I really like my Ironkey Windows to Go (WTG) drives. In fact, I like them so much I carry two of them – a W300 (software encrypted with BitLocker) that is domain-joined to one of my clients’ domains, which I use full-time since my corporate laptop went for a swim, and a W500 (hardware encrypted) that I use for everything else – it is joined to my Azure Active Directory domain (garvis.ca) and has all of my critical software installed, including such tools as my file recovery tools (Windows 10: Where are my files?), but also everything I might want to use day to day.
Like any responsible computer user I change my passwords on a semi-regular basis (Passwords: Beware). Now that Windows allows you to tie your local account to your Microsoft account it is easier for me to do, because once I change that password, it automatically changes on all of my devices… or does it?
Last week I remembered (painfully) that it does not. A disconnected device will not change the password until it logs on to the Internet (at which point, similar to domain joined computers, it will inform you that your credentials are out of date, and it will ask you to lock your computer and then enter your new credentials).
While I use my personal Windows to Go key on a fairly regular basis, sometimes I go longer periods without doing so. This incident tells of a ‘perfect storm’ of things going wrong to lock me out… for days.
While I use my corporate key nearly every day to work at my office, my personal key is a ‘just in case’ tool… most of the time I have my personal device with me. Most of the time my Ironkey W500 sits in my pocket waiting for me to be somewhere that I really need my stuff… an Internet cafe, for example. In fact, as I sit here thinking about it, I might not have logged on to it since I was in Japan (and I left Japan December 1st, 2015).
The other day I needed to use it… Probably on or about January 29th, or about two months after I left Japan. I was trying to use it to recover files I had accidentally deleted from an older computer. I brought the computer to my office and booted up. I got past the hardware encryption without a problem – that password I knew. However when it came to logging on to Windows, I was stopped. ‘Incorrect Password.’ No, that is the right password… maybe I mistyped it. I typed it again. Same result. I typed it two-fingered and very slowly…. nothing doing.
Wait… I have two different accounts with the same username… I know they have different passwords. Let’s try the other one. ‘Incorrect Password.’ Crap… Houston, we have a problem.
By this time, I know there is something wrong. Of course, I changed my password shortly after returning from Japan, so I wonder if that might be the issue? Of course, there’s a problem… I don’t remember what my old password was.
By now, I have tried my password too many times, and I am locked out… and to add insult to injury, the computer I was using did not have access to the Internet. The problem would have to be resolved elsewhere.. on a computer with access to the Internet, on which I had already used the WTG key (so that the network drivers would have been applied).
The next day I went to my other office, and plugged the W500 into my old Lenovo ThinkPad. I was a little scared when it booted twice into the Encryption screen, but then I remembered that only one of the device’s USB ports retained power during a reboot. I changed port, entered my password, and… It worked. PHEW!
So what is the lesson learned? When you change your password, remember to log on to all of your devices at least once before forgetting the old password!