Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to secure Windows login?


  • Please log in to reply
12 replies to this topic

#1 CaveStoryKing64

CaveStoryKing64

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 20 December 2016 - 03:15 PM

Hello! I am very concerned about the security of the Windows login. I know that is not very secure, and can be bypassed if you put in a special CD and reboot. Upon reboot, however, if I have encryption, it will ask them for the decryption key, right? So, I should be able to just do Windows key + L and secure it. (I have a very secure passphrase made with diceware that I use nowhere else, and I don't want to have to turn off the computer every time I leave.)

 

I also use a randomly generated (from random.org) 4-digit PIN for fast access so I don't have to type out my entire passphrase each time I want to sign-in. After 4 incorrect attempts, this is disabled and I have to enter my regular passphrase (it has infinite tries.)

Are there any methods in which these can be bypassed without restarting? Thanks!

 

Now, here are my requirements for encryption software. I was originally just going to use Syskey/BIOS Password, but these don't seem very secure either. So, here are my requirements:

 

Encryption Requirements:

Must work for Windows 8.1 (what I use)

Must be open-source

Must be regularly updated.

 

Sorry for the lengthy post, and thanks!

:thumbup2:

 

PS:

Since I use a Microsoft account for my Windows login, and am paranoid, I assume that Microsoft has my passphrase on their servers. Because of this, I want to make a local account but keep all of the data that is in the Microsoft-linked account that I am currently using. Is there any way to do so? Thanks!

:) 


Edited by CaveStoryKing64, 20 December 2016 - 03:24 PM.


BC AdBot (Login to Remove)

 


#2 MDD1963

MDD1963

  • Members
  • 699 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 21 December 2016 - 07:59 PM

If you bitlocker your drive, you should be protected against pretty much all but determined/skilled nation-states!


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#3 CaveStoryKing64

CaveStoryKing64
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 21 December 2016 - 11:30 PM

If you bitlocker your drive, you should be protected against pretty much all but determined/skilled nation-states!

Yes, BitLocker seems very good, but I do not want to pay $100 for the Professional version of Windows 8.1, and it is not open-source. Thanks for the suggestion, though!



#4 CaveStoryKing64

CaveStoryKing64
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 22 December 2016 - 01:28 PM

Well, I recently found out about an exploit that doesn't require a reboot:

Here:

https://room362.com/post/2016/snagging-creds-from-locked-machines/

 

It doesn't say that it was tested on Windows 8.1, so hopefully I'm safe. Do you guys know if Microsoft has fixed this or not, and is there a way to fix it? Also, I found out how to use a local account instead. For anyone wondering, you do:

PC Settings > Accounts > Disconnect. Then, at the top it will have your email address, and below that, disconnect, click on it, and i will prompt you to choose a new password. Ta-da! Done. The only downside is that you cannot download apps from the store or use their cloud services, both of which I hardly ever use anyway. If you do use them occasionally, you can just disconnect and reconnect as needed.

 

 

 

EDIT: I think this only applies for Microsoft-linked and enterprise accounts. (i.e., any internet-connected account, which I have disabled!)


Edited by CaveStoryKing64, 22 December 2016 - 04:12 PM.


#5 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 AM

Posted 22 December 2016 - 02:56 PM

Hello! I am ....and am paranoid,

 Thanks!

:)

I would advise you to visit a psychiatrist because of paranoid behavior is a progressive disease.



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 22 December 2016 - 03:32 PM

I think only VeraCrypt meets your requirements: https://veracrypt.codeplex.com/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 CaveStoryKing64

CaveStoryKing64
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 22 December 2016 - 04:10 PM

 

Hello! I am ....and am paranoid,

 Thanks!

:)

I would advise you to visit a psychiatrist because of paranoid behavior is a progressive disease.

 

Don't worry, it was a joke, I am not actually paranoid. I'm just really afraid of hackers, since there are machines that can literally try almost a billion passwords a second. And many websites (I'm looking at you, Yahoo.) store passwords in plain text, so when they are hacked, everyone's passwords can be seen. Sometimes, these aren't even posted on the Dark Net, but publicly online, where everyone can see. I use a password manager, and two-step verification, and this is about my last step of securing everything. Let me say, it wasn't as hard as everyone makes it out to be.


I think only VeraCrypt meets your requirements: https://veracrypt.codeplex.com/

Thanks! I will use check out VeraCrypt and tell you what I think!



#8 CaveStoryKing64

CaveStoryKing64
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 30 January 2017 - 09:11 PM

I tried to use VeraCrypt, and before encrypting, it asked me to test boot up before it encrypted the drive. I did, and it gave me this. I have done this about 5 times.

 

The method of encryption I used: https://mega.nz/#!UtAH3SDQ!HXe5KUfnDj29QaVTxPgBx4DOUQFvc5D8MKIYySjPYpY

Boot-up error: https://mega.nz/#!N1QQTCQI!AP68dofKgHPMukmU5blBTEM47Njrp0oqByX0omEA2Cs

Boot-up mode I selected: https://mega.nz/#!x9hXiCbZ!Tfd8YPWEDJWmVqoqJL6C0tMLCoPRf6raywAV1VXdXlE

 

After doing this, it, it gave me a message saying that it failed, and asked me if I would like to try again. I did not get a photo of this. I said yes to testing for about 5 times. 

 

Did I set it up wrong? Thanks!



#9 MDD1963

MDD1963

  • Members
  • 699 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 05 February 2017 - 07:53 AM

Might need to disable UEFI in your BIOS (AHCI vs. UEFI, typically?) to give complete access to your current storage...

 

Make sure you have a good backup image before you start this...assuming the system still boots normally now.


Asus Z270A Prime/7700K/32 GB DDR4-3200/GTX1060


#10 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,437 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:12 PM

Posted 09 February 2017 - 01:12 PM

If I understand the section of video about the LAN Turtle correctly, it needs to be connected into the machine to be attacked. If an attacker has physical access to a computer, no computer can be considered secure.

 

Chris Cosgrove



#11 IDNeon

IDNeon

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 10 February 2017 - 04:30 PM

OP asked are there methods to bypass the 4-try limit?

Yes.

You make an image of the state of the machine and you duplicate it as many times as you want and you try 4 times on each virtual image.

As for something to think about.  A forensics expert can take the RAM of  your machine, freeze it, run a current through it and extract the last state of the memory before it was powered off.  This saves ALL the credentials used during that last-state.  So you can extract all credentials from the memory via this method.  It requires an algorithm to single out the credentials from the bits, but that's all been worked out.  Probably not something you can download off the internet.



#12 CaveStoryKing64

CaveStoryKing64
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 AM

Posted 11 February 2017 - 03:26 AM

Might need to disable UEFI in your BIOS (AHCI vs. UEFI, typically?) to give complete access to your current storage...

 

Make sure you have a good backup image before you start this...assuming the system still boots normally now.

How do I disable that? Also, when I make a backup, I usually just make a backup of AppData, Documents, Pictures, and other important files before I reinstall windows. Is that method fine, or do I need to backup the entire system? If something were to go wrong, how would I restore? Thank you!

 

OP asked are there methods to bypass the 4-try limit?

Yes.

You make an image of the state of the machine and you duplicate it as many times as you want and you try 4 times on each virtual image.

As for something to think about.  A forensics expert can take the RAM of  your machine, freeze it, run a current through it and extract the last state of the memory before it was powered off.  This saves ALL the credentials used during that last-state.  So you can extract all credentials from the memory via this method.  It requires an algorithm to single out the credentials from the bits, but that's all been worked out.  Probably not something you can download off the internet.

As for the first one, I believe that that would require the Virtual Machines to boot up, which would cause the VeraCrypt passphrase prompt to pop up. Thank you for telling me that, though. As for the second one, I was aware of that, and I think it is very clever. However, I think that it is sophisticated enough where I do not need to worry about it, and like you said, it's probably not something you can just download off of the internet.



#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 12 February 2017 - 03:17 AM

This is known as the cold boot attack. https://en.wikipedia.org/wiki/Cold_boot_attack

 

There are mitigations, also mentioned in the Wikipedia entry.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users