Password Reset Disk Dilemma
Notice that the warning message in Figure 1 mentions a password reset disk. Users can use this disk to reset their passwords, even if they don't remember their old passwords.
For details on creating such a disk for a computer in a domain, check out Knowledge Base article Q306214. Instructions for creating such a disk for a standalone computer in a workgroup can be found in Q305478.
There are a couple of issues with the password reset disk that should be addressed. First, the whole idea of offering this feature is to provide security. Copying your secret keys to a floppy disk can definitely be risky. In addition, you need to have a different disk for every computer that you log onto. Keep in mind that Microsoft came up with this idea of copying your secret credentials to a FAT-based floppy disk so that you can be protected from offline attacks. But when it comes to protecting the disk from theft, the password reset disk is no different from writing your password on a piece of paper. Anyone who finds that piece of paper (or your password reset disk) will have complete access to your confidential encrypted data.
I should also point out that, according to Microsoft's documentation, you need to create the password reset disk only once for your account on any given computer. In other words, the password reset disk never needs to be updated, regardless of how many times you change your password. However, there have been some known issues with password reset disks in Windows XP, where it must be updated each time the user changes his/her password.