Is using a windows user account password necessary on a PC with bitlocker and a complex pin?

Question

Is there a security risk to disabling the windows user account password, since my PC is already unlocked with a complex pin at boot time? I have my PC configured with sleep disabled. I'm running windows 10 pro.

For example, is windows network security reduced?

Answer 1

Weaknesses of running passwordless with strong BitLocker:

• BitLocker might get temporarily suspended during certain updates (this is required with TPM-based protection when updating certain boot code, and happens automatically) which presents a window to steal the machine and get everything.
• An attacker who steals your computer while it's on can get everything.
  • You can't meaningfully "lock" the computer except via shutdown/hibernate, which take time or risk losing data.
• A malicious process running as a different low-privilege user can access your account easily.
  • This is a problem if you have multiple user accounts for different people.
  • This is a problem if there's a low-privilege service account that gets compromised.
• Authentication mechanisms that aren't technically "network log in" operations (as Windows defines them) will still work against you.
  • People won't be able to Remote Desktop in as you (by default), but they might be able to SSH in as you (if you enable the SSH server).
• Your cryptographic secrets (EFS keys, DPAPI keys, certificate private keys, passwords saved in the credential vault, etc.) will be essentially unprotected (though this might not matter to you since it would need to be a local attacker).

Answer 2

A user with a blank password cannot, by default, perform network logons.

This is controlled by the local security policy option "Limit local account use of blank passwords to console logon only", which is enabled by default. What this option means is that a local user account that has a blank password cannot be used to log onto the system from anywhere other than the computer's physical location.