by Chris Taylor
About Chris Taylor: Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.
Microsoft has, more or less, continually improved security in Windows. One important layer of security is the sign-in to the computer, which helps secure your information and identity.
We have progressed from Windows 95, where hitting the Esc key at the login prompt allowed you to access all locally stored information. But even in Windows 11, Microsoft still allows you to configure automatic sign-in and local accounts with no password. If you have taken advantage of either of these features and have become concerned about the security of your information and identity, you might want to fix them.
Disable automatic sign-in
Press
type in netplwiz, and press Enter. If you are not currently signed in using an account with administrative privileges, you are prompted to provide credentials for a local admin account. Control Panel’s User Accounts loads. Put a check mark in the box Users must enter a username and password to use this computer. Click the OK button and restart the computer.
Set a password on every local account
An account with no password also allows automatic sign-in, so it is best to ensure all local user accounts have a password. Load netplwiz as above and click on each account listed.
For your current account, you will see the following:
If you have no password on your account, follow the instructions to set a password.
For accounts using a Microsoft Account for authentication, you will not be able to change the password and will see the following:
That’s fine as they have a password. You can change the password for a Microsoft Account at https://accounts.microsoft.com.
For other user accounts, you cannot see if a password has been set, but you can force a password by clicking the Reset Password button.
If this is an account used by someone else, you might want to try signing in under this account to see if you are prompted for a password and then speaking with the person before you force a password on the account.
For advice on choosing a good password, see my article Password strength in the December, 2021 issue of Cybersecurity News https://mailchi.mp/glasswire/glasswire-six-million-routers-vulnerable-2534800.