In most cases, particularly when your computer is shared with another user or has the potential to be available to others, take precautions and set up a password for your account.
Figure 4.3 Windows Power options.
Sign-in Options
Windows 10 provides several sign-in options, available from the Accounts panel in Settings. To access the options, click the Accounts panel and then click the Sign-in options link.
The six options are the following:
● Require sign-in: This link lets you toggle on or off the requirement to sign in when you wake your computer from sleep.
● Password: This link takes you to the page where you can create and manage your passwords (see the next section).
● Picture password: This link takes you to the page where you can create and manage a picture password (see Picture Passwords later in this chapter).
● PIN: Clicking this link prompts you for your password, after which you can enter and confirm a number with which to log on.
● Password policy: This link toggles the option to force Windows 10 to request a password when the PC wakes up.
● Lock Screen: This option is under the Related settings section of the sign-in options screen. It lets you set the background picture, Screen timeout settings, and screen saver information.
The Sign-in Options page is shown in Figure 4.4.
Figure 4.4 Windows sign-in options.
Creating Strong Passwords
In this section we talk about techniques for creating, managing, and password-protecting user accounts, but before we get into the details, we provide some basic information on passwords in general. These tips are useful not only for passwords for user accounts, but for all types of accounts you create, including online accounts.
A password that's easily guessed is a weak password. A strong password is one that isn't easily guessed and is immune to password-guessing attacks. The two most common forms of password-guessing attacks are the dictionary attack and the brute-force attack. Both types of attacks rely on special programs that are specifically designed to try to crack people's passwords and gain unauthorized entry to their user accounts.
A dictionary attack tries many thousands of passwords from a dictionary of English terms and commonly used passwords. A brute-force attack tries thousands of combinations of characters until it finds the right combination of characters needed to get into the account.
Both types of attacks are rare in a home PC environment. They'e also easily frustrated by common techniques such as forcing a person to wait several minutes before trying again after three failed password attempts. Nonetheless, the general guidelines used to protect top-secret data from password-guessing attacks can be applied to any password you create. A strong password is one that meets at least some of the following criteria:
● It is at least eight characters long.
● It does not contain your real name, user account name, pet name, significant date (such as birthday), or any name that's easily guessed by other family members or co-workers.
● It does not contain a word that can be found in a dictionary.
● It contains some combination of uppercase letters, lowercase letters, numeric digits, and symbols (such as !, &, ?, @, and #).
We realize that few people need Fort Knox–style security on their personal PCs. You don't want a password that's difficult to remember and a pain to type. But any steps you take to make the password less easy to guess are well worth the effort. Some websites offer password checkers, programs that analyze a password and tell you how strong it is. Or go to any search engine, such as www.google.com, and search for “password checker.”
The most common problem with passwords is forgetting them. When you set up a password for a website, you can usually be reminded what the password is by clicking an “I forgot my password” link at the sign-in page. But no such link exists for passwords that protect your Windows user accounts. Therefore, be sure not to forget your Windows passwords!
Before you password-protect a user account, take the time to come up with a password that you (or the user) can remember. Make sure you use exactly the same uppercase and lowercase letters that you'll be typing. Windows passwords are always case sensitive, which means the difference between uppercase and lowercase letters matters.
For example, say you jot down your password as Tee4me!0 (with a zero as the last character). But later you type it in as tee4Me!o (with the last character being the letter o). Still later, you forget the password and dig out the sheet of paper. The tee4me!o you wrote down doesn't work, because the password is actually Tee4Me!0.
CAUTION
On a typewriter, the number 0 is basically the same as an uppercase letter O and the number 1 is basically the same as a lowercase letter l, but that is not true of computers. You must use the 1 and 0 keys near the top of the keyboard or on the numeric keypad to type 1 (one) and 0 (zero).
With Windows passwords, you can specify a password hint to help you remember a forgotten password. But still, using hints is tricky. Anyone who uses your computer can see the password hint. So, the hint shouldn't be so obvious that it tells a potential intruder what the password is. For example, create a hint that triggers your memory of the password but doesn't repeat the exact uppercase and lowercase letters you used.
Writing down your passwords isn't a good idea because other people may be able to access them. But if you need to keep track of multiple passwords, consider using a password-protected Excel spreadsheet to store all your passwords. Then, you need to remember only one – the password for the Excel file. Alternatively, password-keeper applications are available to achieve the same result.
TIP
If you decide to store your passwords in an Excel file, make a copy you can open on another computer in case your computer crashes or you forget the password to log on. Better still, get a secure password storage program you access from your computer or mobile device.
The bottom line on remembering passwords is simple: You have no margin for error. A password that's “sort of like” the one you specified is not good enough. It must be exactly the one you specified. You must treat passwords as though they are valuable diamonds. Keep them safe and keep them secure, but don't keep them so safe that even you can't find them!
That's enough general advice about passwords. Next, you need to find out about types of user accounts.
TIP
As long
