If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password is blank?
In Windows XP you can encrypt a file or folder just by right-clicking
on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) Bennett |
Ads |
#2
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password is blank?
Bennett Haselton wrote:
In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) I actually have not ever thought about trying that. One would assume (in my mind) that the first line of defense on a computer is the username/password configuration. I woud bet that most users that do not have passwords (other than blank) assigned to them do not utilize EFS. I would also bet that most users that have the facility available to them in Windows XP Professional and utilize it, do so because their domain administrator (or more accurately, their place of employment) tells them they should. Given the latter - the domain administrator probably setup the computer and forces the user to have a password. In short - I believe it is more of a business feature (Windows XP Professional was originally not intended for home usage - but to be a member of a domain or business environment - where it was more than likely that passwords and such would be required.) In any case - your post tweaked my interest - so I had to try it. You can, as a matter of fact, have a user account with no password use EFS. Crazy. I had to create a user account with no password, since I follow the best practices of general computer use and have a password for my accounts - but I created the account, logged in and made a new folder and encrypted it. The user has no password. Their name just sits on the welcome screen, begging for someone to click and log in. Once in - the contents of the encrypted folder are an open book (although other users on the computer can't do much with it.) No warning - nothing. So I thought to mysef - perhaps it's just listed as one of the 'best practices' for the EFS. Best practices for the Encrypting File System http://support.microsoft.com/kb/223316 The Encrypting File System http://technet.microsoft.com/en-us/l.../cc700811.aspx The first - not a word. The only times "password" is mentioned in the first article is in reference to exporting the .pfx file and/or backing up the certificate. Nothing says you should use an account with a strong password for logon assigned. The second - a little better with this quoted section: "Using EFS requires only a few simple bits of knowledge. However, using EFS without knowledge of best practices and without understanding recovery processes can give you a mistaken sense of security, as your files might not be encrypted when you think they are, or you might enable unauthorized access by having a weak password or having made the password available to others. It might also result in a loss of data, if proper recovery steps aren't taken. Therefore, before using EFS you should read the information links in the section "Misuse and Abuse of EFS and How to Avoid Data Loss or Exposure." The knowledge in this section warns you where lack of proper recovery operations or misunderstanding can cause your data to be unnecessarily exposed. To implement a secure and recoverable EFS policy, you should have a more comprehensive understanding of EFS." I'd say "blank" qualifies as a "weak" password. ;-) Now - I was hopeful they might expand on this later - specifically mention that you should have a password set (although I still say "blank" is a "weak" password - so they sort of do...) - but they do not specifically ever say that. http://technet.microsoft.com/en-us/l...on128121120120 There (the link directly above) they do have this: "If users provide others with their passwords, these people can log on using these credentials and decrypt the user's encrypted files. (Once a user has successfully logged on, they can decrypt any files the user account has the right to decrypt.)" Well - yeah. Okay. You are correct - there is no warning. Should there be a warning...? I could see that being pretty easy to implement. I could see that being useful too. One more thing for system administrators to point to and use as a, "See, you need a password." tool. However - if someone has set no password on their computer - I also cannot see them being so security conscience and to decide to start using EFS. It sort of falls back to a conversation I was having in another place in these newsgroups. There's a certain point where you have to rely on the supposedly sentient being to make the wisest choice for themseves. You are not asking them to become an expert on Windows or on EFS or in the proper use of security measures - but to do their due diligence in order to obtain whatever their goal may be. If one is going to utilize EFS to protect their files - one should at least attempt to understand the basics of how it works and what the best practices may be and how to use it to accomplish one's own goals as best they can. I would think with EFS - reading the two articles I posted above would be advisable - and after reading it - I would have an overwhelming sense that I needed a decent password. I was disappointed in that the built-in help (Windows XP) mentioned nothing about passwords when it came to EFS. It did hammer home how much this was considered an 'enterprise' feature and not a 'standalone' feature. It was really intended for use in a domain environment - where most likely the user would be required to have a password meeting some level of complexity. That's no excuse - just how I figure this came about. After all - who would I be to make excuses for something I had nothing to do with anyway? hah Interesting. Although - you are writing "tips and tricks" and are doing it for "Windows XP"? I'd say that might be redundant - given the age and how many such web pages/books one can find on that subject now. ;-) However - more power to you! You did bring up something I had not ever thought about. I'd still point to the fact that I doubt someone who doesn't have a password (a basic of computer security) on their account is probably unlikely to use (or even have available) encryption (built-in) for Windows XP at least. I'm fairly certain that to use encryption in Windows (XP, Vista, 7) - one must have one of the 'Professiona' or above editions of the operating system. The ones labeled "Home" usually do not provide the feature. I haven't tried an account with no password on Vista or Windows 7 - but I would be interested in the results if you do. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#3
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password is blank?
Bennett Haselton wrote:
In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) I actually have not ever thought about trying that. One would assume (in my mind) that the first line of defense on a computer is the username/password configuration. I woud bet that most users that do not have passwords (other than blank) assigned to them do not utilize EFS. I would also bet that most users that have the facility available to them in Windows XP Professional and utilize it, do so because their domain administrator (or more accurately, their place of employment) tells them they should. Given the latter - the domain administrator probably setup the computer and forces the user to have a password. In short - I believe it is more of a business feature (Windows XP Professional was originally not intended for home usage - but to be a member of a domain or business environment - where it was more than likely that passwords and such would be required.) In any case - your post tweaked my interest - so I had to try it. You can, as a matter of fact, have a user account with no password use EFS. Crazy. I had to create a user account with no password, since I follow the best practices of general computer use and have a password for my accounts - but I created the account, logged in and made a new folder and encrypted it. The user has no password. Their name just sits on the welcome screen, begging for someone to click and log in. Once in - the contents of the encrypted folder are an open book (although other users on the computer can't do much with it.) No warning - nothing. So I thought to mysef - perhaps it's just listed as one of the 'best practices' for the EFS. Best practices for the Encrypting File System http://support.microsoft.com/kb/223316 The Encrypting File System http://technet.microsoft.com/en-us/l.../cc700811.aspx The first - not a word. The only times "password" is mentioned in the first article is in reference to exporting the .pfx file and/or backing up the certificate. Nothing says you should use an account with a strong password for logon assigned. The second - a little better with this quoted section: "Using EFS requires only a few simple bits of knowledge. However, using EFS without knowledge of best practices and without understanding recovery processes can give you a mistaken sense of security, as your files might not be encrypted when you think they are, or you might enable unauthorized access by having a weak password or having made the password available to others. It might also result in a loss of data, if proper recovery steps aren't taken. Therefore, before using EFS you should read the information links in the section "Misuse and Abuse of EFS and How to Avoid Data Loss or Exposure." The knowledge in this section warns you where lack of proper recovery operations or misunderstanding can cause your data to be unnecessarily exposed. To implement a secure and recoverable EFS policy, you should have a more comprehensive understanding of EFS." I'd say "blank" qualifies as a "weak" password. ;-) Now - I was hopeful they might expand on this later - specifically mention that you should have a password set (although I still say "blank" is a "weak" password - so they sort of do...) - but they do not specifically ever say that. http://technet.microsoft.com/en-us/l...on128121120120 There (the link directly above) they do have this: "If users provide others with their passwords, these people can log on using these credentials and decrypt the user's encrypted files. (Once a user has successfully logged on, they can decrypt any files the user account has the right to decrypt.)" Well - yeah. Okay. You are correct - there is no warning. Should there be a warning...? I could see that being pretty easy to implement. I could see that being useful too. One more thing for system administrators to point to and use as a, "See, you need a password." tool. However - if someone has set no password on their computer - I also cannot see them being so security conscience and to decide to start using EFS. It sort of falls back to a conversation I was having in another place in these newsgroups. There's a certain point where you have to rely on the supposedly sentient being to make the wisest choice for themseves. You are not asking them to become an expert on Windows or on EFS or in the proper use of security measures - but to do their due diligence in order to obtain whatever their goal may be. If one is going to utilize EFS to protect their files - one should at least attempt to understand the basics of how it works and what the best practices may be and how to use it to accomplish one's own goals as best they can. I would think with EFS - reading the two articles I posted above would be advisable - and after reading it - I would have an overwhelming sense that I needed a decent password. I was disappointed in that the built-in help (Windows XP) mentioned nothing about passwords when it came to EFS. It did hammer home how much this was considered an 'enterprise' feature and not a 'standalone' feature. It was really intended for use in a domain environment - where most likely the user would be required to have a password meeting some level of complexity. That's no excuse - just how I figure this came about. After all - who would I be to make excuses for something I had nothing to do with anyway? hah Interesting. Although - you are writing "tips and tricks" and are doing it for "Windows XP"? I'd say that might be redundant - given the age and how many such web pages/books one can find on that subject now. ;-) However - more power to you! You did bring up something I had not ever thought about. I'd still point to the fact that I doubt someone who doesn't have a password (a basic of computer security) on their account is probably unlikely to use (or even have available) encryption (built-in) for Windows XP at least. I'm fairly certain that to use encryption in Windows (XP, Vista, 7) - one must have one of the 'Professiona' or above editions of the operating system. The ones labeled "Home" usually do not provide the feature. I haven't tried an account with no password on Vista or Windows 7 - but I would be interested in the results if you do. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#4
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password isblank?
Bennett Haselton wrote:
In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) Bennett Though having a log-in password is a reasonable security measure... it hardly guarantees your data are safe. To access your data one would simply have to boot up with a live Linux cd and access to the entire drive would be available in only a matter fo seconds. If your data are encrypted, then it's considerably safer... as the encryption algorithm would have to be decrypted... which is not so easy...and is certainly going to be very time consuming |
#5
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password isblank?
Bennett Haselton wrote:
In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) Bennett Though having a log-in password is a reasonable security measure... it hardly guarantees your data are safe. To access your data one would simply have to boot up with a live Linux cd and access to the entire drive would be available in only a matter fo seconds. If your data are encrypted, then it's considerably safer... as the encryption algorithm would have to be decrypted... which is not so easy...and is certainly going to be very time consuming |
#6
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password is blank?
Bennett Haselton wrote:
In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) philo wrote: Though having a log-in password is a reasonable security measure... it hardly guarantees your data are safe. To access your data one would simply have to boot up with a live Linux cd and access to the entire drive would be available in only a matter fo seconds. If your data are encrypted, then it's considerably safer... as the encryption algorithm would have to be decrypted... which is not so easy...and is certainly going to be very time consuming Okay... But here's the point I got out of the post you are responding to. - Someone can have no password in Windows XP Professional for logging in. - That same person can encrypt a file/folder using EFS on the machine. - However - with no password, logging in as that person is trivial - a literal click of the mouse/pressing ENTER on the keyboard. And once logged in - the files they encrypted are automatically decrypted. In other words... There's no need to hack any passwords, reset them using and methods. The password is empty, there is no password. So while the password may not provide any real protection where physical access is concerned - at least with the use of a password someone would have to change/hack it to get in (or take ownership of the files/folder or use an imaging application to make an accessible image of the disk, etc) - but the encrypted files would not be accessible in any timely/easy manner like they are if you have no password and I just click on your logon picture, logon as you and get to your files - encrypted or not - because I am you as far as the computer is concerned - same empty password as you always had. ;-) -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#7
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password is blank?
Bennett Haselton wrote:
In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) philo wrote: Though having a log-in password is a reasonable security measure... it hardly guarantees your data are safe. To access your data one would simply have to boot up with a live Linux cd and access to the entire drive would be available in only a matter fo seconds. If your data are encrypted, then it's considerably safer... as the encryption algorithm would have to be decrypted... which is not so easy...and is certainly going to be very time consuming Okay... But here's the point I got out of the post you are responding to. - Someone can have no password in Windows XP Professional for logging in. - That same person can encrypt a file/folder using EFS on the machine. - However - with no password, logging in as that person is trivial - a literal click of the mouse/pressing ENTER on the keyboard. And once logged in - the files they encrypted are automatically decrypted. In other words... There's no need to hack any passwords, reset them using and methods. The password is empty, there is no password. So while the password may not provide any real protection where physical access is concerned - at least with the use of a password someone would have to change/hack it to get in (or take ownership of the files/folder or use an imaging application to make an accessible image of the disk, etc) - but the encrypted files would not be accessible in any timely/easy manner like they are if you have no password and I just click on your logon picture, logon as you and get to your files - encrypted or not - because I am you as far as the computer is concerned - same empty password as you always had. ;-) -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#8
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password isblank?
Shenan Stanley wrote:
Bennett Haselton wrote: In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) philo wrote: Though having a log-in password is a reasonable security measure... it hardly guarantees your data are safe. To access your data one would simply have to boot up with a live Linux cd and access to the entire drive would be available in only a matter fo seconds. If your data are encrypted, then it's considerably safer... as the encryption algorithm would have to be decrypted... which is not so easy...and is certainly going to be very time consuming Okay... But here's the point I got out of the post you are responding to. - Someone can have no password in Windows XP Professional for logging in. - That same person can encrypt a file/folder using EFS on the machine. - However - with no password, logging in as that person is trivial - a literal click of the mouse/pressing ENTER on the keyboard. And once logged in - the files they encrypted are automatically decrypted. In other words... There's no need to hack any passwords, reset them using and methods. The password is empty, there is no password. So while the password may not provide any real protection where physical access is concerned - at least with the use of a password someone would have to change/hack it to get in (or take ownership of the files/folder or use an imaging application to make an accessible image of the disk, etc) - but the encrypted files would not be accessible in any timely/easy manner like they are if you have no password and I just click on your logon picture, logon as you and get to your files - encrypted or not - because I am you as far as the computer is concerned - same empty password as you always had. ;-) Thanks for the info... I guess I did not realize that XP's built-in encryption was so weak... I think that for better security a 3rd party encryption tool would be better |
#9
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password isblank?
Shenan Stanley wrote:
Bennett Haselton wrote: In Windows XP you can encrypt a file or folder just by right-clicking on it and selecting the Encryption attribute -- no extra password or decryption key required -- so I assume the encryption key is derived from your logon password somehow. However, doesn't that mean that if you choose to encrypt a file but your logon password is blank (and many people have set their password to blank just so they can boot up their computer without entering one), then by "encrypting" the file you haven't really encrypted it at all? (Well of course you haven't, since anyone could boot up the computer and be automatically signed in as you, and access the file without ever authenticating themselves.) I'm writing some articles about tips and tricks for Windows, and one of the things I'm saying is that I consider it a user interface bug that Windows lets you "encrypt" a file, without giving you a warning if your password is blank. I'm just wondering if there is some legitimate reason why Windows doesn't warn you about a blank password before encrypting, otherwise I would call it a bug. (I haven't tried under Vista or Windows 7; does anybody know if those operating systems warn you if you try to set a file's "encryption" attribute and your password is blank?) philo wrote: Though having a log-in password is a reasonable security measure... it hardly guarantees your data are safe. To access your data one would simply have to boot up with a live Linux cd and access to the entire drive would be available in only a matter fo seconds. If your data are encrypted, then it's considerably safer... as the encryption algorithm would have to be decrypted... which is not so easy...and is certainly going to be very time consuming Okay... But here's the point I got out of the post you are responding to. - Someone can have no password in Windows XP Professional for logging in. - That same person can encrypt a file/folder using EFS on the machine. - However - with no password, logging in as that person is trivial - a literal click of the mouse/pressing ENTER on the keyboard. And once logged in - the files they encrypted are automatically decrypted. In other words... There's no need to hack any passwords, reset them using and methods. The password is empty, there is no password. So while the password may not provide any real protection where physical access is concerned - at least with the use of a password someone would have to change/hack it to get in (or take ownership of the files/folder or use an imaging application to make an accessible image of the disk, etc) - but the encrypted files would not be accessible in any timely/easy manner like they are if you have no password and I just click on your logon picture, logon as you and get to your files - encrypted or not - because I am you as far as the computer is concerned - same empty password as you always had. ;-) Thanks for the info... I guess I did not realize that XP's built-in encryption was so weak... I think that for better security a 3rd party encryption tool would be better |
#10
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password is blank?
philo wrote:
Thanks for the info... I guess I did not realize that XP's built-in encryption was so weak... I think that for better security a 3rd party encryption tool would be better Without a doubt - especially if they are not going to use a logon password. hah -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#11
|
|||
|
|||
shouldn't Windows warn you before "encrypting", if password is blank?
philo wrote:
Thanks for the info... I guess I did not realize that XP's built-in encryption was so weak... I think that for better security a 3rd party encryption tool would be better Without a doubt - especially if they are not going to use a logon password. hah -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
Thread Tools | |
Display Modes | |
|
|