Why set a strong Windows password?

With the ability to remove/change Windows passwords so easily from a bootable drive, is there any point to having a "secure" one?

EDIT: I don't know, maybe the password is used for some internal mechanism I'm not aware of.

 

I'd say at least 90% of people don't know how to boot their PC other than from their OS.

So whatever that means to you there's your answer.

 

In addition to what zapjb said, if your system is encrypted, then I believe that one can't use a bootable OS to change your Windows password(s).

 

Thanks for responding. I just didn't know if maybe there was a networking aspect that a stronger password helps with.

@MrBrian, I ended up not using FDE because I didn't like the inflexibility of imaging with it.

 

Remote Desktop (RDP) Hacking 101: I can see your desktop from here!

 

Pretty much for RDP and network shares. If they have physical access, it is just easier to blow it out with a boot disk. Also as mentioned, if you have encrypted your drive, then a good password will actually keep most people out.

 

Does the Windows logon password protect your data?

 

Get a very good password for system encryption and don't worry too much about Windows password, which is quite easy to by-pass anyway.

 

So you don't use lock or sleep? Mind sharing how easy it is to crack those?

 

Not sure who this is aimed at but yes, I do lock and sleep my computer. Obviously this is an instance where password strength is more important but it just seemed trivial to me so I didn't bother mentioning it (thanks for covering everything though). But, who's to say someone can't just turn your computer off and boot from a usb drive like mentioned(rhetorical question).

 

Both of you, but especially dogbite who claims you only need a good password for system encryption.
If someone turned off my computer, they just made their jobs harder and gets a fully encrypted hard drive. Most people don't know what you're talking about in the first place.

It's a matter of perspective, why set a weak Windows password? What benefit would that have other than a little more convenience?

 

Well, the reason why a use an easy Win password is that I have a mandatory setting that locks PC after 15min idle. So I have to type it frequently.
I do use Sleep but only when at Home. Also, PC never stays locked in other places than Home or Office, where honestly I am not worried about a cracking threat.

In conclusion, I decided to opt for covenience, addressing security efforts to other systems.

We could also question about what easy means. In my case it's an alphanumeric password of 8 characters.

 

In my case, I use a Windows password to keep out the opportunistic snoop. The more secure option I have available to me is a hard drive password. When coming out of standby/sleep or the Windows lock screen I have to enter the Windows password. When coming out of hibernation or at startup I have to enter the hard drive password before I can even get to Windows.

 

Anyone worth salt in security/IT disables RDP by default on any computer they touch unless it has some important reason to leave it on. It's one of those settings you just don't leave checked.

As for passwords, they keep the normal run of the mill people off your windows, and don't even need to be complicated because anyone serious about getting in would bypass the entire password system anyway - so a long/complicated one wouldn't do anything.

Besides, some of the best passwords are like; !!!!!!!!!T@nk!!!!!!!!!! easy to remember, difficult to cypher due to the length, and other factors. Often the length is what is important, rather than the content of that length. “Simple length”, which is easily created by padding an easily memorized password with equally easy to remember (and enter) padding creates unbreakable passwords that are also easy to use.

 

Yeah, it would be foolhardy in putting sensitive data on a non-encrypted drive/partition. The password strength won't matter in this case.

 

Or at the very least, encrypted files/folders.

Drive encryption is often too extreme for many people, especially casual computer users. So a good strong folder encryption usually solves the issue. Giving them extreme privacy in 'specific' system areas, while not making the system have potential negatives of full encryption, or the multiple password logins.

Besides, we don't know if Truecrypt is actually fully secure until the audit finishes, and that may take another year or more. Truecrypt shouldn't be fully trusted until that audit has been completed. That seems to be the encryption software most people turn to for full drive encryption. (and anything based off Truecrypt code)