While it is extremely convenient, enabling the automatic login feature on your Windows PC can be potentially problematic. When you utilize this setting, the password for your Windows account is
stored in a location where it can be accessed by anyone (or any software) with administrator access.
Additionally, if your Windows PC password is identical/related to the passwords that you use for your email, financial accounts, etc., then the automatic login feature could be extremely detrimental to your security.
Never Use A Registry Hack
Allowing automatic logins by the use of a registry hack is by far one of the worst ways to activate this feature. This registry hack involves altering values in
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ in your Windows registry.
This gives you the ability to activate AutoAdminLogin and set values for; DefaultDomain, DefaultPassword, and DefaultUsername. Do you see the obvious problem here? By using this registry hack you are placing all of your login information in a location where any software that has registry access can view it.
The Other Methods Out There Are Only Slightly Better
Another automatic login method is the utilization of ‘hidden user account tools’. One of the most popular tools with this functionality is Netplwiz (this isn’t visible in your Control panel’s list of tools). SysInternals is
another popular tool that serves the same function as Netplwiz. These tools require that you give it your password and your username so that they can automatically sign you in whenever your
computer starts up.
While these tools won’t store your password directly in the registry, they will store it as an LSA Secret. This gives your information an additional level of security, since software that want to access this information would have to have the ability to read the data. While this may sound somewhat secure, all it takes to crack is a mediocre decryption program that has administrator access. NirSoft has a program called LSASecretsView, which wascreated just for this purpose. This program gives the user the ability to see everyLSA secret on the installed device – this includes your saved auto login information.
Is Your Password Extremely Valuable To You?
So should all of this matter to you? That’s a question that only you can answer. Just how important is the password that you use for your PC? If your login password is something simple (like your
first name) and you don’t care who logs into your PC then you’re probably alright.
One of the main issues is that quite a lot of people actually use important passwords to log into their Windows accounts. Even though reusing passwords is not recommended, a large majority of users use the same password for their email account, Windows account, and other important accounts. Placing such an important password as an automatic login (where it is then saved openly on your computer) is incredibly dangerous.
In addition to this, newer version of Windows (Windows 8, 8.1, and 10) automatically utilize Microsoft accounts as their default means of authentication. So, if you use your Microsoft account to login, and then activate automatic logins, the password for your PC and Microsoft account are now saved where users and software can easily gain access to it. This means that they can potentially have access to your OneDrive files, email account, and any other services that you Microsoft account is liked to.
You Can Log In Without Typing In A Long Password
The newer versions of Windows – Windows 8, 8.1, and 10 – all have simple methods of logging in that are not only safer than automatic logins, they are not as tedious as entering a long
One such method is the utilization of a simple PIN. This is a numerical passcode that is short and likely easy to remember, yet still safe and secure. Other login features that are available are: using a picture password, using your PC’s webcam to login, or a fingerprint sensor.
While these can all be hacked with a great amount of effort, they are vastly better compared to any automatic login feature. If for some reason you can’t live without an automatic login feature, then at least set your PC’s password to something simple, like “password”, that you won’t use for other online accounts. You should also forgo using a Microsoft account, instead utilize a local user account.