Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

7 comments on “Is a Password-protected Windows Login Secure?”

  1. I recently found how easy it was to reset the password on Windows7. My father purchased a new 7 computer and before he could write down his password, he forgot it. I Googled it and found a place that would sell me the software to unlock 3 machines for 19 dollars. I paid the 19, burned the download to a disk and in 3 minutes had reset his password. I left the disk with him in case it happens again. I did not realize that it was that easy. Now we know.

    It needn’t cost any money either. As mentioned in the article you just commented on, this article of mine describes how to do it for free: I’ve lost the password to my Windows Administrator account, how do I get it back?


  2. The only time it’s useful is when you’re part of a network of other computers and that there are other people.

    You should have atleast a basic password on an account. This will atleast stop anyone from entering your computer via the network or from physically login to your computer. Also unlike Leo most people don’t have a clue as to what a firewall is.

    If you have children in the house and are concerned that they would destabilize your computer then have a password.

    People of technical know-how already know that having a passwordless system would jeopardize the system if your firewall or network security goes down.
    But as Leo says when the computer is stolen there is nothing that would protect it.

  3. Windows passwords are not worth the Post-it notes you write them on. There are a number of readily available, perfectly legitimate tools that will find and remove passwords. I often use alternative Operating Systems like Linux Puppy or Ultimate Boot CD to retrieve gigabytes of data from Windows machines that have become infected or corrupted in some other way. Boot from either of these two options, and the security provided by your Windows password simply ceases to exist. Your Windows password protects you from honest people, but that’s about it.

  4. Thanks Leo, that’s v useful and informative. I just rely on the W7 password to stop other people in the house using my machine. If it gets stolen I aren’t that bothered. My data is backed up and at another location, so even if the place burns down I’ve still got my i-Tunes !!!!

  5. Bitlocker only works on Professional versions of Windows and not the home version I believe most people reading this article are using. You can use Veracrypt for whole disk encryption. It’s absolutely free for all usage including commercial use.

    There are Veracrypt versions available for Mac and Linux.

  6. There are a few things I do to make my computer physically more secure. I have a Microsoft account, but I have made it password-less so there is no password to hack. I use Windows Hello with a fingerprint scanner for logins (and a locally stored pin in the event something goes wrong with the fingerprint scanner). I have BitLocker encrypted all the Windows partitions on my PCs. I have enabled password protection for access to my UEFI system (also locally stored) using a passphrase I will never forget.

    You may be able to steal my computer(s), but you will never be able to steal my data, at least you will not be able to access it on the hard drive. My laptops are configured to lock the screen after five minutes or when the lid is closed, and I close the lid when I’m not actively using my laptops. If you get my desktop, it will have to be powered down for you to take it. You will never get back into it after you power it up again, at least not without my passphrase to access my UEFI, or my fingerprint/pin to log in. Even if you put my drive(s) on another computer, since they are encrypted, you will get nothing. In a worst-case scenario, you (the thief) will waste a lot of time, effort, and risk to get nothing more than the hardware.

    Windows stores its activation code somewhere on my computer so when/if I do a clean install, Windows will be ‘automatically’ activated afterwards. I would like it if Microsoft required that the same Microsoft account be used, or a valid activation code be entered for activation to succeed. Then, a thief would not be able to do a clean install of Windows and use or sell my PC unless (s)he had a valid activation code (not an impossibility, but then at least it would cost the thief something).

    I have enabled 2FA on all my accounts that support it using Microsoft Authenticator. I use Windows Defender as my antimalware suit. Currently, it is rated among the best antimalware apps None of these will make my computers impervious to intrusion or theft but doing them and remaining very skeptical on the Internet may make me and my computers a hard enough target that the bad guys will move on to easier pickings. I can only hope,



Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.