14 DAY TRIAL // As we have already told you some time ago, the new built-in Windows 8 security features may actually expose users’ accounts passwords, as all the data is apparently stored in plain text.
Russia-based Passcape Software says it has already developed software solutions capable of restoring Windows 8 logon passwords, but Microsoft reacted pretty quickly and denied every single report, claiming that its new OS doesn’t store any critical information in plain text.
Security experts however warn that Windows 8’s picture-based password and the four-digit personal identification number rely on an encryption algorithm that could be reverted and used to convert all passwords to plain text.
While stealing the password from a user account isn’t such a disaster if you don’t have any vital information on the protected computer, the same password could be then used for hacking other accounts.
“The single biggest risk I see is the likelihood of password reuse because people are really bad about choosing good passwords and they tend to reuse what they have over and over again,” security researcher Adam Caudill told ArsTechnica.
“You can use this in a targeted attack against a person and take the knowledge that you gain there to pivot... attacking online services, anything from Dropbox accounts to Facebook. There's a fairly decent chance they're going to use the same password or a very similar password.”
Microsoft told us in a statement earlier this month that Windows 8 is actually a very secure working environment and it doesn’t store any password in plain text.
“Microsoft treats the privacy of our users and their data as a top priority. There are many things we do here, and as part of that, of course we don’t store passwords in plaintext. Moreover, we make huge investments in preventing hackers from accessing your data in the first place,” the Microsoft spokesperson said.