STEPS TO CREATE STRONG PASSWORD

• A Strong password is less susceptible to attack by a Hacker. The
following rules should be applied when you’re creating a
password, to protect it against attacks:




Must not contain any part of the User’s account name

Must have a minimum of eight characters 

Must contain characters from at least three of the following
categories:

• Non alphanumeric symbols ($,:”%@!#)

• Numbers

• Uppercase letters

• Lowercase letters


                     Applying Syskey Security

• Go to Start > Run >
Type Syskey 


• Click on Update


• Set Syskey Password,
Confirm the Password
and Click OK




                Change the Boot Sequence


• You should change the boot sequence in the BIOS so that your
computer is not configured to boot from the CD first. It should
be configured as Hard Disk as the First Boot Device. 




• This will protect your computer from the attacking Live CDs.


• You may press Del or F2 Key at the System Boot to go to the
BIOS Setup

STEPS TO CREATE HIDDEN ACCOUNT IN WINDOWS VISTA OR 7

          Creating Hidden accounts  in Windows

* Creating Hidden Accounts 


• Use the Net User Command to Create a Hidden Account in Windows:
                Net User Hiddenuser /add


• And then use the Command
               Net Localgroup Users Hiddenuser /delete


• Log Off the Current User, Press ALT+CTRL+DEL combination 2 times
to get the ‘Classic Windows User Login Screen’



• Type the Username as Hiddenuser and Hit Enter, you will get Logged In

Note: This trick will not work in Windows Vista and Windows 7 


           Sticky Keys Backdoor

 
 • Sticky Keys application can be used as the Backdoor in Windows
Operating System.


• Command Prompt file ‘CMD.EXE’ can be renamed to
‘SETHC.EXE’ in C:\Windows\System32 Folder.


• After this one can hit the Shift Key 5 times on the User Login
Screen and will get the Command Prompt right there. Net User
command can be used to modify User Accounts thereafter.

TAKE CARE YOUR PASSWORD MAY BE STOLEN

This is way which hacker or other third part steal your password so try to check this


         Brute Force Attack

• Brute force password guessing is just what it sounds like: trying
a random approach by attempting different passwords and
hoping that one works. Some logic can be applied by trying
passwords related to the person’s name, job title, hobbies, or
other similar items.




• Brute force randomly generates passwords and their associated
hashes.




• There are tools available to perform the Brute force attack on the
Windows SAM File. Most famous tool available for Windows
User Account Password Bruteforcing is Cain and Abel. Another
one is SamInside.




                   Rainbow Table Attack

• Rainbow Table Attack trades off the time-consuming process of
creating all possible password hashes by building a table of
hashes in advance of the actual crack. After this process is
finished, the table, called a rainbow table, is used to crack the
password, which will then normally only take a few seconds.


• We can use the Live CD to crack the Windows password using
the Rainbow table attack technique. Most famous Live CD
available is OphCrack

WINDOWS ACCOUNT USER PASSWORD CRACKING WAY

Cracking Windows User account Password


• Passwords are Stored and Transmitted in an encrypted form
called a Hash. When a User logs on to a system and enters a
password, a hash is generated and compared to a stored hash. If
the entered and the stored hashes match, the user is
authenticated (This is called the Challenge/Response).




• Passwords may be cracked Manually or with Automated tools
such as a Brute-force method or the Rainbow Table attack.




Net User: Command Prompt


• Windows Command Prompt Utility, Net User, can be also be used to
manipulate the User accounts in Windows.


The Commands are as follows:


• To check the User Accounts: Net User
• To Add a New User Account: Net User Username Password /add
• To Delete a User Account: Net User Username /delete
• To Change the Password of User Account: Net User Username *