How to increase the security of your Windows XP Password

Friday, Sep. 29 2006 | Author: Griffith

Today I decided to check out some thebroken video blog episodes, which is co-hosted by Digg.com’s own Kevin Rose. Besides finding the interview with hacker Kevin Mitnick about his life and his days in prison interesting I also discovered a method that hackers can use to crack your Windows XP password and gain access to all your files.

Personally, I don’t have that many files that I’d like to keep hidden and away from hackers, but if you work in a computer company which holds the personal data of various customers, increasing the level of security in your system might be crucial. As thebroken’s episode 3 explains, cracking a Windows password with an LM (Lan Manager) Password is only a matter of following a few steps. Here is the explanation of the vulnerability straight from Microsoft’s mouth:

Instead of storing your user account password in clear-text, Windows generates and stores user account passwords by using two different password representations, generally known as “hashes.” When you set or change the password for a user account to a password that contains fewer than 15 characters, Windows generates both a LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of the password. These hashes are stored in the local Security Accounts Manager (SAM) database or in Active Directory.

The LM hash is relatively weak compared to the NT hash, and it is therefore prone to fast brute force attack. Therefore, you may want to prevent Windows from storing an LM hash of your password. This article describes how to do this so that Windows only stores the stronger NT hash of your password.

In order to prevent Windows from creating an LM hash, on Windows XP or Windows Server 2003 you need to take the following steps:

1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. On the Edit menu, point to New, and then click DWORD Value. 4. Type NoLMHash, and then press ENTER.
5. On the Edit menu, click Modify. 6. Type 1, and then click OK. 7. Restart your computer, and then change your password.

It’s a simple enough solution for something that could compromise your whole system. Another tip you can use to increase the level of security is to change your password frequently. If your system isn’t recording LM hashes of your password, then it will take much more time before a system is breached, however, if you change your password from the first time the hacker accesses your hash to the next time he tries to breach your system, he will have to start over because the hash will be different by then.