1

As a follow-up to this question, I am wondering how much care I need to put into my Windows login password, for when I leave my computer alone in "sleep" mode. (I know that Windows passwords can be easily removed.) Is there any software that can try to crack the password from the lock screen? Or do I just need to have a login password that cannot be defeated in, say, my hour-long lunch break?

There is a related question about the Windows screen saver password; I would guess that the lock screen is controlled by different logic.

Community
  • 1
adam.baker
  • 657
  • 6
  • 9
  • I believe Microsoft uses a timer on its login screen, so you shouldn't be exposed to brute-force attacks. – Steve Dodier-Lazaro Jun 04 '15 at 10:26
  • As per my understanding, the locked desktop password appearing when retrieving from sleep mode (we talk here about *sleep* (=suspend to RAM) and not *hibernation* (=suspend to hard disk)) is just a direct descendant from the screen saver password with the only difference that the password is requested over a fixed "wallpaper" instead of over a dynamic screen saver. Apart from that a screen saver password and a locked desktop password *are* the same thing (in particular a session remains opened and active in the background). – WhiteWinterWolf Jun 04 '15 at 13:49
  • Okay, that is good to know. I think it may not be obvious to many people that this is a duplicate question; that's my two cents anyway. – adam.baker Jun 04 '15 at 15:44

1 Answers1

0

You ask about cracking, a long and complex 15+ length password will render crackers useless within your timeframe. This bypass method takes 15 minutes at most:

You can disable autorun, you can put a password on your BIOS. But a single BIOS reset (requires 2-5 minutes of unmonitored physical access) will remove the BIOS password, allowing an attacker to BOOT the computer through USB/CD with e.g. KON-BOOT. This attack will temporarily allow any password with your accounts without resetting your old password.
The only protection from this that I know of is system encryption e.g. VeraCrypt.

Manumit
  • 579
  • 1
  • 5
  • 19