[SOLVED] Are good passwords really required for a home desktop system?

[sarlacii]

Something that everyone has ignored is the fact that if you have physical access to the PC you can always force a single user boot from the boot manager, and then change the root password to whatever you want.

So a good, complicated password is only vital, IMHO, if you have a PC that is not firewalled, and/or has ports open to the net at large.

If you want to store data securely, then realying on your login is not a good idea at all... rather use a proper encryption option like gnupg or similar, or even better, Truecrypt (which creates and mounts encrypted partitions/files). Truecrypt encrypts data on the fly, and - depending on the algorithm that you select - can do so fast enough that you will not notice a drop in HDD access speed (I use two-fish which clocks at 59Mb/s on my somewhat outdated P4 3GHz (hyper-threading) and over 100Mb/s on my core2 duo laptop at work).

[Jonathan183]

I suspect quite a few home desktop users have a machine which is physically reasonably secure ... if someone breaks into my house the last thing I am worried about is security of PC data!

I guess everyone so far has assumed this means the PC is physically secure ...

Something that everyone has ignored is the fact that if you have physical access to the PC you can always force a single user boot from the boot manager, and then change the root password to whatever you want.

So a good, complicated password is only vital, IMHO, if you have a PC that is not firewalled, and/or has ports open to the net at large.

But in this instance if local login only is permitted how does a good password help?

If you want to store data securely, then realying on your login is not a good idea at all... rather use a proper encryption option like gnupg or similar, or even better, Truecrypt (which creates and mounts encrypted partitions/files)

Don't you just end up with another password? If you protect a partition then once you have it mounted doesn't that give access to all data anyway?
I was thinking encryption only really slows down access to data when physical access is obtained ...

[jayd512]

But the file you cannot safely secure especially windows OS.

Beg pardon? What do you mean?

[i92guboj]

If you have physical access the only thing that can work is encryption as you say, and only if the attacker doesn't work in the NASA and doesn't have a cluster to break it. You don't even need to login or change the password, just take the HD and put it into an external case and you got access to everything. So if that's the case, the whole thread is moot.

However, for the regular user:

Something that everyone has ignored is the fact that if you have physical access to the PC you can always force a single user boot from the boot manager, and then change the root password to whatever you want.

Grub can be protected with a md5 hashed password, so you will not be able to edit the kernel boot line. Hence, single user mode is discarded. Boot from cd can be disabled as well, and the bios can also be protected in an -usually- weak way. Again if you can open the case you can just rip off the battery and the password is gone.

In general, passwords that you have to write yourself are never secure. And are just a minor annoyance, designed so you can go to the wc without your children screwing whatever you were doing. Provided enough time and physical access only encryption can help.