Sign in with
Sign up | Sign in
Your question

How to change "Invalid Login Messages"

Last response: in Windows XP
Share
Anonymous
a b 8 Security
April 29, 2005 12:38:01 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,

Can anyone tell me how, if it is possilbe, to change the message displayed
to the user when he logs in incorrectly? For example, when a user enters
the wrong password he gets the message: "The Password is Incorrect. Type the
Pas..... ".
I want to change this message to only display something like "Invalid Logon
Attempt". So that the user, who might be a hacker trying to break into an
account, will not know if he got only the user-id wrong or the password wrong
or both.

Thanks for any help regarding this. I think its a security issue when the
operating system gives hints that the username is correct and only the
password is wrong.

Thanks again.
Anonymous
a b 8 Security
April 29, 2005 4:14:27 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"fjalbuena" <fjalbuena@discussions.microsoft.com> wrote in message
news:84EE6E58-0724-497B-94AF-C51FC683A660@microsoft.com...
> Hi,
>
> Can anyone tell me how, if it is possilbe, to change the message displayed
> to the user when he logs in incorrectly? For example, when a user enters
> the wrong password he gets the message: "The Password is Incorrect. Type
> the
> Pas..... ".
> I want to change this message to only display something like "Invalid
> Logon
> Attempt". So that the user, who might be a hacker trying to break into an
> account, will not know if he got only the user-id wrong or the password
> wrong
> or both.
>
> Thanks for any help regarding this. I think its a security issue when the
> operating system gives hints that the username is correct and only the
> password is wrong.
>
> Thanks again.

Hmm on my PC (XP Pro) it gives the exact same error message "The system
could not log you on. Verify that the user name and password are
correct..." for incorrect usernames and incorrect passwords.

Basically the message tells you that you were not authenticated and doesn't
tell you the reason. In other words, it does exactly what you want.

You're using XP Pro? Maybe Home Edition gives more details (emphasis more
on home user ease-of-use than security) but I've never noticed that.


--
Colin Nash
Microsoft MVP
Windows Shell/User
!