How To... Turn off password save
Help protect your password from being cracked by setting your computer to not save the LM hash
There are a variety of techniques that a malicious person may use to try to compromise your password. The most popular of these are getting you to tell them (seriously) by pretending to be someone or some organization you trust. This is called social engineering and is the #1 threat to any security solution. However, if the bad guy has a little technical skill and/or doesn't want you to even suspect that you may be a target, the may try other techniques to get your password.
One of these is to try to capture something from your computer called the LM Hash. The LM Hash is a coded version of your password that is by default stored on your computer. If a person can get that value, they can use a program to crack the code and get your original password. Bad news.
The Good news is that you can instruct your computer to not save the LM Hash. If it isn't there, no one can steal it :)
To stop your computer from saving your login password (even if it is in a coded form):
- Click the Start Button, then click Run...
- In the window that pops up, enter "gpedit.msc" in the Open text box, then click OK
- The Group Policy Editor will open and look like this:
- Under Computer Configuration,
In the left pane, expand Windows Settings > Security Settings > Local Policies
Then click on Security Options
Then, in the right pane, find Network Security: Do not store LAN Manager Hash Value (the name may be truncated as shown below, depending on the width of your screen)
- Double Click on Network Security: Do not store LAN Manager Hash Value and set the resulting screen as shown. You want to Enable "Do not store...". It is a little counter-intuitive, but it means the value won't be saved.
- Click OK and then exit out of the Group Policy Editor
- The next time you reset your password, the coded version will not be saved to your hard drive.
|
|
|
