No Antivirus or firewall will save your PC data if someone gains physical access to it and manages to log in. If your PC is vulnerable to unauthorized access, you should take measures to secure the Windows login screen.
By default, Windows 11 uses a PIN to secure your account, which can be guessed, brute-forced, or compromised in a social engineering attack. Depending on your convenience, device compatibility, and the importance of the data on your PC, there are many ways to secure your Windows login screen.
Windows offers multiple methods to log in to Windows and secure your unattended PC. In this post, I’ll talk about different methods to secure the Windows login screen and help you decide what will work best for you.
Importance of Choosing the Right Login Method
As I said before, the default PIN-based login method may be convenient, but it’s very vulnerable. Similarly, the other methods also have their own vulnerabilities and limitations. Depending on the circumstances, you need to choose the method that provides enough protection while being convenient to use.
For example, if your PC is at home and you don’t want others to access your private data, then using facial recognition or the Picture password may be enough. However, if your PC is in an enterprise setup with confidential data inside, then using a physical key like a USB key will be better.
Below, you’ll find different ways you can secure your Windows logon screen to prevent unauthorized access:
Use a Stronger PIN
By default, Windows uses a 4-digit PIN code, which is much easier to guess or break. Thankfully, there is a separate option that you can enable to allow letters and characters so you can use a strong password. Here’s what you need to do:
Go to Windows Settings > Accounts > Sign-in options.
Here, click on the PIN (Windows Hello) option and then click on Change PIN.
On the pop-up that appears, check the checkbox next to the Include letters and symbols option. Now, instead of a number pin, you can set a password with letters, characters, numbers, and lower/upper case letters.
Use Your Microsoft Account
While creating a user account for your PC, Windows gives you the option to create it using a Microsoft account or a local account (limited to the device). Unless you have a specific reason, try to always use a Microsoft account.
Microsoft account is not only more useful as you can access many online Windows features, but it’s also more secure and offers easy recovery in case you forget the password.
If your Microsoft account gets hacked, there is a good chance they don’t have physical access to your PC. However, if a hacker intends to hack your local account, it’s obvious they intend to physically access your PC and can use hardware hacking methods, too.
If you are logged in using a local account, go to Accounts > Your info in the Windows settings and sign in using your Microsoft account.
Fingerprint recognition isn’t necessarily better protection than using a PIN. Since a PIN is required for this method to work, it can be bypassed if the hacker can hack the PIN. However, it’s much more convenient to use and can deter specific hacking attempts like phishing or keylogging.
You can set Fingerprint Recognition in the Sign-in options in Windows Settings. You’ll need a PC with fingerprint recognition support or buy a separate fingerprint scanner, like Kensington VeriMark Fingerprint Key.
Makes logging into Windows and other services a one-tap process.
Resistant to password stealing hack attempts like phishing, keylogging, and social engineering attacks.
Compared to other recognition-based methods, fingerprint recognition is much more accurate.
Although it’s difficult to hack, it is still an additional method to access your PC, which could be hacked. Your PC becomes more vulnerable to hacking attempts like biometric replication or someone physically forcing you to put your finger on the scanner.
Facial recognition is another biometric verification system that is worth using. Just like fingerprint recognition, it also requires a PIN so it can be bypassed. However, it doesn’t require physical interaction with the PC and offers just as fast verification.
You’ll need a PC with a webcam that supports facial recognition using infrared or depth sensors. You can also separately buy a webcam that supports it, like Lenovo 510 Webcam. Go to the Sign-in options in Windows Settings to set it up if you have the right webcam.
Quickly authenticate Windows and other services without touching the PC.
Most hacking attempts that steal passwords won’t work.
Facial features easily change compared to fingerprints, like growing a beard. They can sometimes interfere with authentication and cause false negatives.
Lightening and environmental effects can also affect recognition accuracy.
Similar to fingerprint recognition, this adds another way for your PC to get hacked. It’s vulnerable to spoofing using high-quality video or 3D models of the face.
This is another feature of Windows to help you log in without using a password or PIN. To log in using this method, you draw 3 gestures on a picture provided by you. This offers a different kind of security that is unique and can’t be hacked using password-hacking methods.
Whether it’s more convenient than entering a password depends on the user, but I am sure people with a touchscreen PC will find it easier.
Since the picture and gestures are unique to you, it offers a truly unique security feature that can’t be brute-forced.
It is easier to remember since it’s a visual representation.
Password hacking attempts won’t affect it.
Vulnerable to shoulder surfing or monitoring of any kind since they can see the gestures, unlike passwords hidden with asterisk.
Limited complexity as you only have 3 gestures to work with.
How To Use Picture Password?
To enable a Picture password, arrange a photo (any works) and go to the Sign-in options. Here, click on Add under the Picture password option.
Now upload the picture and draw 3 gestures on it. Once you confirm them, the picture password will be created and used for logging in from now on.
You can always delete it from the same Sign-in option without requiring any authentication.
USB Security Key
The USB security key is a physical key that adds two-factor authentication to the Windows login screen for maximum security. Currently, a physical key is the most reliable security system for Windows since Windows doesn’t support other authentication methods, such as text or authentication apps.
With a USB security key, all you have to do is insert the physical key in the USB port of the PC and press the button on it when prompted during login. Without the physical key, no one will be able to access your PC.
You’ll need to buy a compatible USB security key; Yubikey and Thetis FIDO2 are two reliable options. Once you have the key, go to the Sign-in options and click on Manage under the Security key option. Now insert the USB key, and Windows will give you the option to select the key brand and follow the manufacturer’s setup wizard.
When the key is set up, Windows will ask you to provide an authentication code to log in. Press the button on the key to provide it and access Windows.
Higher security, as a physical key, is needed for account access. The hacker has to steal both the password and the physical key.
Protection against password hacking attempts.
Since it’s a physical key, there is a higher chance of losing it or getting it stolen. The recovery process isn’t very convenient, depending on what you selected as a backup.
It needs to be separately bought, unlike other methods that most newer PCs have built-in.
Enable Dynamic Lock
No matter which login method you use, your PC will be vulnerable if you leave it unattended while logged in. Dynamic Lock is a security feature that automatically locks your PC if a connected Bluetooth device leaves its proximity.
To use this feature, you’ll need a Bluetooth-enabled PC and a smartphone. Almost all laptops have Bluetooth built-in; desktop users can get a USB adaptor like TP-Link UB500 to get the functionality (if not available).
You can enable it under the Additional Settings section of the Sign-in options. You’ll have to register the smartphone that you want to use to check proximity. After set up, make sure you take the smartphone with you when you move away.
It’s worth mentioning that it takes a minute once the smartphone is out of reach for the screen to lock. Your device is vulnerable during that period.
Enable Screen Saver With Device Lock
If you can’t enable Dynamic Lock, then you can also enable a screen saver that will lock the PC after the specified time. To access screen saver settings, open Windows Settings and go to Personalization > Lock Screen > Screen saver.
Here, select a screen saver, wait period, and enable the option On resume, display logon screen. Choose the wait period carefully as a lower wait period, like 1 minute, may also disrupt regular usage when you leave the PC idle for a minute.
Now, whenever there is no activity on your PC for the specified period, the screen saver will launch, and you’ll have to log in again.
Ending Words 🔒
A stronger PIN should work fine for most people. However, if your PC supports it, then using one of the biometric solutions is better since it protects against password hacking attempts.
Google Docs does a great job of keeping things simple. The default page setup works great for most documents, and common formatting options are right on the toolbar. However, when you need to do some advanced formatting, you’ll need to dig a little deeper.