by Dave Moore, 8-12-18
I’ll never forget one of my early computer repair jobs, one which involved much attention to passwords. My customer, a fellow named Bob, had one of the slowest computers I’d ever seen. He was stuck in endless cycles of click, and then, wait, wait, wait.
I asked how long it had been since he’d turned off his computer. “I never turn off my computer,” he replied, with a somewhat annoyed look on his face and tone in his voice. Knowing even then, as I do now, the first maxim of computer troubleshooting (“When in doubt, reboot”), I said, “Let’s see what happens if we reboot your computer.”
I clicked Start, Shut Down and Restart, only to be greeted with an error message that said, “Other people are logged on to this computer. Shutting down Windows might cause them to lose data. Do you want to continue shutting down?” I did not like this message at all. Looking at an early version of Process Explorer revealed 28 other people logged on to Bob’s computer. Bob was beginning to look a bit pale.
Returning to the Shut Down process, I mumbled, “Heck, yeah, I want those 28 people to lose data,” and I restarted Bob’s computer.
Soon, I was looking at a Windows logon screen, asking me for Bob’s password. “Bob, what’s your password?” I asked. “Bob,” he replied. At first I thought he was kidding, but the look on his face told me otherwise. “Uh, really? Your password is the same as your first name? Your password is ‘Bob?’” “Yes,” he said, slowly drawing out the word. I knew we were in for an interesting afternoon.
Now, keep in mind that the Windows Login password is not a super-critial password. Its major function is to limit who can actually use the computer. The same goes for an Apple Mac Login. For most setups, that means people who have actual, physical access to the computer. In other words, if a person wants to sit down at the computer and use it, they have to use the keyboard to enter a password.
First off, I disconnected Bob’s computer from the Internet. Then, after explaining why he absolutely was not allowed to use “Bob” as his password, I changed Bob’s password to something more secure. The computer login password is one thing, but poor Bob used the same horrible password (“Bob”) for everything; email, online accounts, the works. It was a rather tedious, time consuming chore.
After yanking out about twenty viruses (Bob had no antivirus software installed), installing a firewall (on his old Windows 98 computer, Bob had none; remember, this was in the 1990s) and a gazillion Windows updates (Bob had never updated anything), Bob and Bob’s computer were feeling much happier.
What were those 28 other people doing logged on to Bob’s computer? I was never too sure about that. Those many years ago, I didn’t know computer security like I know it now; I just knew it was a bad idea for that many mystery users to be connected to his computer.
Perhaps his computer was being used to forward spam email or distribute pornography. Maybe the gang of 28 were using Bob’s computer as a front, hiding behind it while attacking more lucrative targets, such as banks or corporate databases. Such activities are commonplace these days, with the bad guys running rampant over people with weak passwords.
Over the next few columns, we’ll look more at password security and how to manage multiple passwords for multiple accounts. Until then, stay safe and happy computing.
Dave Moore has been performing computer consulting, repairs, security and networking in Oklahoma since 1984. He also teaches computer safety workshops for public and private organizations. He can be reached at 405-919-9901 or www.davemoorecomputers.com