I had an interesting computer problem recently. I was with my friend, and she was trying to login to an old laptop. Since she hadn’t used it for many years, she forgot the password. She attempted multiple different passwords but was unable to get logged in.
At this point my HIPAA brain gets turned on. We were able to attempt an unlimited number of password attempts. Although we didn’t guess the password, someone with malicious intent trying to get into a computer with sensitive information would have more patience or a cracking tool to eventually get the correct password.
We didn’t get the password, but being familiar with computers, I was aware there are ways to get around the password system. A brief google search brought us to a page with instructions on how to reset the administrator password on the computer without the actual password. It was as simple as restarting the computer and using Command Prompt (Windows) or Terminal (Mac) to reset or remove the password.
This doesn’t mean that passwords are useless, it means we need to recognize to what extent computer passwords can protect us. To really protect your data, you should get your drives encrypted.
When your drive is encrypted, before you get to that Windows or Apple login screen you need to enter a password or key to decrypt the data. (While the drive is encrypted, your data will appear as random sequences of nonsense. Only when it is decrypted does the data make sense.) Therefore, you will not be able to get to these password workarounds until your computer is decrypted.
Takeaways:
- •Passwords are important security tools but have their limitations
- •Computers should be set up with a login disable count to prevent unlimited attempts
- •Get the drives on your computers encrypted
For more information on how to improve your computer security and to get started on a HIPAA Security Program in your office please reach out to TLD Systems at info@tldsystems.com or call us at (631) 403 6687.
Read Comments