George wants to know of a way to use his computer without having to use a password or user name because he keeps forgetting them. Leo says that passwords don't work. We have to remember them, so we tend to make weak passwords and use them on multiple sites. Steve Gibson has an idea called SQRL (Secure, Quick, Reliable Log In). The idea being that a smartphone app will automatically authenicate using a QR code so it just lets the user right in. Great idea, but behind the scenes it's a lot more complicated than that.
Mike wants to know about passwords and how often he should change the ones on his computer. Leo says that local passwords, like for logging into his laptop aren't that big of a deal. Someone would have to have physical access to the computer and a lot of time to crack it. So that's not really the one to worry about. It's the passwords online, and even then, those passwords are encrypted. Those who change passwords a lot are those who have passwords that are shamefully easy to guess.
Alan inherited an IT job and the previous person didn't leave documentation on how to access the hard drives. He tried a password recovery tool, but it didn't help. Is there a way?
Leo says that passwords are crackable if he has physical access to the machine. LophtCrack is one such utility. PogoStick is a popular one with the chatroom. There's also KON-Boot, which is a Windows bypass tool.
A recent article in the New York Times suggests that there may be some very deep meanings behind the passwords we create. The author of the article, Ian Urbina, got people to talk about their passwords and learned the stories behind them.
The Secret Life of Passwords (NY Times)…
Max found out that someone connected to his Wi-Fi network, which concerns him because he has a login key to prevent it. Leo says that Google backs up Wi-Fi passwords and other settings to its servers unless he disables it. It's meant for convenience, but it does mean that Google knows his Wi-Fi password. It's not likely that Google would do anything with it, though. It is important to note though that it would have to be stored unencrypted. But it's not really that much of a concern. It's more likely that someone got in with a brute force attack.
Kal took Leo's advice and created a second user account for his wife, so she wouldn't be using the administrator account for day to day use. But then he lost the administrator password. Leo says there are bootable discs that he can use to reset the password. Here's a support document from Microsoft that will help him reset the password. He can use another computer to create this disc.
Tom's iPhone 6 Plus keeps asking for his voicemail password. Is that a new feature in iOS 8? Leo says no. It's probably what the carrier is requiring. If he can't remember it, Leo advises calling up AT&T to have them reset it. And if he uses second factor authentication, it'll protect him from someone hacking his voicemail.
"The Old Geek in the Bronx" has an issue with a computer repair that the Geek Squad did, where they password protected the hard drive preventing access to the system. The Geek Squad denies they did it! Leo says that searching for "cracking a locked hard drive" on Google, he can find some solutions. Dell says they can unlock a hard drive if he would ship it to them. Hard drive passwords are very secure and difficult to break. And he'll probably have to buy gold support from Dell to do it, but he can.
Richard is having trouble linking Windows Live Mail and Gmail. What gives? Leo says to make sure that IMAP is turned on. Then, if he has two factor authentication turned on, he'll have to use the app specific password for his gmail account. Also make sure SSL is checked on the incoming and outgoing servers for Google. It's likely that an app specific password is required.
Laxman uses Windows 7 as a limited user, but he can't remember his administrator password. How can he recover it? Leo says Lophtcrack was a utility that hackers use to crack the administrator password. But Symantec bought it and killed it.
There's also a utility by PogoStick.net, where he can download a LiveCD.ISO, burn it to a CD and then boot his computer. The utilty will remove the password and let him reset it.