How Secure is your Operating System

Ever wonder how secure your information truly is?  What security protocols do you practice? Maybe creating a password?  Locking the computer so others cannot access your data? Bypassing windows passwords only takes a minute or less and the windows 10 installation disk. Thus far, I have been successful in using the Windows 10 disk to bypass account passwords and even activating deactivated accounts on Windows Server 2012, Windows 10, Windows 7, and Windows 8.1.  I have yet to test the technique to bypass locked computer accounts in Windows XP and Vista, but I do not foresee any complications with those operating systems. 

 Before you think this makes you safer because you use Mac OS X.  I have also been able to bypass root level account passwords on a MacBook Pro, running Mac OS X (10.10) Yosemite operating system, using built-in Apple commands.  This method also took less than a minute to accomplish.  

The security implemented in an operating system and accounts always has a level of vulnerability. Most security measures are feel good methods.  Username and passwords, for example, represent single level authentication, identifying who you are, the username and proof that you are who you are, the password.  It is said for modern security protocols to require the username to be unique and the password to have a minimum of 16 characters and a random combination of uppercase, lowercase, numbers and special characters to be utilized.  16 digits  the extent of the average person to remember their own passwords.  With the growing technological advancements of computer processing power, such passwords will eventually be capable of being broken in shorter amounts of time, eventually making them completely useless.  Most operating systems store username and password combinations as hash algorithms in specific files that can be viewed as plain text, resulting in the need for passwords to be ultimately obsolete.  

Stating those facts does not mean "So, why bother?" with username and passwords.  Passwords do stop the average person from gaining access and some level of security is better than no level of security.  There, of course, are other ways to better secure your operating systems, preventing the method mentioned here from being capable of being utilized.  Data at rest encryption, for example, is an option at the operating system level.  This means a decryption process must occur prior to the operating system boot.  

2 factor and 3-factor authentication also increase the security level of your operating system. CAC (Common Access Cac) cards, commonly utilized by the DoD and other government agencies are a prime example of 2-factor authentication.  The first factor, requiring the card itself that maintains encrypted certificates to identify who you are and who you say you are, plus the second factor of a pin as secondary proof.  3-factor authentication would include features such as biometrics.  Keep in mind, even with all of these methods being utilized.  There is no such thing as a 100% secure system.  




Comments