Took a forensic image of a laptop.  And then booted it up (http://www.mountimage.com/virtual-forensic-computing-vfc.php) and then realized it had a password on the Vista laptop.  But there on the screen was the Password hint:  “3initials”.  Okay not the person’s initials.  Hmmm… how about the initials of the firm?


Bingo.  That’s what it was.  You know it would have slowed me down a lot more if someone had chosen a long/strong password instead of a short one and a really good hint on the screen. 


I guess I should consider this a bit of a victory however, most of the time the systems I come across have no passwords.  So I guess this is a start in the right direction.


Needless to say though, the password on the laptop would not pass this test:  http://www.microsoft.com/protect/yourself/password/checker.mspx


 

 

2 Responses to Just when I think I’m going to have to haul out the password cracking program….

  1. HandyAndy says:

    hey at least they didn’t put the password in the hint box as some EXPERTS are recomending they do

  2. Jeff Longley says:

    I’d love MS to give us a password policy that analyses your password and sets an expiry date based on its security.

    So have your basic password if you want, just expect to change it every 5 days. The longer and more complex it gets, the longer the expiry.