"that user will lose all personal certificates, and stored
passwords
for Web sites or network resources."
1. What does that mean? Does it mean it deletes any cookies
they have?
[...]Will it affect (e.g.) accumulated points on neopets.com?
I can't imagine any website keeping any data that could be used
competitively in cookies. It's all but certain they keep that
on their
servers, so nobody has the chance to just grant themselves a
better record.
And anyway, no, it won't delete cookies. Just passwords.
The cached passwords are also not insurmountable: that's (a)
just part of the punishment you're visiting on the kids, that
they have to remember all that stuff and put it back in, which
they'll probably
dread as much as if not more than any time away, and (b) good
training
for them, to start backing up and securing personal data. I
think everyone should have a thumb drive, they're dirt cheap.
What the message is really warning you about is the loss of
Windows-managed digital certificates, which are used for
securely
signing and encrypting things like email and personal files.
It's very
unlikely that your kids have any; you have to know what they
are and go
get them for yourself (very unlike cookies).
2. Why is it like this? Why does changing the password do more
than
just change the password?
Unless Microsoft are lying about how they protect those
certificates,
which only the truly paranoid will even consider, nobody on the
planet knows how to get at those certificates without your
password. That means not even the people who wrote Windows.
That's a good thing.
Windows uses those certificates, at user request, to encrypt
personal
files, so that no one else can read them, and to sign email, to
prevent impersonation. They work. They work well. Like the
PGP tools and their kin, nobody on the planet believes anybody
knows a way to crack that encryption without getting the
certificate (known everywhere else as a private key).
Password -> certificate -> private data. Private means
private.
But tying the keys to the user's signon password is in my
opinion
actually too great a convenience for personal use. I much
prefer the
separate-keychain approach, because it makes it clear that the
user's
really private data are not tied to their Windows identity.
For personal use, I think it's important to emphasize that, and
Microsoft don't.
You can do it, though: If you or your children do have digital
ID's,
start at
http://www.microsoft.com/resources/...xp/all/proddocs/en-us/sag_cmimportexport.mspx
(if that url breaks up and you can't fix it, go to
technet.microsoft.com
and search for "export certificates" and be prepared to do some
studying
and link-chasing. It's possible to make the wrong choice when
exporting: you want the strong-protection export style.
It's important to learn about certificate export, because until
you
understand it, those keys aren't really yours; they belong to
Windows.
Once you have done that, if someone changes your password you
can still
get the keys back by re-importing your original certificates,
and you
can transport your digital identity across computers and to
different
systems; the exports are in a worldwide-standard format not
tied to any
vendor.
And, by the way, this is why you want to keep your system
secure against malware and why you want a good password: if you
do, you really can trust your Windows box with your secrets.
Until you do, you really can't.
By the way, a last note: the truly paranoid will not trust
anything but open source systems with their keys. I think that
level of paranoia is unjustified for personal use, but they do
have a point I think marginally valid: for those who cannot
trust their governments -- and such places do exist -- such
paranoia *is* justified. And why learn two sets of tools?
It's something to think about, and I think that has to be a
personal choice, offered, and explained, but not recommended.
Sorry for the long answer, but I think any less would be a
disservice.
hth,
Jim
