Say you have two accounts on your Windows XP computer: An everyday account, set up as a Limited User, and an account in the Administrators group that you use for system maintenance tasks. Your computer is in a secure location, and you’re the only person with physical access to it. Which of the following options is more secure?
1. You assign a blank password to the administrative account
2. You create a strong password of 15 characters, using a randomly generated string of letters, numbers, and symbols, for the administrative account
Believe it or not, the blank password offers considerably more protection. Because of security enhancements introduced in Windows XP, accounts with a blank password can be used only to log on interactively at the computer by using either the Welcome screen or the Log On To Windows dialog box. You can’t log on to a non-password-protected account over the network using a Remote Desktop connection. Nor can you use the Run As feature to run in the context of an account with a blank password. An attacker who wants to break into your computer won’t be able to get administrative access over the network.
This approach isn’t for everyone – you don’t want to try it on a portable computer, or on one that’s part of a Windows domain, or if you actually need access via Remote Desktop.
But this strategy is a decent alternative for home computer users who don’t want to be bothered with passwords. You can return to the Welcome screen at any time by using the Windows key+L shortcut; from there, you can log on to the administrative account for system maintenance tasks.