Cant find an answer anywhere

Solution
So far none of your "reasons" pertain to a password for helping internet security. The closest you've gotten was a password on the admin AND not using that admin account. But the actual security measure in that case is not using admin and not the password part. Still having the password and using the admin account leaves you just as vulnerable as no password.

djreedj

Honorable
Jan 14, 2016
1,721
1
12,160


why is it stupid to do if im the only one using this pc?
 


Because YOU ARE NOT! As long as you are connected to the internet, you MUST use a password for your own protection. The #1 easiest way to avoid ever having malware, even more effective than anti-virus software, is to put a password on your accounts (hard to guess one, >8 characters using A-Z a-z 0-9 and non-alphanumeric characters like !#$%&()_<>-=~+-/*`@" ' ) and use a standard account (not administrator) as your regular account (and have an administrator account for when you absolutely need it).


See the above. Passwords are arguably MORE important on home computers, since the users are generally less capable of securing their systems and will be far more vulnerable to malware and the effects of malware. Sure the financial value of malware damage is less than for a major corporation, but the financial impact can be far more devastating. A password is the more time efficient method of improving your home computer's security.
 


Read the OP's actual comment, he wants to disable the password prompt, not just the lock screen, which can only be done by either disabling passwords entirely or by putting your password in plain text that any malware can read (and many scan for)
 
That has nothing to do with security for internet usage. Once you log into your pc, in your logic I'd have pw prompt for doing anything on my pc. That's what uac is for, not the password to log into the local account. The desktop is completely the same with or without a password once you get to the desktop.
 


Not at all....
1) UAC won't work as intended if you're on an administrator account, if the system becomes infected the malware just starts up automatically with your account.
2) For regular use, you ONLY need to log in once. Only use that modifies system files will require a password, and no regular use software should ever do that!
3) The point is that the use is the same... The only time you will ever need a password is logging in or changing system settings (not user settings like brightness, your background image, etc, only things like adding a new program ). The effect on the user is minimal, but it prevents malware from doing anything without your consent.
4) Disabling the password at boot (which is possible) is a security risk that just isn't worth it, for the above reasons and:
5) If your device is ever stolen, passwords will help protect your data a small bit. If you have something with Bitlocker though, it will secure your data enough that you don't have to worry about thieves stealing your credit cards and banking information on top of your actual computer.


And interestingly enough, auto-logon doesn't actually make you boot to desktop (idle) any faster than typing in the password yourself, usually you'll be limited by delayed services regardless.
 
Password makes no difference to malware getting in from the normal ways either passively from website objects or from downloading. Once malware is on the pc, it will run with or without a login password. You login to your desktop, it runs.
 


Depends on the malware, but most will NOT work "properly" because they attempt to access restricted areas without a valid credential. Yes, there are some that will screw with your system, but the vast majority (http://www.tomsguide.com/us/standard-accounts-stop-malware,news-18326.html) are stopped. https://technet.microsoft.com/en-us/magazine/2008.05.desktopfiles.aspx is a bit old but explains the basics.

And here's the other reason for passwords that I never thought I would have to explain... Forcing login passwords is the easiest way to build a habit of preparing and maintaining passwords. Get lazy in one place and you'll start a dangerous downward spiral to passwords like "password" and "1234" for even more important services. Even if you don't want to consider how passwords on accounts are beneficial in terms of direct computer security, you can't argue with the positive psychological impact that consistent password usage brings.
 

djreedj

Honorable
Jan 14, 2016
1,721
1
12,160
Apparently I dont have a gpedit in my system. It was unable to find when I typed it in and I can't find it in Windows folders. I will keep my pin password. I do not see though how removing the password just to get into desktop can open me up to any harm other than if someone stole my PC.
 


gpedit is only on Pro versions of Windows.

Even if you don't see it, it's a bad idea. It takes less than a second to type in most passwords (and less than 10 even for the most complicated ones) or use the picture password (on tablets), and less than half a second to put in the pin (which is NOT a password, NEVER use a 4 digit password, use at least 8 and if possible 12-16), so there's no reason to disable it.
 
So far none of your "reasons" pertain to a password for helping internet security. The closest you've gotten was a password on the admin AND not using that admin account. But the actual security measure in that case is not using admin and not the password part. Still having the password and using the admin account leaves you just as vulnerable as no password.
 
Solution