Hide Username when pc awakes

G

Guest

Hello. I have already done a registry trick to hide the default (or last user
to use the computer) user account name from showing up at the Windows Logon
dialog box (the old fashioned one). That way, I have to manually type my user
name and password in.

But if I put my laptop to sleep... when it awakes, it prompts me for my
password, but it shows my user account name! I want to hide my user name from
showing up. That way it's more secure.

How would I go about doing this?

Thanks in advance
 
G

Guest

Can anyone else shed some insight? Links that describe this perhaps?

It's rather silly on Microsoft's part if you cannot change this.
 
G

Guest

The Windows component you asking about is called the GINA. It is a DLL can
be replaced by your own code, or by a third-party's GINA. Microsoft has a
Platform Software Development Kit (SDK) that has GINA samples in it. The
link below provides more about the GINA, and Winlogon. Obviously, you can
make the login habits anyway you like if you write it yourself.

http://msdn2.microsoft.com/en-us/library/aa380543.aspx

Personally, I would not replace the GINA since there is plenty of room for
security problems in a custom version, but if you really want to try explore
this possibility, pGINA is an open source version that you can find on the
net.

As for a simple registry key change or radio button to change the habit of
the GINA after waking from hibernation, I have not come across such a
solution. That is not to say that it does not exist, of course...

I hope this helps in your research.

- Vinson
 
S

Steve Riley [MSFT]

Richard--why do you believe that hiding your user name makes you more
secure? Logging onto a computer requires two things: making an identity
claim and then proving that claim. There's an important element of security
science here that's good to understand. User IDs are claims of identity:
they are public declarations. Proof of such claims requires that the person
making the claim have knowledge of a secret that the system can then
validate.

User IDs are never designed to be secret, so don't worry about whether
someone can find out your ID. Your password, however, is very much a secret.
Because only you know your password, this is how you prove your identity
claim. The system can validate that you entered the correct password without
having to know the password itself.

I wrote a longer article about this here:
http://www.microsoft.com/technet/community/columns/secmgmt/sm0206.mspx
 
G

Guest

I read your article, and found it quite informative. Your advice is great for
corporate and enterprise environments. Unfortunately, I am a student! :)

Now the machine in question is my IBM ThinkPad. When you turn on the laptop,
you need to enter a BIOS password, and then a hard disk password, before the
system will begin to boot Windows XP Pro. Now when Windows brings me to the
login dialog-box (the older Windows 2000 style), it requires me to press
CTRL+ALT+DEL. Then I must type in my User ID, followed by my password.

As you can see, I have several safeguards in place so that, in the event
that my ThinkPad is stolen, it is useless to the average thief.

Now when I am in class, and need to get something from the front of the room
(I am several meters away and the only door is at the front of the room where
the teacher's desk is, which is my destination, so I can see if someone tries
to get away with it in our small classroom), I would lock my computer. When I
return I have to type in my User ID and password (I can't remember if it
tells you my User ID or not in the text of the dialog-box [not the text box -
that's blank], but I don't want it to). But if I put my computer to sleep...
when it wakes up, it shows my user id!!! I don't want it to do that.

So basically, the User ID is acting like another password: so if someone
manages to get to the log-in box, not only do they need my password, but they
need to know my User ID (my User ID is not Richard!). So now I have made it
much harder for them to gain access to my system. At the very least, it will
prevent anyone from trying to "guess" my password... they'll have to guess my
User ID first!

See?
 
B

Bruce Chambers

Richard said:
Can anyone else shed some insight? Links that describe this perhaps?

It's rather silly on Microsoft's part if you cannot change this.

How is it "silly?" If you allow the computer to go into Standby while
you're logged in, you'll still be logged in when the computer come out
of standby. That's the whole point of the "Standby" feature; to pick up
where you left off.

If you want better security, never use Standby. Log out when you're
not actively using the computer. It's that simple.



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
 
B

Bruce Chambers

Richard said:
I read your article, and found it quite informative. Your advice is great for
corporate and enterprise environments. Unfortunately, I am a student! :)

Now the machine in question is my IBM ThinkPad. When you turn on the laptop,
you need to enter a BIOS password, and then a hard disk password, before the
system will begin to boot Windows XP Pro. Now when Windows brings me to the
login dialog-box (the older Windows 2000 style), it requires me to press
CTRL+ALT+DEL. Then I must type in my User ID, followed by my password.

As you can see, I have several safeguards in place so that, in the event
that my ThinkPad is stolen, it is useless to the average thief.

Actually, none of those "precautions" would interest, much less slow
down the average thief: he's after the property only, and not interested
in using it. It'll be in a neighborhood pawn shop before you notice
it's missing. And if the laptop is stolen by a knowledgeable person
after the data on it, those "precautions" are easily by-passed, in minutes.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell
 
G

Guest

Is it so hard to implement such a stupid little feature?

Anyways thank-you for your insight. End of discussion.
 
S

Steve Riley [MSFT]

I don't normally repeat myself in these groups, nor chime in when the
discussion seems to be going in a bad direction. But I will do so here.
Is it so hard to implement such a stupid little feature?

No, it isn't hard at all to implement what you're asking for. But that isn't
the question to ask. The question is: does the feature actually increase
security? As opposed to simply making one "feel" more secure?

I'm glad, Richard, that you read my article. In it, I was pretty clear that
a "secret" ID plus a password is no more secure than a public ID plus a good
password. By good I mean a passphrase of 15-20 characters: think a simple
sentence. Something easy to remember and virtually impossible to attack.
Trying to hide a user ID (designed to be public) adds no more security; in
fact, it can weaken security because people who do this often choose very
weak passwords.

Security isn't achieved simply by the vendor adding features and the users
implementing them. Security is achieved by analyzing the risks and threats
of a particular environment, and applying appropriate policies, processes,
and technologies. Our obligation as the manufacturer of Windows is to
provide you with technologies that help you mitigate actual threats, based
on sound computer security science.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top