Jump to content



Photo

Windows 8 Microsoft account password hack.

win8

  • Please log in to reply
29 replies to this topic

#16 OP chillipig

chillipig

    Neowinian

  • Joined: 30-July 08

Posted 30 November 2012 - 21:03

As a side not this site http://www.top-passw...s-password.html claims they can do it saying:

"New! Support password reset for Windows 8 local account and Microsoft account."

"The cached passwords are stored as hashes in the local system registry, so it is difficult to crack or recover the original password. However, it’s possible to update the cached password hash using a new password, so you can log in the system with a new password in case your actual Hotmail password is lost or forgotten. Reset Windows Password is the right software which can help you easily reset Microsoft account password by running from a bootable CD or USB drive."

Interestingly they do write genuine software that has been removing local account passwords for a while now.


#17 Shane Nokes

Shane Nokes

    Neowinian Senior

  • Joined: 29-July 12

Posted 30 November 2012 - 21:55

Just for kicks I'm downloading it just to see what type of crap it tries to pull.

I can tell you already that their server capacity must be balls with how slow it's going. I still have about 5 minutes left on a 28MB download...

#18 Jason Stillion

Jason Stillion

    Neowinian

  • Joined: 04-April 12
  • Location: United States

Posted 30 November 2012 - 22:06

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.
The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.

#19 Shane Nokes

Shane Nokes

    Neowinian Senior

  • Joined: 29-July 12

Posted 30 November 2012 - 22:46

Windows 8 pushes users to make there windows profile using there Microsoft Live Account.
The way new user creation is set up is you have to go out of your way to make a standard windows profile like XP / Vista / 7.

Essentially if they used the default Microsoft was prompting them for, there windows 8 login is there Microsoft Live Account.

Sorry for using poor terminology to describe this. I know MS is deprecating the "live" branding as well.


You can just say Microsoft Account. That is the new term.

#20 jackkk1

jackkk1

    Neowinian

  • Joined: 24-June 11
  • Location: Earth
  • OS: Windows 8 x64

Posted 01 December 2012 - 17:08

Does windows 8 really stores cached password of online Microsoft Account? If they does, wow, online account cracking just become much easier.

#21 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 01 December 2012 - 17:11

Does windows 8 really stores cached password of online Microsoft Account? If they does, wow, online account cracking just become much easier.


Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)

#22 jackkk1

jackkk1

    Neowinian

  • Joined: 24-June 11
  • Location: Earth
  • OS: Windows 8 x64

Posted 01 December 2012 - 17:21

Not sure, but if it does I doubt they will be in plain text located on c:\passwords ;)


No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.

#23 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 01 December 2012 - 17:25

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.


It must store something because you can log in offline using your Live ID

#24 jackkk1

jackkk1

    Neowinian

  • Joined: 24-June 11
  • Location: Earth
  • OS: Windows 8 x64

Posted 01 December 2012 - 17:53

It must store something because you can log in offline using your Live ID

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.

#25 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 01 December 2012 - 18:05

Yes, from one side, it makes sense otherwise they would have to deal with a lot of calls from users with poor internet connection, from other side, they sacrificed security.


Agreed, to maintain security, having the user create a local & online account during setup would have been better, for cases when their connection is unavailable, they are logged into their local account instead

#26 libertas83

libertas83

    Neowinian

  • Joined: 02-November 05

Posted 01 December 2012 - 18:18

No need to be in plain text to crack a password. Nowadays, cracking hashes of the password, even 8 symbol length, really isn't problem anymore. But it would be much harder to do on online website where captchas and other preventive measures exist.


Really, you think it's easy to crack strong encryption methods? The file stored is going to be encrypted with some of the best encryption methods like AES-256 or something else. It will not be easy to crack the encryption. Most likely hackers will attack other weaknesses first.

Think EFS or Bit-Locker encryption methods. I'm not saying it can't be cracked, but is not easy.

#27 +sanke1

sanke1

    Member

  • Joined: 07-October 07

Posted 01 December 2012 - 18:34

This Microsoft Account login in Windows 8 is going to be tech support's nightmare.

#28 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 01 December 2012 - 18:50

This Microsoft Account login in Windows 8 is going to be tech support's nightmate.


The repair and refresh function of 8 was supposed to be user friendly and stop them needing techs so much, MS forgot about businesses that were blind enough to install 8 on their employees machines

Which, I will add, I am struggling to believe any businesses have actually gone and done that

#29 jackkk1

jackkk1

    Neowinian

  • Joined: 24-June 11
  • Location: Earth
  • OS: Windows 8 x64

Posted 01 December 2012 - 18:50

Really, you think it's easy to crack strong encryption methods? The file stored is going to be encrypted with some of the best encryption methods like AES-256 or something else. It will not be easy to crack the encryption. Most likely hackers will attack other weaknesses first.

Think EFS or Bit-Locker encryption methods. I'm not saying it can't be cracked, but is not easy.


Of course, it heavy depends from a password complexity and length, but anyway, seeing how GPUs become much faster each time, it shouldn't cause problems in near future at all, especially, knowing that users and even administrators usually don't bother to create complex passwords, otherwise they'll need to carry a list with written passwords on it.

#30 HawkMan

HawkMan

    Badass Viking

  • Tech Issues Solved: 3
  • Joined: 31-August 04
  • Location: Norway

Posted 01 December 2012 - 19:27

OR you could have a reallylong password that's easy to remember but very hard to crack
Posted Image


In any case, if someone has physical access to your computer 90% of the work is already done anyway in most cases



Click here to login or here to register to remove this ad, it's free!