The Safest Ways to Log In to Your Computer

Passwords, key fobs, fingerprints—there are lots of ways to gain access to your laptop or desktop. Here are the best and most secure.
laptop
Photograph: Getty Images

Whether your computer runs Windows, macOS, or Chrome OS, you have options for how you log in. And your choice doesn't only affect how convenient it is for you to get into your laptop or desktop; it also affects how easily someone else can gain access.

These are the different login options that are available and that you need to be aware of, so make sure you choose wisely. The right one for you will depend on how your computer is set up and just how cautious you'd like to be.

Windows

Your Windows Hello PIN is securely saved locally on your computer.

Screenshot: David Nield via Microsoft

You can find the login options for Windows by opening up Settings via the cog icon on the Start menu, then choosing Accounts and Sign-in options. By default, your computer will be protected by your Microsoft account password—make sure it's long, complicated, and impossible to guess. You should also set up two-factor authentication on your account, which you can do from here by clicking Security then More security options.

One of the alternative login options you'll see is Windows Hello PIN. Microsoft will encourage you to use this instead of your password, because it's kept hidden on your device and only applies to one specific device (read more from Microsoft on this here). As with your Microsoft password, your PIN should be lengthy and something that isn't obvious, such as your birthday.

For even better protection, you can switch to Windows Hello Face or Windows Hello Fingerprint to log in with your face or fingerprint—this sort of biometric authentication is very difficult to crack, though you do need it to be supported by your hardware. Most Windows computers now support these features, though you might be out of luck if you're using an older computer.

The Security Key option is another very secure login method. As well as your password, you'll need a physical, specially configured security key to gain access to your computer—so even if someone guesses or cracks your password, they won't be able to gain access. The physical keys aren't expensive but must support the FIDO2 standard: Microsoft has full details of how this works and how to obtain keys here.

Lastly, there's the Picture Password option, which basically uses a pattern that you draw over a picture of your choice as an authentication method. It's a bit more convenient for you, though it's also easier for someone else to hack into—it's easier to guess, brute-force a pattern, or simply peek over your shoulder in a coffee shop or an office than it is to replicate your fingerprint, for example.

macOS

Touch ID is a secure login method for macOS, if you have a MacBook that supports it.

Screenshot: David Nield via Apple

If you're using a Mac, open the Apple menu then choose System Preferences and Users & Groups to see the accounts set up on your system and to change your password, should you need to. This is the default way of logging into macOS, and it uses a separate password from the password linked to your Apple ID, even if your Apple ID is also associated with the Mac computer.

You should also click Login Options and make sure Automatic login is disabled, which means your password is required every time the computer starts up. It may be less convenient, but it's the only thing stopping someone from just rebooting your computer to get into it. Back on the System Preferences pane, click Apple ID then Password & Security to change the password for your actual Apple account, and to turn on two-factor authentication—something that you should definitely do.

If you're using a MacBook with a Touch Bar and Touch ID, you'll see a Touch ID icon on the System Preferences pane. Select this to use your fingerprint as a way of logging into your Mac, which is both more secure and more convenient than using a password. The same fingerprint can be used to authenticate Apple Pay payments as well.

The one other option you've got for logging into macOS is to use an Apple Watch as an authentication device. Your Mac is smart enough to know if you're actually wearing the smartwatch, and that you're within a very short distance, so it's a very secure way of protecting access to your computer (as well as being more convenient for you).

To set this up on macOS, you need to open the Apple menu and System Preferences, then choose Security & Privacy and General. Tick the box marked Use your Apple Watch to unlock apps and your Mac, and once you've confirmed this decision with your macOS password, you should be automatically logged in whenever your Apple Watch and your Mac are in close proximity.

Chrome OS

You can set up a PIN to log into Chrome OS, which works alongside a password.

Screenshot: David Nield via Google

When you set up a Chromebook for the first time, your user account will be protected by the password associated with your Google account. Once you're in, you can check your login options by clicking on the time, Wi-Fi, and battery indicator (lower right), then the cog icon, then People. Under your name should be a Security and sign-in option.

Once you've entered your password, you'll find an option forcing Chrome OS to request a password whenever the Chromebook wakes up, which you should switch on. You'll also find an option to set up a PIN to access your Chromebook, as well as your password—this isn't really any more secure, but it's more convenient for you.

You can also sign into ChromeOS using your (Android) phone. On the same Settings panel, you need to click Connected devices—from here you can set up a connection to any Android phones registered with your Google account, and click through to the Smart Lock option, which means your Chromebook is unlocked when the phone is nearby.

It's up to you whether you decide if this is more secure than simply typing in your password every time, but it's important to note that your phone will need to be unlocked for the login attempt to work. It's not the case that someone will be able to pinch your phone and then use it to get into your Chromebook, as long as the phone is locked.

As always, it's important to follow good password hygiene, as this can still be used to get into your Chromebook, no matter what else you've set up as a login method. From your Google account page on the web, you can choose Security to change your password and to make sure two-factor authentication is switched on for new devices (which it absolutely should be).


More Great WIRED Stories