• We've upgraded our forums. Please post any issues/requests in this thread.

Password Security The Windows 8 Way

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,546 (3.98/day)
Likes
8,052
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#1
Windows 8 implements a radical new user interface called Metro for desktop PC's, which has so far received a mixed reception. However, there's many other changes under the hood and one of those is how password security is handled, which we look at here. It's a fact of life, that in today's modern world, we have to remember a plethora of passwords and PIN's, which can be daunting. This leads to security issues as users end up writing down passwords and/or create very insecure ones which can be easily guessed. Windows 8 aims to uphold strong password security, while at the same time, easing the burden on the user. Also, passwords can be obtained in various ways by miscreants, such as phishing, keylogging, guessing, and cracking. Windows addresses each of these problems in three main ways:

Show full news post
 
Last edited:
Joined
Jun 3, 2007
Messages
22,398 (5.83/day)
Likes
8,921
Location
'Merica. The Great SOUTH!
System Name The Mailbox 4.5
Processor Intel i7 2600k @ 4.2GHz
Motherboard Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling Scythe Katana 4
Memory G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz
Storage 256Gb M4 SSD, 500Gb WD (7200) 128Gb Agelity 4 SSD
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080
Case Cooler Master 922 HAF
Audio Device(s) SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) and a Wacom Intuos 4 tablet.
Keyboard Razer BlackWidow
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
#2
Much better Qubit. Bravo.

As for you fears all you have to do is look at
"3C: Two factor authentication: you can prove that you're the rightful owner of an account by linking it to a mobile phone or email address"

This is how google mail works. When they hack and reroute my home phone THEN Ill worry. Until then Windows 8 sounds more secure then anything else we have used thus far........except maybe linux lol
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,546 (3.98/day)
Likes
8,052
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#3
Thanks, MM :toast:

Indeed that two-factor authentication is excellent, which is why I didn't flag it up in my analysis of potential problems.
 

Kreij

Senior Monkey Moderator
Staff member
Joined
Feb 6, 2007
Messages
13,817 (3.49/day)
Likes
5,524
Location
Cheeseland (Wisconsin, USA)
Processor Intel Core 2 Quad QX9650 Extreme @ 3.0 GHz
Motherboard Asus Rampage Formula
Cooling ZeroTherm Nirvana NV120 Premium
Memory 8GB (4 x 2GB) Corsair Dominator PC2-8500
Video Card(s) 2 x Sapphire Radeon HD6970
Storage 2 x Seagate Barracuda 320GB in RAID 0
Display(s) Dell 3007WFP 30" LCD (2560 x 1600)
Case Thermaltake Armor w/ 250mm Side Fan
Audio Device(s) SupremeFX 8ch Audio
Power Supply Thermaltake Toughpower 750W Modular
Software Win8 Pro x64 / Cat 12.10
#4
Nice analysis.

2B: Sync passwords: you have 100 logins stored on your home PC, but are now using your friend's PC and can't get to them – very inconvenient. Windows 8 uses Windows Live to allow password synchronization between the two PC's – assuming the second PC is trusted.
3B: Reset from another PC: you can reset your password from any PC using Windows Live.
Without more details this seems somewhat questionable.
 
Joined
Dec 8, 2008
Messages
1,334 (0.41/day)
Likes
163
#5
2a: it's just making password manager part of the the os. Nothing new or dangerous. FOSS DEs had them for years.
 
Joined
Jul 20, 2008
Messages
4,016 (1.17/day)
Likes
900
Location
Ohio
System Name Desktop|| Virtual Host 0
Processor Intel Core i5 2500-K @ 4.3ghz || 2x Xeon L5630 (total 8 cores, 16 threads)
Motherboard ASUS P8Z68-V || Dell PowerEdge R710 (Intel 5520 chipset)
Cooling Corsair Hydro H100 || Stock hotplug fans and passive heatsinks
Memory 4x4gb Corsair Vengeance DDR3 1600 || 12x4gb Hynix DDR3 1066 FB-DIMMs
Video Card(s) MSI GTX 760 Gaming Twin Frozr 4GB OC || Don't know, don't care
Storage Hitachi 7K3000 2TB || 6x300gb 15k rpm SAS internal hotswap, 12x3tb Seagate NAS drives in enclosure
Display(s) ViewSonic VA2349S || remote iDRAC KVM console
Case Antec P280 || Dell PowerEdge R710
Audio Device(s) HRT MusicStreamer II+ and Focusrite Scarlett 18i8 || Don't know, don't care
Power Supply SeaSonic X650 Gold || 2x870w hot-swappable
Mouse Logitech G500 || remote iDRAC KVM console
Keyboard Logitech G510 || remote iDRAC KVM console
Software Win7 Ultimate x64 || VMware vSphere 6.0 with vCenter Server 6.0
Benchmark Scores Over 9000 on the scouter
#6
Great analysis, I completely agree on all the points. I'd also like to add that it's not a good idea for anybody to rely exclusively on USB recovery, because the USB device could be lost or stolen.
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,546 (3.98/day)
Likes
8,052
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#7
Joined
Mar 26, 2008
Messages
1,874 (0.53/day)
Likes
334
Location
Cobourg,Ontario
System Name FX CrossFireX
Processor AMD FX™ 8370 @Stock
Motherboard GA-990FXA-UD5 (rev. 3.1
Cooling Noctua NH-D15 the BEAST
Memory AMD Radeon™ R5 Entertainment Series 16GB (2x8GB) DDR3-1600 MHz CL11 Part Number: R5316G1601U2K-G T
Video Card(s) MSI Gaming R9 390
Storage x3 Seagates 1Terabyte X1 Seagate 2Terabyte <Steam Install
Display(s) 40 Inch Samsung HDTV (monitor)
Case HAF-X:)
Audio Device(s) AMD/HDMI to Onkyo HT-R508 Receiver
Power Supply EVGA SuperNOVA 1000 G2 Power Supply
Software Windows 10 Pro X64
#8
Nice analysis.




Without more details this seems somewhat questionable.
You need a live account to log in to win8 at least it is now in the DP version.

Also the Microsoft Security Essentials will be a bootable from USB stick in Win8 too.So you have a clean (just update it on the usb)version if at all Win8 gets infected...there was a Win7 ver in beta for download ...will look Well it is Windows Defender ...Here is the link.http://windows.microsoft.com/en-US/windows/windows-defender-offline-faqdownload here 32bit and 64bit http://connect.microsoft.com/systemsweeper
 
Last edited:
Joined
Oct 2, 2004
Messages
12,351 (2.56/day)
Likes
5,809
Location
Europe\Slovenia
System Name Dark Silence 2
Processor Intel Core i7 5820K @ 4.5 GHz (1.15V)
Motherboard MSI X99A Gaming 7
Cooling Cooler Master Nepton 120XL
Memory 32 GB DDR4 Kingston HyperX Fury 2400 MHz @ 2666 MHz 15-15-15-32 1T (1.25V)
Video Card(s) AORUS GeForce GTX 1080Ti 11GB (1950/11000 OC Mode)
Storage Samsung 850 Pro 2TB SSD (3D V-NAND)
Display(s) ASUS VG248QE 144Hz 1ms (DisplayPort)
Case Corsair Carbide 330R Titanium
Audio Device(s) Creative Sound BlasterX AE-5 + Altec Lansing MX5021 (HiFi capacitors and OPAMP upgrade)
Power Supply BeQuiet! Dark Power Pro 11 750W
Mouse Logitech G502 Proteus Spectrum
Keyboard Cherry Stream XT Black
Software Windows 10 Pro 64-bit (Fall Creators Update)
#9
Though time will tell. Google's implementation of two step authentication was pain in the rear at first but they sort of worked it out now. I still miss SMS verification for every account settings entry but they apparently think that's not necessary. Because now, once verified, anyone can just log in and change the very critical phone number that does the verification and Google doesn't even bother to notify the previous number owner if he allows the modification. I hope Microsoft will think of such things as well...
 

Paulieg

The Mad Moderator
Joined
Feb 19, 2007
Messages
11,960 (3.03/day)
Likes
2,846
Location
Wherever I can find the iron.
Processor Haswell i7 4770K
Motherboard Gigabyte z79 UD5H Black Edition
Cooling Cryorig R1 Ultimate
Memory Gskill Trident DDR3 2400
Video Card(s) Asus 7970 Direct CU II
Storage Kingston Hyper Fury 240 SSD/ WD Black 640GB
Case Fractal Design R5
Power Supply XFX 650w
Software Win 7/Win 10 Tech preview
#10
Much better format, Q. Allows a reader to read the facts, then choose whether or not they want your thoughts on the matter. ;)
 
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#11
much better format, q. Allows a reader to read the facts, then choose whether or not they want your thoughts on the matter. ;)
+1!
 

brandonwh64

Addicted to Bacon and StarCrunches!!!
Joined
Sep 6, 2009
Messages
19,516 (6.47/day)
Likes
6,936
Location
Chatsworth, GA
System Name The StarCrunch Defender! | X58 Cruncher!
Processor I7 6700K @ STOCK | Intel I7-920
Motherboard Gigabyte Z170X-UD5 | Alienware MS-7543 X58
Cooling Corsair A70 Push/Pull | Corsair H50
Memory Crucial Ballistix DDR4 2400 MHz | Pereema 3x2GB DDR3
Video Card(s) Gigabyte Gaming G1 GTX 1070 | Gigabyte 7970 3GB
Storage 2x Samsung Pro 256GB M.2 SSD's in Raid 0 | 4TB Western Digital SATA drive
Display(s) ViewSonic VG2227wm 1080P | OLD viewsonics
Case NZXT Tempest 410 Elite | NZXT Source 210
Audio Device(s) Onboard
Power Supply Corsair 750TX | Enermax Liberty 500W
Mouse MX518 | MX502
Keyboard TESORO Mechanical | ANZO Mechanical
Software Windows 10 Pro on both
#12
Much better Qubit. Bravo.

As for you fears all you have to do is look at
"3C: Two factor authentication: you can prove that you're the rightful owner of an account by linking it to a mobile phone or email address"

This is how google mail works. When they hack and reroute my home phone THEN Ill worry. Until then Windows 8 sounds more secure then anything else we have used thus far........except maybe linux lol
I dont think they can reroute unless they physically have your phone to verify the move right?
 
Joined
Feb 6, 2007
Messages
2,576 (0.65/day)
Likes
510
Processor Mysterious Engineering Prototype
Motherboard Intel 865
Cooling Custom block made in workshop
Memory Corsair XMS 2GB
Video Card(s) FireGL X3-256
Display(s) 1600x1200 SyncMaster x 2 = 3200x1200
Software Windows 2003
#13
It might be short, but you put a lot of time into it. Thanks for the NEWS and concise ANALYSIS