Windows 10: How does windows store User PIN data on both local and server and is it really secure?

Discus and support How does windows store User PIN data on both local and server and is it really secure? in AntiVirus, Firewalls and System Security to solve the problem; ※ This post has been moved (in English) I've read Why a PIN is better than a password. According to this document, PIN is used to retrieve a private... Discussion in 'AntiVirus, Firewalls and System Security' started by TeddyJJ, Aug 7, 2019.

  1. TeddyJJ Win User

    How does windows store User PIN data on both local and server and is it really secure?


    ※ This post has been moved (in English)


    I've read Why a PIN is better than a password. According to this document, PIN is used to retrieve a private key stored in TPM. This private key could be acquired only by the PIN that User registered with using password(You know when registering, you have to enter user password). The private key is used to authenticating User Window Logon.

    So It seems that PIN is not related to user password, and surely though someone knows the PIN, he must be unable to get plain user passwords.

    However I was able to restore plain user password with my PIN. It took less than 0.1 seconds to restore my password.

    I used passcape's Windows Password Recovery Tool. https://www.passcape.com/windows_password_recovery


    Could you explain how is it possible?


    I Checked HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin\Credentials\S-1-5-21-xxx in registry and found a EncryptedPassword. There are no documents about how PIN is stored and used when logon windows desktop so I couldn't figure out what encryptedPassoword was.


    Is it the User Password?


    Additionally, if my PC doesn't support TPM, where does Private Key stored on My PC.

    I'd like to know full work flow of PIN registration and authentication.

    :)
     
    TeddyJJ, Aug 7, 2019
    #1
  2. btarunr Win User

    Blizzard Servers Hacked, User Data Compromised

    Online gaming giant Blizzard Entertainment reported unauthorized access to its servers. The security breach was detected earlier this week, and the company claims that the hackers may have accessed user data such as e-mail addresses of Battle.net users, their personal security questions, and information related to mobile and dial-in authentications.

    Blizzard claims that the information compromised is not enough for anyone to gain access to the Battle.net accounts, and that there was no evidence to suggest that more vital bits of user data, such as real names, credit card information, or billing addresses were accessed. Users' Battle.net passwords, which are cryptographically-scrambled, may have been accessed. Since SRP (secure remote protocol) is used to protect the passwords, it is extremely difficult to unscramble them. Blizzard strongly recommends users to change their passwords as investigations into the security breach are on.

    Source: Shack News
     
    btarunr, Aug 7, 2019
    #2
  3. Brink Win User
    Getting started storing app data locally


    Read more: Getting started storing app data locally | Building Apps for Windows
     
    Brink, Aug 7, 2019
    #3
  4. How does windows store User PIN data on both local and server and is it really secure?

    Securing Windows 2000/XP/Server 2003 services HOW TO

    This is all i could save. I dont know if people can see what I can in the Wiki, but I got this article the others he deleted b4 he posted them in the wiki and i dont have the powers even in my sections to bring them back...perhaps a back up but Im not sure we have one ill go see. He did a damn good job at making sure nothing of his existed after he left...Im at school but when i get home ill email him and see if i can get him back im not done fighting yet.-Solaris17




    Securing Windows 2000/XP/Server 2003 services HOW TO
    I went at ALL of the services in Windows Server 2003 (some will not be in XP for instance, & Windows 2000 has no NETWORK SERVICE or LOCAL SERVICE as far as I know, but not sure, you can always make a limited privelege user too for this on 2000 if needed)...

    I did testing to see which services could be run/logged in as LOCAL SERVICE, or NETWORK SERVICE, rather than the default of LOCAL SYSTEM (which means Operating System entity level privileges - which CAN be "misused" by various spyware/malware/virus exploits).


    LOCAL SERVICE startable list (vs. LocalSystem Logon Default):


    --------------------------------------------------------------------------------

    Acronis Scheduler 2 Service
    Alerter (needs Workstation Service Running)
    COM+ System Application
    GHOST
    Indexing Service
    NVIDIA Display Driver Service
    Office Source Engine
    O&O Clever Cache
    Remote Registry
    Sandra Service
    Sandra Data Service
    SmartCard
    Tcp/IP NetBIOS Helper
    Telnet
    UserProfile Hive Cleanup Service
    Volume Shadowing Service
    Windows UserMode Drivers
    Windows Image Acquisition
    WinHTTP Proxy AutoDiscovery Service
    NETWORK SERVICE startable list (vs. LocalSystem Logon Default):


    --------------------------------------------------------------------------------

    ASP.NET State Service
    Application Layer Gateway
    Clipbook (needs Network DDE & Network DDE DSDM)
    Microsoft Shadow Copy Provider
    Executive Software Undelete
    DNS Client
    DHCP Client
    Error Reporting
    FileZilla Server
    Machine Debug Manager
    Merger
    NetMeeting Remote Desktop Sharing Service
    Network DDE
    Network DDE DSDM
    PDEngine (Raxco PerfectDisk)
    Performance Logs & Alerts
    RPC
    Remote Desktop Help Session Manager Service
    Remote Packet Capture Protocol v.0 (experimental MS service)
    Resultant Set of Policies Provider
    SAV Roam
    Symantec LiveUpdate
    Visual Studio 2005 Remote Debug
    PLEASE NOTE: Each service uses a BLANK password when reassigning their logon entity (when you change it from the default of LOCAL SYSTEM Account), because they use SID's as far as I know, not standard passwords.


    --------------------------------------------------------------------------------

    WHEN YOU TEST THIS, AFTER RESETTING THE LOGON USER ENTITY EACH SERVICE USES: Just run your system awhile, & if say, Norton Antivirus refuses to update, or run right? You KNOW you set it wrong... say, if one you test that I do NOT list won't run as LOCAL SERVICE? Try NETWORK SERVICE instead... if that fails? YOU ARE STUCK USING LOCAL SYSTEM!

    If you cannot operate properly while changing the security logon entity context of a service (should NOT happen w/ 3rd party services, & this article shows you which ones can be altered safely)?

    Boot to "Safe Mode", & reset that service's logon entity back to LOCAL SYSTEM again & accept it cannot do this security technique is all... it DOES happen!

    If that fails? There are commands in the "Recovery Console" (installed from your Windows installation CD as a bootup option while in Windows using this commandline -> D:\i386\winnt32.exe /cmdcons, where D is your CD-Rom driveletter (substitute in your dvd/cd driveletter for D of course)) of:

    ListSvc (shows services & drivers states of stopped or started)

    Enable (starts up a service &/or driver)

    Disable (stops a server &/or driver)

    Which can turn them back on if/when needed

    Last edited by APK on 03/04/2007
    I.E. -> I removed Telephony, Symantec AntiVirus, & Virtual Disk Service!

    (ON Virtual Disk Service being removed, specifically: This was done solely because, although it will run as LOCAL SERVICE, diskmgmt.msc will not be able to work! Even though the Logical Disk Manager service does not list VirtualDisk as a dependency, this occurs, so VirtualDisk service was pulled from BOTH the LOCAL SERVICE and NETWORK SERVICE lists here... apk)

    SECURING SERVICES @ THE ACL LEVEL VIA A SECURITY POLICY HOW-TO:

    STEP #1: CONFIGURE A CUSTOM Microsoft Management Console for this!

    Configuring yourself a "CUSTOM MMC.EXE (Microsoft Mgt. Console)" setup for security policy templates, here is how (these are NOT default Computer Mgt. tools, so you have to do this yourself, or run them by themselves, but this makes working w/ them convenient):

    ===============================================================
    The next part's per BelArcGuy of BELARC ADVISOR's advice (pun intended):
    ==============================================
    Anyone want to try a test CompletelyBonkers (new user here) turned me onto?

    ==============================================
    "Security Configuration and Analysis" is an MMC snap-in. To access the MMC, type in mmc to the Windows Run.. command to pop up the console. Then use it's File|Add/Remove Snap-in... command and click the Add button on the resulting dialog. Choose both "Security Configuration and Analysis" and "Security Templates", close that dialog, and OK. You'll end up with a management console that has both of those snap-ins enabled. The whole MMC mechanism is a bit weird, but does work"

    (It's easy, & it works, & is necessary for the actual steps to do this, below)


    --------------------------------------------------------------------------------

    (Next, is the actual "meat" of what we need to do, per Microsoft, to set ACLs)


    --------------------------------------------------------------------------------

    STEP #2: HOW TO: Define Security Templates By Using the Security Templates Snap-In in Windows Server 2003

    http://support.microsoft.com/kb/816297

    Create and Define a New Security Template

    (To define a new security template, follow these steps)

    1. In the console tree, expand Security Templates. 2. Right-click %SystemRoot%\Security\Templates, and then click New Template. 3. In the Template name box, type a name for the new template.

    (If you want, you can type a description in the Description box, and then click OK)

    The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.

    1. To define a System Services policy, follow these steps: a. Expand System Services. b. In the right pane, double-click the service that you want to configure. c. Specify the options that you want, and then click OK.

    ==============================================
    )
    APK (added 03/08/2007)
     
    Alec§taar, Aug 7, 2019
    #4
Thema:

How does windows store User PIN data on both local and server and is it really secure?

Loading...
  1. How does windows store User PIN data on both local and server and is it really secure? - Similar Threads - does store User

  2. Does DNS server need to be changed in both router and adapter?

    in Windows 10 Network and Sharing
    Does DNS server need to be changed in both router and adapter?: So I'm a Verizon FIOS Quantum subscriber. I can easily change to Google's DNS in the Ethernet network adapter, but need I change it in the G-1100 router also? 126467
  3. Can both computers have a PIN and share data on private network?

    in Windows 10 Network and Sharing
    Can both computers have a PIN and share data on private network?: I have 2 laptops and want to share data between them. They are both w10 1803. Can I use a PIN on both and share data or does one need to have a password set? Also when I right click a folder I don't see a SHARE option. Am I going nuts? 125614
  4. how to change a user from local user

    in Windows 10 Network and Sharing
    how to change a user from local user: How the heck do I change a user account(admin type) from being a local user, when I need to log into a network? https://answers.microsoft.com/en-us/windows/forum/all/how-to-change-a-user-from-local-user/5cf90880-2c4d-4c06-9baa-c0dc5b894dbf
  5. local server drives not available on new user

    in Windows 10 Network and Sharing
    local server drives not available on new user: I created a new user for myself, but I frequently need access to our local online drives. with the new user I don't see them in my file explorer. on the old user they are still there. How do I get access to them on the new one?[ATTACH] Old user[ATTACH] New user...
  6. does this really work

    in AntiVirus, Firewalls and System Security
    does this really work: I have never used this for virus protection , how well does it work https://answers.microsoft.com/en-us/protect/forum/all/does-this-really-work/39f1da23-179f-4546-8b5e-df5ae03a5715
  7. Local DNS Server

    in Windows 10 Network and Sharing
    Local DNS Server: HI, i am using TWO Diff Forest Dcs. One is pow.com another is bloom.com. both are same network and each DC hase its own DNS servers. For all my users using pow.com domain and DNS server as primary. bloom.com is my DEV servers DC. in this domain one server having IIS...
  8. Host FTP server on both

    in Windows 10 Network and Sharing
    Host FTP server on both: I am thinking of making a dedicated FTP server to access files from anywhere, but on one computer it would be important that it still has access to the server, even when Internet connection is down. I know that I can connect the server PC to the PC that needs access with a...
  9. Getting started storing app data locally

    in Windows 10 News
    Getting started storing app data locally: When thinking about your app data, one aspect to consider is data lifetime. In general, when it comes to the lifetime of data, you have two options: local data, which exists as long as the app that created it remains installed, and roaming data, that will continue existing...
  10. Possible to access data no longer stored in AppData/Local/Temp?

    in Windows 10 Support
    Possible to access data no longer stored in AppData/Local/Temp?: A few months ago I downloaded data somewhere and it was stored in C:/Users//AppData/Local/Temp. However it is no longer there as only files up to a few months ago are listed there. Is there any way at all I can access data stored there prior to a few months ago? 30860