Home » How-to » ‘password hint’, a security hole to secure key management in Windows

‘password hint’, a security hole to secure key management in Windows

Using the function ‘password hint’ to create user accounts in Windows 7 or Windows 8 can help you remember it if forgotten but also help an attacker to obtain the same, even remotely.

password hint

This is indicated by an investigation that uses vulnerability in the client operating systems Microsoft Windows 8 and Windows 7 that facilitates obtaining the administrator password, do not forget, the key to logins and system control.

The researcher explains that the vulnerability lies in the function ‘sign’ or ‘suggestion’ password, a password hint that can be seen by anyone with physical access to the computer as Microsoft indicates:

The biggest problem is that it can also be seen by an attacker remotely as these suggestions passwords for Windows 8 and Windows 7 are stored in the registry of the operating system and although they are in an encrypted format can be converted to a readable format.

The researcher has written a script that automates the attack and has published in Metasploit, the premier open source tool popular among hackers.

Conclusion: Never dial a password hint as can be demonstrated as a way to get the administrative password.

This is a serious issue with 2012 developed as the great year of stealing passwords that we continue to overlook in light of the passwords we use weak.

And remember the basic rules for creating a strong password: the bigger the better, combining numbers, letters, capital letters and special characters, do not include any personal data, do not use common terms, do not use the same password for all access and services ….