I forgot my own password, yikes!

T

Thomas Kufahl

I only protected my dirty pictures as an experiment, but I truly forgot my
password in a few hours, and wasn't careful enough to write it down. Has
anyone ever be as dumb as to forget their password? I'm trying to imagine
how one could retreive their own password. Do I have to give up and delete
the section? Can I even delete the section? Help! Thanks much!
Up the creek with no paddle!
 
R

RK Henry

I only protected my dirty pictures as an experiment, but I truly forgot my
password in a few hours, and wasn't careful enough to write it down. Has
anyone ever be as dumb as to forget their password? I'm trying to imagine
how one could retreive their own password. Do I have to give up and delete
the section? Can I even delete the section? Help! Thanks much!
Up the creek with no paddle!
Click to expand...

I've been curious about this too. I haven't forgotten a password, but
I have been a little concerned about how strong the password
protection is. I did a Google search and found this:
http://www.1000files.com/Utilities/Security_and_Encryption/OneNote_Password_17846_Review.html

There's a downloadable demo that can find passwords of 3 characters. I
created a 3-character nonsense word password for a password protected
test section I created for the purpose. The demo did indeed find the
password in a few seconds. That's a little disturbing.

Spending money to remedy a poor memory is one thing. What worries me
is if my notebook is stolen, how secure is my OneNote data? If I
encrypt the OneNote files using Windows XP encryption feature, how
much more security does that offer? Then the bad guys have to be able
to figure out my login password before they can start working on my
OneNote password.

I guess if I had something really sensitive in my notes, I need to
take more extreme measures to encrypt the note files.

RK Henry
 
R

Rainald Taesler

... What worries me is if my notebook is stolen,
how secure is my OneNote data?
Click to expand...

Wrong approach, IMHO.
Protect the *NOTEBOOK* and it's *HDD*, not the files.

a) Use a PowerOn password.
b) Protecting the HDD with a DriveLock is crucial.

Protecting *files* is only a way to protect one's privacy in a network
environment.

Rainald
 
A

Amos Soma

If your password is only three characters long, expect it to get hacked. All
my passwords are at least eight characters with at least one punctuation
character and one numeric.

Amos.
 
T

Thomas Kufahl

Hi, hi, I fear my question is getting lost in the activity. I'm still
hoping that there is a way for me to find my password... Just me alone on
this computer, I was only experimenting. Maybe my poor brain will remember,
but, still, what happens if you loose or forget a password. Will I have to
pay for my stupidity by deleting the section? CAN I even delete it? I'm
glad my lifeline isn't in it, although my porn is, hehe.
 
R

RK Henry

Well, of course, the demo only does 3-character passwords so I
intentionally created a OneNote section and protected it with a
3-character password in order to evaluate the demo. To buy the full
program that can find longer passwords is $39 dollars. It would, of
course, be cheaper to just remember the password (a strong password)
but I suppose that if one had lost the password to valuable notes then
it might be worth the money..

That a simple brute-force attack on even a 3-character password is so
effective is disturbing. I wonder if the program should somehow lock
out repeated attempts and/or notify someone. Of course, this may be
asking too much of an application like OneNote. Obviously, password
protection in OneNote has to be considered to be about as effective as
the lock on an old-fashioned diary that can be defeated with a bent
paper clip. More sensitive notes should be protected by more powerful
techniques, or protection in depth. OneNote is definitely no bank
vault.

RK Henry
 
E

Erik Sojka (MVP)

I think the previous poster was trying a 3-char password as part of the
testing of the limited version of the PW cracking tool. He wasn't
suggesting that a 3-character password was sufficient.
 
E

Erik Sojka (MVP)

Unless you find a utility which can brute force the password (like the
one mentioned elsewhere in the thread - is your pr0n worth $40?) then
deleting the *.ONE file is the only way to go. That at least prevents
someone else from finding your stash.

Also as mentioned in this thread - use the other layers of protection
available to you on Windows (EFS, strong Windows/domain password, etc.)
and you shouldn't need to rely on OneNote's protection.

/What kind of Note Flags do you use for pr0n? ;)

=?Utf-8?B?VGhvbWFzIEt1ZmFobA==?=
 
Top