Nash [MVP], Oct 22, 2004
    #6
  7. Franklin wrote:
    > In TweakUI for XP there is a section near the end where it will
    > automatically enter your password for you when you boot up to save
    > you having to log on.
    >
    > How secure is this password being kept by TweakUI when compared to
    > how securely my XP Pro keeps logon passwords?
    >
    > Am I unwise to trust my passwords to TweakUI because it is much
    > easier for someone to break into TweakUI's password store than into
    > XP's own password store?



    Not secure at all. They are stored unencrypted in the registry.
    TweakUI does not have a password store. It simply provides a nice gui
    for twaeking the autologon registry settings, which are under
    HKlocalMachine/software/microsoft/windowsnt/currentversion/netlogon, if
    I recall correctly.
    T. Sean Weintz, Oct 22, 2004
    #7
  8. Franklin

    rsergio

    Joined:
    May 7, 2010
    Messages:
    1
    Hey guys, take a look at the LogonExpert ( logonexpert.com ) tool that encrypts the credentials with AES
    rsergio, May 7, 2010
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim
    Replies:
    1
    Views:
    631
    =?ISO-8859-2?Q?Rafa=B3_=A3o=BFy=F1ski?=
    May 8, 2005
  2. AV

    Secure passwords?

    AV, Nov 30, 2005, in forum: Computer Security
    Replies:
    46
    Views:
    1,631
    Juergen Nieveler
    Dec 16, 2005
  3. Replies:
    0
    Views:
    587
  4. Replies:
    0
    Views:
    665
  5. Pepijn Schmitz
    Replies:
    3
    Views:
    1,046
    VanguardLH
    Jun 7, 2009
Loading...

Share This Page