Passcape Software claims Windows 8 has a a password security flaw..
Windows 8 is better, faster, stronger than Windows 7- but is it more secure? At first glance, I’d certainly say yes. There is a new Secure Boot feature that should make it harder for hackers to attack the boot process. There are also several new password systems and methods in Windows 8.
Unfortunately, security firm Passcape Software also says there is a big security flaw as well. Keep in mind that this is a company that sells security solutions, and so they might be blowing things out of proportion to make a buck or two. With that said, the problem is that Windows 8 will now store your login passwords away in plain text.
The idea is that Windows 8 that problem lays with the two new password options in Windows 8. To make things easier, Microsoft has given us several new ways to password protect our systems in Windows 8, such as PIN or picture password, instead of the classic route.
If you select one of these alternatives, Windows 8 will store away the standard password that you first selected. This information goes into Microsoft Vault. Passcape alledges that the Vault uses plain-text files that can be retrieved and read if someone knows what to look for.
While this is possibly true, there are some things to keep in mind. First, accessing the Vault would probably require full access to the computer’s Windows 8 directories and files in the first place. This could mean you’d have to invite the hacker to sit down and play around with your PC to retrieve the info- at least if I’m understanding Passcape Software’s claim properly.
The second thing to consider is, who is using these new methods? I’d wager that users going with PIN and picture passwords are those trying to keep their meddling kids from using the computer without permission.
The folks that are utilizing these easier-to-crack methods are more than likely not trying to protect Top-Secret Pentagon security files. For those with more sensitive needs- a third party solution (or at the very least a traditional-style Windows password) probably makes more sense anyhow.
As to be expected, Passcape is offering a paid solution to fix the problem. If this is indeed a real problem (which I have my doubts), Microsoft probably already plans on fixing it before the official October 26th launch date. Does this potential flaw worry you at all or does it seem pretty minor?
Again, if you really have important data to protect- there are more secure methods out there that will have you covered. If you are just protecting your pictures of your brand new puppy, I wouldn’t lose any sleep over the ‘flaw’ if I were you.
[ source ]