Password hints easily extracted from Windows 7, 8
Ars Technica:
The hints are available to anyone who has physical access to a targeted PC, as Microsoft makes clear during the configuration or modification of a Windows account. But until now, those hints provided no help to hackers who use a drive-by website exploit or other similar attack to extract only the underlying password hashes. And that’s where techniques like these come in. By revealing the password hint the user selected when creating the account, it could provide valuable clues such as “My favorite color” or “My first car” that make all the difference.
