Some useful information. Your Windows XP computer is more safe if you don’t set any password at all than using some weak password like "abc123" which can be easily guessed by hackers.
Using a blank password (or no password at all) makes your computer more secure because Windows XP accounts, that are not protected by a password, cannot be accessed remotely over the network or the Internet.
You have to be physically infront of the computer in order to get in. Due to this default behavior, it is better to leave a blank password assigned to an XP account rather than assigning a weak, easily guessed password.
An official guide from Microsoft on Password strength therefore suggests using blank passwords on Windows XP machines when the following criteria are met:
• You only have one computer or you have several computers but you do not need to access information on one computer from another one
• The computer is physically secure (you trust everyone who has physical access to the computer – like your family members)
The use of a blank password is not always a good idea particularly when the computer is not in a secure location. For example, a laptop computer that you take with you is probably not physically secure, so on those you should have a strong password.
Update: If you want to access your XP Professional computer over the network ever after the password is blank, run gpedit.msc in the Run box and disable the setting "Limit local account use of blank passwords to console login only" available under Local Policies.
Find this article at: http://www.labnol.org/software/tutorials/blank-windows-password-secure-computer-internet-attacks/2517/
Tags: feature, password, windows, Software, Tips, Tricks, Tutorials
Reader Comments
Hey, your article makes a good sense, especially for desktop computers used at home :)
- Riyaz
Written by Riyaz on 03.05.08
I was wondering why there were so many attempts to get into the laptop and not the desktop. This is a great tip.
Written by Brad Hart on 03.06.08
Like most Microsoft configuration tools, gpedit.msc is cumbersome to use and difficult to understand. Users need to be careful what they change here.
Written by A.Nieves on 03.06.08
I have no password on my laptop but am able to access it from the server with no problem. I just have to put in the “username” and leave the password blank and it accesses it just fine.
Written by John on 03.06.08
In the case of a laptop, you not only want to use a password: If possible, encrypt your My Documents folder and anything else that might have information someone could use. Once a person has physical access to your hardware even a good password is useless. There are just too many tools to bypass password protection in any OS.
Written by bitterbug on 03.06.08
Interestingly, if you want to use “Scheduled Tasks” it is my experience that you MUST set a password. I was informed by Microsoft that this was a “security” feature. Once again we are confronted with a two-faced Microsoft response to security. Nothing Microsoft does makes security sense. Microsoft code illustrates lack of leadership, faulty design and inconsistent programming.
Written by Nelson on 03.06.08
More specifically, the option for a blank password over a network login is in:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only
Written by Devin on 03.06.08
Um, no? A FAR better solution is to use a strong password. For instance: “My brother has a blue sock??” Easy to remember, uses special characters, and uses capitalization.
Written by Not so much on 03.06.08
From personal experience, machines with XP and blank password can be accessed via the network with the appropriate tools as long as it’s not behind a NAT firewall (router).
Written by Greg on 03.06.08
From my experiences, you can access anything more easily without setting a password. Yes certain ports may not allow access, but sadly there are some that do. On top of that, if anybody can get within physical reach of your computer and you do not have a password, makes it easier for them to get what they want. On top of that, even though you can set permissions for windows files and folders, those permissions dont apply to people who uses Linux and have the right array of programs to get the job done. Trust, I know.
Heed my warning, internet attacks are the least of your worries. If you use a firewall you should be protected from most internet attacks.
But a password is a must if you have a laptop or a desktop used by many people.
Written by Linux User on 03.06.08
I do this…and have a password on the screen saver for local ‘physical’ protection…stops 2 years olds from messing up your shit
Written by dazza on 03.06.08
or just use group policy and set “Deny access to this computer from the network”
add the “administrator” user. no more problem.
Written by bah on 03.06.08
This is bogus. Maybe if your machine is sitting right on the modem and has SMB or RDP enabled it afford some security but Samba does indeed have provisions for accessing shared with a null password so I would not sleep any better at night having done this.
If you’re behind a router (which just about everyone is these days I think) no one will be able to SMB or RDP in anyway without your specifically configuring your router to allow it.
The biggest security issue with XP isn’t direct remote access, it’s vulnerabilities and malware. A blank password may allow malware to write to files that would otherwise be protected if a password was in place (ie files of other users)
The best defense is to not use Windows at all. Consider an alternative such as Mac OSX or Linux.
Written by Graham J on 03.07.08
Also remember, gpedit.msc is only available in XP Professional. Most home computers you buy at the store come with XP Home.
Written by Ryan Duff on 03.07.08
are you serious? im always afraid though. btw how to know my pc is hacked?i know there will b a trace. but how as a normal user to identify this?
Written by amer on 03.10.08
it’s a very useful info for me, yet is it enough to make my pc fully protected? Sometimes it seems to me that hackers are taking away most of my online time … is there an end to it?
Written by SPM on 03.16.08
This is one of the security risks, setting no password to restrict hackers who come in remotely, i think MS has forgotten that no matter what is done, windows can always be hacked easily, hope Vista will change this perception. This rises a question, why is Linux so secured than all the versions of MS-OS release so far.
Written by consoleart on 03.20.08