Please register or login. There are 0 registered and 1037 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s July 20 - 01:08am EDT 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / General Technology /
 

  Dual password verification for Windows logon? Possible? 
 
 Author 
 Date Written 
 Tools 
3-Oh-Beast Jul 02, 2007, 03:45pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Jul 02, 2007, 03:45pm EDT

Replies: 3 - Views: 2372
Essentially what I want is for my users to require to use a 2nd password to be able to log into the computer. Is there such a system available in Windows?

As it stands everyone with a company account is just firstname.lastname and a password. But if this password is compromised the computer is wide open.

I've thought about encryption. My question is, is there a way to encrypt the C drive itself, as opposed to creating an encrypted partition with one of these encryption programs and having to mount/unmount the drive? And if there is, are there any possible problems to run into (aside from losing the password?)

If there was a way to simply add a dual-password verification for windows logon, that'd be ideal.

Appreciate the responses.




:: P5N32-E sli + Q6600 @ 3ghz
:: 4GBs Corsair XMS2 DDR2 800
:: EVGA 8800GTX
:: 2 WD Raptors 10,000rpm 74gb RAID0
:: Gateway 24" FHD2400 LCD
Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
adam Jul 02, 2007, 04:28pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Jul 02, 2007, 04:36pm EDT

 
>> Re: Dual password verification for Windows logon? Possible?
one of the best option is to use microsoft fingerprint scan and a fractal inscription consisting of 14 letters and 10 numbers 1 symbol, ETC Letters must have capitol and lower case. with the finger print its just a simple scan and your in. very effective. Takes law enforcement HRS and HRS with a 7% success rate to crack it. So just think how long it would take a code junky. Not likely. Example JasonGomez?147125823693<0> . Fractals can go as high as 35 digits in vista

AMD 6000+ @ 3.3 Ghz
Corsair XMS 2 - 2 gig DDR 2 800 @ 880 4 4 4 12 2.1 volts
8800 GTX KO @ 630/1575/2106
vista home premium x64
Enermax 650 watt 39 amp 12+ rails PSU
320 gig sata 2 300 mb 16 meg cache
2 gig 200x flash in readyboost
Jul 05, 2007, 01:24pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Dual password verification for Windows logon? Possible?
As for system partition encryption, there are a few programs available. There's lots to encrypt data partitions, but OS partitions present a different problem. PGP Whole Disk Encryption will do it, and I think BestCrypt will as well. If you're using Vista (Enterprise or Ultimate), you could also use BitLocker.

Brendan Falvey Jul 07, 2007, 10:04pm EDT Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Dual password verification for Windows logon? Possible?
I understand your issue but is it? You need to enforce some basic security on Windows.

1. your data should be on a seperate partition preferably a seperate drive. A compromised system partition means data is not lost with the system A seperate drive is better since a lost system drive protects your data. Data backup becomes easier this is particularly true of the mess created in Documents and settings.

2. do not create any general access accounts and disable Guest.

3. Ensure minimum password standards there are free password ckeckers to ensure compliance in number of characters and any othe r criteria you seek to apply.

4. Institute a regular change of password say every 6 weeks and enable histrory tracking to avoid reuse of passwords over the short to medium term.

5. Enable automatic account disable after 3 or 4 failed logons

6. If someone leaves immediately disable their account you may wish to ensure no company data is stored in their space before you delete.

7. Ensure that you set up access controls as to who has access to what data. Some enterprise accounting applications enable even tighter controls. The storeman does not need access to account analysis but be able to access invoices. Institute Group access and limit System access to physical computer logon or only to a tightly held Admin group.

Your exposure this way is small since the access will limit the ability of casual access from compromised passwords and unless someone gives it away the account will be frozen after several failed logons untill unlocked by the Administrator (remember change their Username from Administrator also eg Beast, Monster, Ratbag certainly not a personal work logon)

People fail to use what is available the fingerprinting is appropriate for a laptop on the move but a luxury for an office where a compromise between ready access to required data and detering unauthorised access is more appropriate.

If you do not trust your employees then you have a different problem that the computers cannot solve. Remember locks only keep honest people out and no WAN connection is the only sure security against external access.





Write a Reply >>


 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.