Computer log on security advice
Thread Starter
Computer log on security advice
Hi,
I will shortly be going abroad for a few weeks and will be taking my laptop with me, At present I don't have any log on password set up on it as it's only ever used in my house and there isn't anything too important or personal stored on it.
However, while I'm away I will be accessing and storing quite a few work related e-mails, so I thought it would be a good idea to secure the computer a bit.
Reading up on this, I've been lead to believe that the windows log on password system isn't very secure and can easily be bypassed by someone with a little bit of knowledge, so I was hoping someone on here could give me some recommendations or advice as how best to go about making my laptop a bit harder for someone to get into.
many thanks, and Christmas wishes to all.
I will shortly be going abroad for a few weeks and will be taking my laptop with me, At present I don't have any log on password set up on it as it's only ever used in my house and there isn't anything too important or personal stored on it.
However, while I'm away I will be accessing and storing quite a few work related e-mails, so I thought it would be a good idea to secure the computer a bit.
Reading up on this, I've been lead to believe that the windows log on password system isn't very secure and can easily be bypassed by someone with a little bit of knowledge, so I was hoping someone on here could give me some recommendations or advice as how best to go about making my laptop a bit harder for someone to get into.
many thanks, and Christmas wishes to all.
Spoon PPRuNerist & Mad Inistrator
Here's a few suggestions:
SD
- Password protect the BIOS. Set a Power-on password.
- Don't allow booting from removable media - USB / CD / floppy.
- Set strong passwords for any required accounts, including administrator - min. 10 characters, combining alpha / numeric / special characters.
- Rename the Administrator account to something else - e.g. "&^admin" that is easy for you to remember but hard for someone to guess.
- Disable or delete unnecessary accounts, e.g. Guest.
- Consider installing whole-disk or folder encryption if you have sensitive data.
- Ensure that you have at least Windows firewall running, preferably something a little stronger.
- If using wifi, configure to only connect to Access points, not ad-hoc devices (other PCs).
SD
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,443
Likes: 0
Received 1 Like
on
1 Post
What are you trying to protect against?
If you're trying to stop someone who has physical access to the machine and who is seriously keen on accessing your data reading stuff that's on it ("evil maid attack"), then forget it, you can't win that one.
If you are trying to protect against incoming nasties over the wire or wi-fi, because when travelling you won't have your normal sleath mode router in between you and the internet, then getting patched up to date is what's most important. (You could try switching on a firewall but I've always found them more trouble than they're worth.)
Yes you probably should set a password. It'll be a small stumbling block to a casual thief, who is after the hardware not the data. Just about worth the effort.
If you're trying to stop someone who has physical access to the machine and who is seriously keen on accessing your data reading stuff that's on it ("evil maid attack"), then forget it, you can't win that one.
If you are trying to protect against incoming nasties over the wire or wi-fi, because when travelling you won't have your normal sleath mode router in between you and the internet, then getting patched up to date is what's most important. (You could try switching on a firewall but I've always found them more trouble than they're worth.)
Yes you probably should set a password. It'll be a small stumbling block to a casual thief, who is after the hardware not the data. Just about worth the effort.
Thread Starter
Thanks Saab. I've set a BIOS password and also a fairly strong account password.
All I'm trying to protect against Gertrude is someone getting easy access to the laptop and getting to read some of the stored e-mail I have on there.
There's nothing too valuable or important on there and the computer itself is only a low budget model so I don't even think it would be worth banyone trying to break it up for spares.
It was only access by opportunists that I am trying to avoid. (hotel staff for example).
I always keep my antivirus and spyware progs up to date and try not to view any "dodgy" or suspect sites when I'm travelling.
All I'm trying to protect against Gertrude is someone getting easy access to the laptop and getting to read some of the stored e-mail I have on there.
There's nothing too valuable or important on there and the computer itself is only a low budget model so I don't even think it would be worth banyone trying to break it up for spares.
It was only access by opportunists that I am trying to avoid. (hotel staff for example).
I always keep my antivirus and spyware progs up to date and try not to view any "dodgy" or suspect sites when I'm travelling.
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,443
Likes: 0
Received 1 Like
on
1 Post
It was only access by opportunists that I am trying to avoid.
Always a good idea to say what threat model you're worried about when asking for security advice, otherwise you could get wildly different answers each of which would be correct for a different scenario.
It's not just logon passwords - physically protecting the laptop will help against theft.
However, check out the noise about FireSheep.
In essence if you use your laptop to access services from somewhere other than your own home or corporate network - and even then there's no 100% guarantee - use a VPN, or make sure that the web page / internet accessible service you use makes EXCLUSIVE use of secured protocols - HTTPS, S/IMAP, etc.
Edited to add this after I'd digested Gertrude's advice - what things are important to you when you use the computer that you're trying to protect ? Answer that, and we'll help you out more than we can by blind posting.
However, check out the noise about FireSheep.
In essence if you use your laptop to access services from somewhere other than your own home or corporate network - and even then there's no 100% guarantee - use a VPN, or make sure that the web page / internet accessible service you use makes EXCLUSIVE use of secured protocols - HTTPS, S/IMAP, etc.
Edited to add this after I'd digested Gertrude's advice - what things are important to you when you use the computer that you're trying to protect ? Answer that, and we'll help you out more than we can by blind posting.