Sunday, 28 May 2006

Make Microsoft Windows XP Passwords more secure

We all know that Microsoft sometimes has problems in their operating systems. Sometimes they just don't do somethings correctly (like the WMF exploit that we all know about) and it's up to us to tweak our computer to make it correct. That's why today I'm going to talk a little bit about the security of Windows XP because we all care about it.

Now, you might not know this so let's start from the basics. All windows user passwords are stored as hashes... which simply mean that they are encrypted to protect it. But windows uses something called LMhash to store the passwords. Which is not good news if you want to keep your data secure. Here's how you can fix this.

Prevent your Windows PC from getting hacked

Basically what LMhash (or Lan Manager hash) does is converts the password to upper case, makes it 14 characters long, splits the 'encrypted password' into 7 pairs etc. So it sort or puts it into the same format every single time, and since hackers know this format it just makes it easier to crack because its not totally different every time. You can read more about it from Microsoft, the geniuses who created this in the first place.

So what you want to to is stop using the LMhash to convert the passwords to make it more easily accessible. And this is very simple to do using the registry. All you do is enable the noLMhash value and Windows will stop using LMhash... simple.

Here's how you do it:
  • Make sure you have admin privileges before you continue
  • Make sure that you back up the registry before you perform this tweak
  1. Click 'Start'
  2. Click 'Run'
  3. Type in 'regedit' (without the quotes of course).
  4. Then navigate to the following registry key using the left column : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  5. In the right column Double click on nolmhash
  6. In the box that pop's up type in 1 and click 'OK'
  7. Click regedit and the reboot your computer.
  8. Important: Change Your Password! Or else the old hash is still going to remain there and the tweak won't do you any good. And make sure that you keep changing your password at regular intervals.
Congratulations, your passwords are now going to be more secure and less crackable, however you still need to take more precautions so that you don't loose any important data. I'm sure when I have more time I'm going to write up more articles on how to do this, so make sure you subscribe so that you don't miss a beat.

Got a question, tip or comment? Send them to and we'll try to answer it in a blog post!

No comments:

Post a Comment