I use Windows 7 on two desktops and a laptop. Up until now, I have never
bothered using a password when logging on. But recently, I was cautioned to use
a Windows Logon password when I bought the laptop. The shop where I purchased
it said this was for security, in case someone took it. They also said the use
of a password on my home PCs would prevent malware from being automatically
installed should I inadvertently download something. Is this true? I ask
because a year ago, I tried to close a pop under ad using the red X button and
unknowingly installed malware. I now use Task Manager for such operations, but
the bad guys keep changing what they do, so that solution may someday no longer
I’ll put it this way: the security provided by a Windows login password is
It doesn’t protect you from many of the things that you’ve mentioned, and
it’s pretty darned easy to circumvent.
Yes, I use a password on my Windows 7 machines, but not for security
reasons. I use one because it’s required to make something I use frequently to
You should probably have one too, but just be aware of what it gets you, and
especially what it doesn’t.
I’ll start with the gaping hole: if someone takes your laptop, they don’t need your password. Seriously. They can easily and surprisingly quickly set a new administrator password and then login or do whatever they please. I’ve written about the technique for this before: I’ve lost the password to my Windows Administrator account, how do I get it back?
The lesson to be learned there is simple: having a password on your Windows login gets you exactly zero security should your computer be stolen.
Or put the way I usually put it: if your computer’s not physically secure, it’s not secure.
With that huge misconception out of the way, let’s look at what a Windows login password does get you.
I look at it as a cheap padlock. It keeps honest people honest, perhaps prevents a few mistakes, but is not much of a deterrent to someone who’s really interested in breaking through.
I honestly don’t see how it slows down malware infections at all, since infections normally happen when you’re already logged in, using a password or not. About the only scenario that might be slightly impacted would be some malware that tries to gain administrative privileges – if there’s no administrator password, perhaps it could. But that scenario seems rare.
Login passwords are useful, and perhaps even required, for some things:
preventing unauthorized access to your files or file shares by other computers on your local area network
allowing access to your files or file shares by you, when using other computers on your local area network
remote desktop access requires that you have a login password on the account you’re using to access a machine remotely
That last reason is exactly why all my machines have passwords on my login account. And the second reason is why all those account names and passwords are identical across all my machines: it enables more transparent access of files across my local area network.
I do not password my Windows login for any serious security.
My security measures are more comprehensive, and to put it somewhat redundantly, more secure. Naturally, I use a firewall, have anti-malware software running, keep my software up to date, use common sense when surfing the net, and I make sure to encrypt sensitive data with tools like TrueCrypt.