Re: Effect of changing passwords

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

pballard@xxxxxxxxxxxxxx wrote:
"that user will lose all personal certificates, and stored passwords
for Web sites or network resources."
1. What does that mean? Does it mean it deletes any cookies they have?
[...]Will it affect (e.g.) accumulated points on neopets.com?

I can't imagine any website keeping any data that could be used
competitively in cookies. It's all but certain they keep that on their
servers, so nobody has the chance to just grant themselves a better record.

And anyway, no, it won't delete cookies. Just passwords.

The cached passwords are also not insurmountable: that's (a) just part of the punishment you're visiting on the kids, that they have to remember all that stuff and put it back in, which they'll probably
dread as much as if not more than any time away, and (b) good training
for them, to start backing up and securing personal data. I think everyone should have a thumb drive, they're dirt cheap.

What the message is really warning you about is the loss of
Windows-managed digital certificates, which are used for securely
signing and encrypting things like email and personal files. It's very
unlikely that your kids have any; you have to know what they are and go
get them for yourself (very unlike cookies).

2. Why is it like this? Why does changing the password do more than
just change the password?

Unless Microsoft are lying about how they protect those certificates,
which only the truly paranoid will even consider, nobody on the planet knows how to get at those certificates without your password. That means not even the people who wrote Windows.

That's a good thing.

Windows uses those certificates, at user request, to encrypt personal
files, so that no one else can read them, and to sign email, to prevent impersonation. They work. They work well. Like the PGP tools and their kin, nobody on the planet believes anybody knows a way to crack that encryption without getting the certificate (known everywhere else as a private key). Password -> certificate -> private data. Private means private.

But tying the keys to the user's signon password is in my opinion
actually too great a convenience for personal use. I much prefer the
separate-keychain approach, because it makes it clear that the user's
really private data are not tied to their Windows identity.

For personal use, I think it's important to emphasize that, and
Microsoft don't.

You can do it, though: If you or your children do have digital ID's,
start at
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_cmimportexport.mspx
(if that url breaks up and you can't fix it, go to technet.microsoft.com
and search for "export certificates" and be prepared to do some studying
and link-chasing. It's possible to make the wrong choice when
exporting: you want the strong-protection export style.

It's important to learn about certificate export, because until you
understand it, those keys aren't really yours; they belong to Windows.

Once you have done that, if someone changes your password you can still
get the keys back by re-importing your original certificates, and you
can transport your digital identity across computers and to different
systems; the exports are in a worldwide-standard format not tied to any
vendor.

And, by the way, this is why you want to keep your system secure against malware and why you want a good password: if you do, you really can trust your Windows box with your secrets. Until you do, you really can't.

By the way, a last note: the truly paranoid will not trust anything but open source systems with their keys. I think that level of paranoia is unjustified for personal use, but they do have a point I think marginally valid: for those who cannot trust their governments -- and such places do exist -- such paranoia *is* justified. And why learn two sets of tools? It's something to think about, and I think that has to be a personal choice, offered, and explained, but not recommended.

Sorry for the long answer, but I think any less would be a disservice.

hth,
Jim

.

Relevant Pages

  • Re: Effect of changing passwords
    ... actually have sourced some certificates et al, and I doubt it, ... That means not even the people who wrote Windows. ... But tying the keys to the user's signon password is in my ... a last note: the truly paranoid will not trust ...
    (microsoft.public.windowsxp.newusers)
  • Re: Roaming Certificates
    ... I am not aware of a solution that would work for both windows 2000 and nt ... machines. ... > there a way to get your certificate and keys sent to you ... NTuser.dat doesnt include Certificates and keys ...
    (microsoft.public.win2000.security)
  • renew certificates in Win2K
    ... certificates with same/new keys in Windows 2000. ... Is there anyone who knows the API/COM interface that can ...
    (microsoft.public.platformsdk.security)
  • [NT] Windows File Protection Arbitrary Certificate Chain Vulnerability
    ... Beyond Security would like to welcome Tiscali World Online ... Windows File Protection will trust any digital signature whose certificate ... chain is rooted at any one of the Trusted Root Certification Authorities. ... chains but also as valid Root CA's for code signing certificates. ...
    (Securiteam)
  • Re: PKI: the end
    ... that one of the keys is consistently kept private and the other ... How does PKI infer 3-factor? ... What's with the "business process" terminology? ... > case of domain name SSL certificates, ...
    (sci.crypt)