Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Does having a password on my Windows login keep me secure?

I use Windows 7 on two desktops and a laptop. Up until now, I have never
bothered using a password when logging on. But recently, I was cautioned to use
a Windows Logon password when I bought the laptop. The shop where I purchased
it said this was for security, in case someone took it. They also said the use
of a password on my home PCs would prevent malware from being automatically
installed should I inadvertently download something. Is this true? I ask
because a year ago, I tried to close a pop under ad using the red X button and
unknowingly installed malware. I now use Task Manager for such operations, but
the bad guys keep changing what they do, so that solution may someday no longer
work.

I’ll put it this way: the security provided by a Windows login password is
highly overrated.

It doesn’t protect you from many of the things that you’ve mentioned, and
it’s pretty darned easy to circumvent.

Yes, I use a password on my Windows 7 machines, but not for security
reasons. I use one because it’s required to make something I use frequently to
work.

You should probably have one too, but just be aware of what it gets you, and
especially what it doesn’t.

]]>

I’ll start with the gaping hole: if someone takes your laptop, they don’t need your password. Seriously. They can easily and surprisingly quickly set a new administrator password and then login or do whatever they please. I’ve written about the technique for this before: I’ve lost the password to my Windows Administrator account, how do I get it back?

“… having a password on your Windows login gets you exactly zero security should your computer be stolen.”

The lesson to be learned there is simple: having a password on your Windows login gets you exactly zero security should your computer be stolen.

Or put the way I usually put it: if your computer’s not physically secure, it’s not secure.

With that huge misconception out of the way, let’s look at what a Windows login password does get you.

Not much.

I look at it as a cheap padlock. It keeps honest people honest, perhaps prevents a few mistakes, but is not much of a deterrent to someone who’s really interested in breaking through.

I honestly don’t see how it slows down malware infections at all, since infections normally happen when you’re already logged in, using a password or not. About the only scenario that might be slightly impacted would be some malware that tries to gain administrative privileges – if there’s no administrator password, perhaps it could. But that scenario seems rare.

Login passwords are useful, and perhaps even required, for some things:

  • preventing unauthorized access to your files or file shares by other computers on your local area network

  • allowing access to your files or file shares by you, when using other computers on your local area network

  • remote desktop access requires that you have a login password on the account you’re using to access a machine remotely

That last reason is exactly why all my machines have passwords on my login account. And the second reason is why all those account names and passwords are identical across all my machines: it enables more transparent access of files across my local area network.

I do not password my Windows login for any serious security.

My security measures are more comprehensive, and to put it somewhat redundantly, more secure. Naturally, I use a firewall, have anti-malware software running, keep my software up to date, use common sense when surfing the net, and I make sure to encrypt sensitive data with tools like TrueCrypt.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

4 comments on “Does having a password on my Windows login keep me secure?”

  1. I recently found how easy it was to reset the password on Windows7. My father purchased a new 7 computer and before he could write down his password, he forgot it. I Googled it and found a place that would sell me the software to unlock 3 machines for 19 dollars. I paid the 19, burned the download to a disk and in 3 minutes had reset his password. I left the disk with him in case it happens again. I did not realize that it was that easy. Now we know.

    It needn’t cost any money either. As mentioned in the article you just commented on, this article of mine describes how to do it for free: I’ve lost the password to my Windows Administrator account, how do I get it back?

    Leo
    31-Mar-2010

    Reply
  2. The only time it’s useful is when you’re part of a network of other computers and that there are other people.

    You should have atleast a basic password on an account. This will atleast stop anyone from entering your computer via the network or from physically login to your computer. Also unlike Leo most people don’t have a clue as to what a firewall is.

    If you have children in the house and are concerned that they would destabilize your computer then have a password.

    People of technical know-how already know that having a passwordless system would jeopardize the system if your firewall or network security goes down.
    But as Leo says when the computer is stolen there is nothing that would protect it.

    Reply
  3. Windows passwords are not worth the Post-it notes you write them on. There are a number of readily available, perfectly legitimate tools that will find and remove passwords. I often use alternative Operating Systems like Linux Puppy or Ultimate Boot CD to retrieve gigabytes of data from Windows machines that have become infected or corrupted in some other way. Boot from either of these two options, and the security provided by your Windows password simply ceases to exist. Your Windows password protects you from honest people, but that’s about it.

    Reply
  4. Thanks Leo, that’s v useful and informative. I just rely on the W7 password to stop other people in the house using my machine. If it gets stolen I aren’t that bothered. My data is backed up and at another location, so even if the place burns down I’ve still got my i-Tunes !!!!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.