[SOLVED] Is there any easy way for someone to log into my PC when they don't know my PIN password?

[ShangWang]

I remember a long time ago my sister was able to get into my Windows 7 laptop without my password, but I have no idea how she did it.

Is there any simple way that someone could log into your PC through a reset method, or even using a USB? What's the most likely methods?

I faintly remember she had a USB during that time, but I can't remember.

 

[Math Geek]

yes it is possible, but we won't be going into how on this forum. rules prohibit such talk

win 10/11 is a touch harder than win 7 and before was but it is still trivial to do. the only way to keep your stuff secret is to encrypt it. one can get to it but can't actually see any of it. secure windows with a usb token and you won't have to worry about anyone getting into your system ever again.

but yes just a password or pin is easy to break.

 

[ShangWang]

yes it is possible, but we won't be going into how on this forum. rules prohibit such talk

win 10/11 is a touch harder than win 7 and before was but it is still trivial to do. the only way to keep your stuff secret is to encrypt it. one can get to it but can't actually see any of it. secure windows with a usb token and you won't have to worry about anyone getting into your system ever again.

but yes just a password or pin is easy to break.

I see, back then on Windows 7 I had a password with characters so I would think she somehow got a hold of a USB that can override the password/change it but I still don't know how.

 

[Math Geek]

if it is only your pc and no one else uses it, then use bitlocker or something to encrypt the drive. set up a usb token, basically a private key that will be used from the usb drive. only way to log in would be to have the usb to plug in. this is basically what a tpm does for the system but you carry it with you and don't leave the storage with the pc for someone to mes with. it is possible to break into a tpm though it is not that easy to do.

windows does not really get any more secure than that from a home user perspective. no one will be able to fake a strong 256k or larger key. go with 512 if possible and it'll never be broken

 

[ShangWang]

if it is only your pc and no one else uses it, then use bitlocker or something to encrypt the drive. set up a usb token, basically a private key that will be used from the usb drive. only way to log in would be to have the usb to plug in. this is basically what a tpm does for the system but you carry it with you and don't leave the storage with the pc for someone to mes with. it is possible to break into a tpm though it is not that easy to do.

windows does not really get any more secure than that from a home user perspective. no one will be able to fake a strong 256k or larger key. go with 512 if possible and it'll never be broken

Sounds good, I don't consider that anyone would actually try to break into my laptop anymore, but I do know it's possible to log into an account pretty easily with a few command prompts.

On a side note just out of curiosity, if someone was trying to hack/login to my account remotely, would having a password provide some kind of protection, or does it not make a difference if they're trying to get into my desktop? Is it possible for someone to do "log into" a desktop with your computer on/off remotely?

 

[hotaru.hino]

Attackers don't really go after a random account by password cracking unless there's value on that account.

And even then, most of them would rather resort to social engineering because it's easier.

 

[ShangWang]

Attackers don't really go after a random account by password cracking unless there's value on that account.

And even then, most of them would rather resort to social engineering because it's easier.

Gotcha, though if they did want to somehow access my desktop remotely, is it only possible if my laptop is awake/doing something, or is it possible they can get onto it while it's asleep or even shutdown? Does the password do anything as a barrier?

 

[USAFRet]

On a side note just out of curiosity, if someone was trying to hack/login to my account remotely, would having a password provide some kind of protection, or does it not make a difference if they're trying to get into my desktop? Is it possible for someone to do "log into" a desktop with your computer on/off remotely?

Remotely is MUCH harder.

First, they need to get past your router and its firewall.

 

[Math Geek]

right you'd have to have remote desktop active which is off by default. that's the easiest way out of a bunch of hard ways to do it.

it is possible for sure but not that easy to do. not worth anyone randomly trying to do it. MS/Google/Amazon already have everything about you that they'll sell to anyone for any reason. unless you got high value information, there is no reason for anyone to even bother with you.

but if you have 2fa set-up on an encrypted system, then it is virtually impossible. i have a couple vm's in the cloud i use and they take a private key as well as username/password combo to access. only one port listening on the whole vm and only when i log into it and turn it on. it's not giving up anything unless a top quality state actor got involved.

 

[ShangWang]

right you'd have to have remote desktop active which is off by default. that's the easiest way out of a bunch of hard ways to do it.

it is possible for sure but not that easy to do. not worth anyone randomly trying to do it. MS/Google/Amazon already have everything about you that they'll sell to anyone for any reason. unless you got high value information, there is no reason for anyone to even bother with you.

but if you have 2fa set-up on an encrypted system, then it is virtually impossible. i have a couple vm's in the cloud i use and they take a private key as well as username/password combo to access. only one port listening on the whole vm and only when i log into it and turn it on. it's not giving up anything unless a top quality state actor got involved.

Thanks! So your PC has to be on for this to work.
I would guess the pin code might just provide a bit of protection but it's not much help if the hacker already has remote access to your PC.

 

[Math Geek]

if you really want to learn more look up a cybersecurity program. can take classes at local community college or simply get an online course. something aimed at the sec+ certification would be a good start to understanding how pc and network security work. this does assume a basic networking understanding.

so might start with a net+ type cert course to learn the basics.

even if you don't work in the field it's still good knowledge to have and you are obviously curious

 

[USAFRet]

Thanks! So your PC has to be on for this to work.
I would guess the pin code might just provide a bit of protection but it's not much help if the hacker already has remote access to your PC.

The PC is in a locked bedroom (PIN), and the house has a very good front door lock (router/firewall).

If this were an issue, you'd have reports of this happening all over.

Now....if you purposely disable the front door lock and bedroom lock, via installing some crapware or similar (social engineering)...all bets are off.
THAT is how peoples systems get hacked. Not by a random driveby.