The danger: malicious computer users can gain access to your computer over the Internet, stealing and deleting data and potentially implanting viruses and Trojan horses.
The cause: The major irony of Microsoft’s shift from non-password protected home operating systems like Windows 98 and ME to the password and access-list based ‘security’ of Windows 2000 and later (Windows 11) is that your data is actually less secure by default.
Sure, the new operating systems give security conscious users all the tools they need to protect their data, but what if the users are not aware of the risks? During the install process, you may be prompted to create a password for the built-in ‘administrator’ user account. Users accustomed to Windows 9X/ME’s pointless passwords often decide to bypass this by entering a blank password, thus opening up their entire computer to anyone who takes the trouble to look twice at their Internet address.
There are two reasons for this vulnerability: One, every Microsoft Windows 2000 system or later has a built-in account called ‘administrator’ which has full access to all files and configuration settings of the computer. Anyone who is remotely familiar with these operating systems knows of this account’s existence. This definitely includes anyone who might try to break into your computer.
The other factor in Windows 2000 and later vulnerability is the presence of hidden administrative shares. Each logical drive (C:, D:, etc.) on your system, plus the Windows directory, is actually shared (made available for remote access) by default. These hidden shares are only accessible to Users with administrative privileges, but once an intruder has your administrator account password, he has your entire system laid open for him.
By using one of a multitude of free and legal software tools, a potential intruder can easily locate and gain access to your data by finding your IP address and attempting to connect using the administrator account. Obviously, if there is no password on the account, you are defenseless.
Even if you have put a password on the account, you may not be safe. Simple passwords can easily be discovered by an intruder using a ‘dictionary attack’ software tool, which can try words and combinations of letters until your password is compromised.
The administrator account is uniquely open to this style of attack, because while other user accounts can be ‘locked’ by the operating system if an incorrect password is entered too many times, the administrator account cannot be locked out. This means that an intruder is free to try as many password possibilities as he or she wants, without worrying about losing access to your system.
The Cure to Step 1.
Setup a Complex yet Simple to Remember Passwords
One of the main problems faced with password based security and possible vulnerabilities to the system is psychological. Many users have hard time memorizing password, especially complex and long ones, tending to forget them, which might result by writing their credentials somewhere that might be accessible by outsider’s or generating easy to remember and crack passwords. An interesting way to overcome this problem and create easy to remember yet complex password is by combining several unrelated words that have a meaning to you, and a customized version of the words possibly using English letters to represent other languages words, such as Arabic in my case, could increase the complexity, an example is “Kelmet-Sirr-2awiyeh“ which means in English a powerful password. In addition to that password managers are a good idea, here is a list of the Five Best Password Managers compiled by Jason Fitzpatrick, I use 1Password. I used KeePass for many years but it is dated and does not have the features I need today.
The cure: Set effective passwords for all users The best way to protect yourself from malicious users is to effectively password protect all your user accounts. An effective password, according to Microsoft, is at least seven characters long and contains a mix of upper- and lower-case letters, numbers and symbols. While you can cut corners a bit here in the interests of memorization, make sure to use six or more characters and include at least some numbers and upper-case letters in the middle of the word. By using several characters and a mix of upper- and lower-case letters and numbers, you can make your password effectively uncrackable to intruders who do not possess super computers capable of predicting the weather…
To change user passwords, make sure you are logged in as a user with administrative privileges (the first user created during the XP install process has these). Right click on ‘my computer’ and select ‘manage.’ Expand ‘local users and groups’ then ‘users.’ Right click on each user and select ‘set password.’ Note: This does not apply to Home versions of Microsoft Windows. This is one of many reasons I only recommend Pro or better.
Note the ominous warning message. If you have used XP’s built-in file encryption to protect any of your files, you must remove it before you change your password or you will lose access to the files. Otherwise, proceed and set a secure password for each account.
The accounts you should set passwords for are the administrator account, and any accounts you created during or after the installation of Windows.
Some accounts may have been created by installed software and if the software is reputable and up to date, it is probably OK.
My Recommendation: Use a password manager that can generate strong passwords for you. We use 1Password because it lets us keep track of a large number of passwords in a secure vault. It generates passwords and supports MFA and Passkeys. Your vault can be synchronized between several devices like your phone, laptop, and main computer. The only complaint I have is that it does not do local applications. They tell me that it is coming but of course don’t know when.