Win10: password on boot but not on wake...

ChrisR

ChrisR

I'm a well known grump...
Messages
11,389
Name
Chris
Edit My Images
Yes
I have a friend (ahem) whose home Win10 box is set to require a password on start or restart, but not when waking from sleep. The machine is switched off overnight (and TBH it's very often left off for days at a time). Is it much of a security risk not requiring a password on wake? I can see that visitors would be able to access the machine without the password, but would it affect remote access?
 
It used to be on the screen saver settings. (one way of applying it)
It should nt be allowing remote access all the time anyway.
 
Sangoma said:
It used to be on the screen saver settings. (one way of applying it)
It should not be allowing remote access all the time anyway.
Click to expand...
I did have it requiring password on wake, but Mrs R objected. TBF now that both her phone and iPad require a PIN on wake, she might be happier to accept. But I'm really trying to find out how much of a security risk it is. Other than insider attacks, what does password on wake protect from?

BTW I /think/ the router is set up with a firewall to prevent incoming attacks, but I don't understand it well so it's possible it isn't watertight...
 
ChrisR said:
I did have it requiring password on wake, but Mrs R objected. TBF now that both her phone and iPad require a PIN on wake, she might be happier to accept. But I'm really trying to find out how much of a security risk it is. Other than insider attacks, what does password on wake protect from?

BTW I /think/ the router is set up with a firewall to prevent incoming attacks, but I don't understand it well so it's possible it isn't watertight...
Click to expand...

Ah, I see.
I don't see much point in the home to be honest.

Windows defender will also help to prevent unwanted connections too
 
ChrisR said:
I did have it requiring password on wake, but Mrs R objected. TBF now that both her phone and iPad require a PIN on wake, she might be happier to accept. But I'm really trying to find out how much of a security risk it is. Other than insider attacks, what does password on wake protect from?

BTW I /think/ the router is set up with a firewall to prevent incoming attacks, but I don't understand it well so it's possible it isn't watertight...
Click to expand...
The router is likely using what's called NAT (Network Address Translation) which allows many devices on your home network to share a single public IP address which is a very limited resource now. It means your home devices aren't directly on the internet and in turn, devices on the internet can't directly connect to your home devices unless access is set up for them first. That means it's not possible for someone on the internet to connect over remote desktop (the machine would also need it enabled) and even if they did theoretically, it sounds like the account still has a password which would be needed to connect a session.

The main risk with remote access is scammers convincing people to download remote access software to the victim's PC, once the scammer gets onto the PC I don't think the wake password would reduce the security at that point since the scammers will have full control of the PC. Similarly if any malware was accidentally run on the machine with elevated privileges it wouldn't matter about the account because the malware has all it needs from the start.

The only real risk I can think of is what's mentioned already that if someone broke into the house and had physical access to it then they could get straight in but clearly that's a much lower risk than a mobile device that could be left somewhere outside the house.
 
You must log in or register to reply here.
Back
Top