TR Forums

I'm having a hard time finding the answer to this question using google searches. Basically, the title says it all. Does not setting a password to log on to Windows make you vulnerable to security attacks? I typically don't set passwords on my desktop machines that stay in my house at all times. I do set passwords on my portable devices though.

As long as you don't store any sensitive information on your machine, it's not that big a deal. But you should probably set a password anyway. And if you are storing sensitive info on your machine, you not only need a password but some drive encryption as well.

My rule of thumb:

Desktop: No password.
Laptop: Password.
Work Computer: Password.

For outside hackers gaining access to your system, it's not going to make any difference: typically those attacks are vectored through software you install (mistakenly, inadvertently, or unknowningly) and of course that installation happens after you're already logged in. So it doesn't really have any impact on remote access.

The Windows password (as far as the local machine is concerned -- ie, assuming you're not actually logging into a domain, etc) is essentially intended to keep other local users out. If you're the only person who's going to sit down at that machine -- and it's not a laptop that might wander away -- your security isn't affected in any practical way by not having a password. However, if other users might use your machine, they should each have accounts and everybody should have passwords. And if other people might have access to your machine when you're not around -- roommates, friends of roommates, kids, etc -- you definitely want to have a good password. (Of course this only protects you from casual exploits / bad behavior like logging onto your facebook account and posting something unfortunate, or visiting questionable websites, etc: if someone has physical access to your machine, they effectively have access to everything on that machine including any sensitive data and any logins you might have stored there, which is where drive encryption and other techniques start to matter, though physical access by untrusted actors is problematic even for the most security-conscious organizations).

I set a password on my account even for systems at home. Bottom line is, I'm fairly confident that *I* practice "safe computing", but I don't necessarily trust everyone else in the household to do the same. Unless there's nobody else on your LAN (and how secure is your WiFi? maybe your neighbors are effectively on your LAN too...), or you've got file sharing (and any other services which could give someone else access over the network) disabled, you really should have a password.

To answer a few questions:
1) I don't feel as if anything on my computers would be particularly sensitive data. I keep paper and electronic copies of finance-related things locked in safes. I also keep computer backups on an external hdd.
2) It's only myself and the misses on our network. Obviously, once we have kids, I'll set passwords and (limited) user accounts.
3) My WiFi password looks to be a computer-generated random sequence of 9(ish) numbers provided by my ISP. I haven't bothered changing the password. Seems pretty secure to me.

DPete27 wrote:

To answer a few questions:
1) I don't feel as if anything on my computers would be particularly sensitive data. I keep paper and electronic copies of finance-related things locked in safes. I also keep computer backups on an external hdd.

Does your (unprotected) account had admin privileges? If so, you're susceptible to drive-by malware installs. Which in turn makes you vulnerable to identity theft via keyloggers and rootkits if you ever use your computer to conduct *any* sensitive business, regardless of whether you store any of it on the internal hard drive. (HTTPS doesn't protect you here, since keyloggers and rootkits can intercept the data before it gets encrypted for transmission over the HTTPS connection.)

DPete27 wrote:

2) It's only myself and the misses on our network. Obviously, once we have kids, I'll set passwords and (limited) user accounts.

Ahh, OK. So this unprotected account DOES have admin rights.

DPete27 wrote:

3) My WiFi password looks to be a computer-generated random sequence of 9(ish) numbers provided by my ISP. I haven't bothered changing the password. Seems pretty secure to me.

Except that someone at your ISP probably has a record of it, and that record may even indicate the name and address of the customer it was issued to. Your ISPs subscriber database can be hacked, or (more likely) stolen by a disgruntled employee and sold to the highest bidder. Having an extra layer of password protection at least puts the WiFi security under your control, instead of trusting your ISP to keep their records safe. At the very least, you need to change the default WiFi password.

It takes a couple of seconds to type your password and press enter. Why risk it?

sid1089 wrote:

My rule of thumb:

Desktop: No password.
Laptop: Password.
Work Computer: Password.

This is the way to do it, unless your system is available to other local users. A basic Windows passsword is effectively zero protection against any sort of attack because the filesystem itself is out there for all to see and play with. BitLocker is a bit more useful but it only protects you against the hard drive being stolen, once it's powered up and decrypted anyone who sneaks on can access whatever.

just brew it! wrote:

Does your (unprotected) account had admin privileges? If so, you're susceptible to drive-by malware installs. Which in turn makes you vulnerable to identity theft via keyloggers and rootkits if you ever use your computer to conduct *any* sensitive business

Not sure I understand how having a Windows log-in password will protect me from keyloggers and rootkits? Those things sound like something that a firewall and/or virus protection handles.

DPete27 wrote:

just brew it! wrote:

Does your (unprotected) account had admin privileges? If so, you're susceptible to drive-by malware installs. Which in turn makes you vulnerable to identity theft via keyloggers and rootkits if you ever use your computer to conduct *any* sensitive business

Not sure I understand how having a Windows log-in password will protect me from keyloggers and rootkits? Those things sound like something that a firewall and/or virus protection handles.

If you run with admin privileges and no password, anything that gets past your AV can install itself without you realizing anything is amiss. I agree, the password doesn't protect you once the malware is already in.

Firewall doesn't protect you from drive-by malware downloads at all, since the malware is typically attached to a web page that you visit on a compromised web site. Since you requested the page, the firewall automatically assumes the traffic is legit. Firewall only protects you from people actively trying to probe your network from outside.

just brew it! wrote:

If you run with admin privileges and no password, anything that gets past your AV can install itself without you realizing anything is amiss.

And having a Windows password prevents these malware that get around AV from installing on your computer without first entering(cracking) your Windows password?

Burglars exist. Why not have a password? My password's fricken' huge, and I type it every time. It's not that big of a deal.

DPete27 wrote:

just brew it! wrote:

If you run with admin privileges and no password, anything that gets past your AV can install itself without you realizing anything is amiss.

And having a Windows password prevents these malware that get around AV from installing on your computer without first entering(cracking) your Windows password?

I think he's envisioning malware executing a sudo or su in Linux to achieve privilege escalation. A blank password would aid that attack extensively.

UAC doesn't work the same way as sudo or su. Not having a password doesn't remove the effectiveness of preventing malware from auto-elevating through UAC.

Of course so many enthusiasts these days cut off UAC that odds are the discussion is irrelevant.

A_Pickle wrote:

Burglars exist. Why not have a password? My password's fricken' huge, and I type it every time. It's not that big of a deal.

Burglars who steal your machine need not worry about your password. Odds are they just want to flip your machine and make money. Whoever buys it will probably just wipe it.

Say that they do want your information. They'll just modify the SAM database with tools like NTPasswd and carry about password hash replacement. You need whole disk encryption and a good password to protect your data. Even better is if your system supports Intel's Anti-Theft technology, but that is typically only available in laptops.

A password is a mild local protection. I think it's a good idea versus no password, but I wouldn't have any illusions about the level of protection it provides.

If the attacker can touch the machine, it's not going to end well.

Agreed, it depends on who you live with, and how devious they are, consider listing your friends too. I have no password, cuz i doubt my 6 year old son will do too much, and the misses can use facebook only.

td1353l wrote:

Agreed, it depends on who you live with, and how devious they are, consider listing your friends too. I have no password, cuz i doubt my 6 year old son will do too much, and the misses can use facebook only.

You'd be surprised how much damage a small child (or toddler) can do! And I'm not even counting stuff like putting a slice of cheese in the DVD drive, giving the mouse a "drink", peanut butter in the USB ports, etc...

You're probably safe from food-related incidents now, at 6 he should know better. But he's probably more capable of doing unintentional damage to the contents of your hard drive if he's allowed on the system at all!

UberGerbil wrote:

The Windows password (as far as the local machine is concerned -- ie, assuming you're not actually logging into a domain, etc) is essentially intended to keep other local users out. If you're the only person who's going to sit down at that machine -- and it's not a laptop that might wander away -- your security isn't affected in any practical way by not having a password. However, if other users might use your machine, they should each have accounts and everybody should have passwords. And if other people might have access to your machine when you're not around -- roommates, friends of roommates, kids, etc -- you definitely want to have a good password. (Of course this only protects you from casual exploits / bad behavior like logging onto your facebook account and posting something unfortunate, or visiting questionable websites, etc: if someone has physical access to your machine, they effectively have access to everything on that machine including any sensitive data and any logins you might have stored there, which is where drive encryption and other techniques start to matter, though physical access by untrusted actors is problematic even for the most security-conscious organizations).

I disagree with the part I've emphasised. I have alternate accounts set up on my computer for other users for "casual" computer usage, but for each standard account I have set up NTFS permissions as follows:
* Reading or modifying my backups is denied;
* Access to "C:\Users\[insert my account name]" is completely denied;
* Writing to anything on C: except for the "Users\[their own]" and "Users\Public" folders is denied;
* Access to the other partitions and drives is completely denied (they may not even read the root folder);

In addition, "Parental Controls" -- however inappropriately named in my case -- adds a second layer of protection: no executable files are permitted to load and/or run other than those I've explicitly whitelisted with my own administrator password. (This has the side effect of rendering Chrome's jerkweed auto-update feature unusable, so I update Chrome by hand every month or so.)

Acquaintances are literally only permitted to browse the internet and play a few videogames I've whitelisted. It's like a high-performance terminal when I'm not here.

just brew it! wrote:

If you run with admin privileges and no password, anything that gets past your AV can install itself without you realizing anything is amiss.

Theoretically yes, but said "anything" may only install itself with standard privileges. If it tries to acquire special or administrative rights, UAC will halt it whether you have a password or not.

Meadows wrote:

UberGerbil wrote:

if someone has physical access to your machine, they effectively have access to everything on that machine including any sensitive data and any logins you might have stored there

I disagree with the part I've emphasised. I have alternate accounts set up on my computer for other users for "casual" computer usage, but for each standard account I have set up NTFS permissions as follows:
* Reading or modifying my backups is denied;
* Access to "C:\Users\[insert my account name]" is completely denied;
* Writing to anything on C: except for the "Users\[their own]" and "Users\Public" folders is denied;
* Access to the other partitions and drives is completely denied (they may not even read the root folder);

Unless you've disabled booting from external devices in the BIOS, password-protected the BIOS so that nobody else can change the BIOS settings, physically secured the case so that only you can open it, and check the back of the computer every time someone else has had physical access to make sure a hardware keylogger hasn't been installed between your keyboard and the PC, UberGerbil's statement still holds.

Using encryption (e.g. BitLocker) would protect you from most physical attacks, but even that would still leave you vulnerable to hardware-based keyloggers if you are only using PIN-based authentication...

Windows passwords are useful for various network situations, as well as for RDP. Obviously, it's not going to protect your system from other vulnerabilities from applications, etc., nor from someone booting the system into Linux and running chntpw, but I don't think it hurts to have.

just brew it! wrote:

Unless you've disabled booting from external devices in the BIOS, password-protected the BIOS so that nobody else can change the BIOS settings, physically secured the case so that only you can open it, and check the back of the computer every time someone else has had physical access to make sure a hardware keylogger hasn't been installed between your keyboard and the PC, UberGerbil's statement still holds.

That's true.

Then again, such "extreme" measures are not necessary in my case, but I would definitely consider them if it were, say, a public access computer in a fast food restaurant or the like.

If someone were to somehow make their way onto your network (via wireless or whatnot), they'd have an easier time accessing your system if you're running without a password. I know Windows likes to enable media-sharing and a bunch of Homegroup crap by default these days.