Security
The stuff on your computer - files, contacts, programs, email, etc, doesn't just appear there by magic - it is usually the result of years of using the device. Losing it all can be nothing short of a disaster as you are then faced with the task of creating it all again from scratch.
In this tutorial, we focus on how to keep your computer, and the data on it, safe and secure.
Passwords
We will begin this tutorial on the subject of passwords.
Standard Passwords
When you log on to your computer, you are asked for a password - this happens whether you are signing in with a Microsoft account or a local account - without one, you are not allowed into the computer.
Lets take a look at your options here:
- On the Start menu, go to the Settings app → Accounts.
- Should you wish to change your current password, click Change under "Change your account password". A window will open asking you to enter the current password. Do so and, in the next screen, you are asked to enter it again in the top box, and the new password in the box below. Click Next and then Finish.
- Another option available to you is using a pin number instead of a password - many people find these easier to use. Under Pin, click the Add button. Enter your current account password and then click Next.
- Enter the pin number, enter it again below to confirm, and then click OK. From now on, you sign in to your computer with the pin number.
Picture Passwords
A more novel way of signing in to your computer is provided by the Picture password feature. This enables you to use a picture from your library as a password. You have to perform three gestures on the selected picture. To do this:
- In the Accounts sign-in options screen, click Add under Picture password.
- In the window that opens, enter your password and click OK.
- At the left, click Select picture.
- File Explorer opens - browse to the picture you want to use.
- Draw three gestures on the picture - you can use any combination of circles, straight lines and taps.
- You'll be asked to repeat the gestures to confirm. Click Finish and you're done.
The next time you log on to the computer, you'll see the picture. Draw the three gestures and you're in.
Windows Hello
Windows Hello is the name given to Microsoft's biometric security system for Windows 10. It employs facial- and fingerprint-recognition technology that scans your face or fingerprints when you sit down in front of the computer. If it recognizes you, the computer is unlocked.
You can get going with Windows Hello in two ways:
- Purchase a laptop or tablet with the required security device built-in. This can be a special "depth" camera or a fingerprint reader.
- Add the security device to an existing setup.
With regard to the cameras, they are not cheap so if you want to use the Hello feature, it may be better to buy a computer with one built in.
To set up Windows Hello on your computer:
- On the Start Menu, go to the Settings app and click Accounts.
- Set up a pin number as we explain here - this is required to use Windows Hello.
- That done, the Windows Hello settings will now be available.
- Click Set up under Face and then click the Get started button.
- From this point follow the prompts. Note that these will vary according to the security device being used.
Microsoft Passport
Closely related to the Windows Hello feature, Microsoft Passport is intended to take things a step further. The theory is that once you have signed in to your computer with Hello, you will be able to instantly access web sites and services across a range of industries; favorite commerce sites, email and social networking services, financial institutions, business networks and more - all without the need to enter a password.
The rationale behind Hello and Passport is the fact that while passwords are simple to use, they are also insecure, hard to manage, and prone to breaches and phishing attacks. To protect users from the risks of passwords, the industry has come up with a range of methods - password complexity policies, changing passwords on a set frequency, one-time passwords (OTPs), and multi-factor authentication (MFA). These all help, but at the cost of usability.
Smartcards, the other major credential method commonly used, are more secure than passwords while also providing a physical second factor. The downside is that they require considerable infrastructure to deploy and maintain. Plus, there is extremely limited support for smartcard authentication on mobile devices.
The goal with Microsoft Passport is to overcome these issues by eliminating the need for passwords. This will be done by merging the simplicity of passwords with the higher security of smartcards. If Windows Hello is not supported by the user's hardware, Passport will fall back to asking for a pin or password.
Windows Hello will store your biometric signature locally and use it for just two purposes: unlocking your Windows 10 device and using Passport.
In addition to various apps and websites, Passport will work with thousands of enterprise Azure Active Directory services at launch.
Data Encryption
Another password-related risk to the security of your data arises when your computer is stolen. The thieves may not be able to crack your password in order to gain access to the computer but they could simply take the hard drive out and install it in their own computer.
The solution to this problem is data encryption, and Windows 10 provides two utilities that you can use. The first of these is:
Encrypting File System (EFS)
This system encodes files and folders so they can only be read when you log on to the computer with the associated user account. During the encoding process, an encryption key is created and stored within the user account. If an attempt is made to access the file from a different user account, the encryption key won't be available and so the file in question cannot be decrypted.
To encrypt a file with EFS:
- Open File Explorer and browse to the folder that contains the file.
- Right-click on the folder and click Properties.
- Click the Advanced button.
- In the Advanced attributes window, check the "Encrypt contents to secure data" box and click OK.
- On the General tab, click Apply and, in the Confirm Attribute Changes window, click OK.
- Click OK once more and the encryption procedure begins.
When the encryption is complete, check the folder in File Explorer. You will notice that its name text has now changed to green - this is the only indication that a folder has been encrypted. Another user logging in to your computer via a different account will be able to see and open the folder but will not be able to open the files inside it.
BitLocker Drive Encryption
EFS is fine for encrypting folders and individual files. However, you can also choose to encrypt an entire drive. If so, you need Windows BitLocker feature.
Use it as follows:
- Type bitlocker into the Taskbar search box and press Enter.
- The BitLocker Drive Encryption window opens.
- All the drives on your computer are displayed. Click on the one you want to encrypt.
- After initializing, a window will open asking you to enter a password with which to unlock the drive. Do so and click Next.
- At the next window, specify where the recovery key is to be saved and then click Next.
- You will now be asked if you want to encrypt the entire drive or just the part of it that's currently in use. Make your choice and click Next. Then in the next window, click Start encrypting.
When a drive has been encrypted with Bitlocker, all data subsequently added to it is encrypted as well.
Note that BitLocker is only available on the Pro and Enterprise editions of Windows 10.
Sync Important Data
OneDrive it can be used to access and share your files from anywhere. Another way it can be used is to make sure important data is automatically saved online so if anything happens to your computer, a copy will always be available. Do it as follows:
- Open File Explorer and browse to the folder containing the important data.
- Left-click on the folder and drag it across to the OneDrive folder on the Navigation bar and release it.
- Now access your OneDrive at www.OneDrive.live.com.
- You will see that your folder is now safely stored online. You can now use the folder on your PC as a backup folder - any data you add to it will automatically be synced (copied) to the online folder in OneDrive.
Back Up Your Files
There are a number of issues that can be experienced when working with files. You may simply have lost one. Or, you may have deleted one by accident. A file can become corrupted and refuse to open. All these issues, and more, can be resolved with the Windows 10 File History utility.
Before you can use it though, you need to get a separate drive on which to store the backup. Once you have:
- Open the Start menu and click Settings.
- In Settings, click Update & Security and then Backup.
- Click Add a drive. A list of available drives will appear - select the one you want to use for the backup.
- Click the Automatically back up my files option to On.
- Click More options and in the new window, click Back up now.
- Before you exit this window, scroll down to the Back up these folders section. The folders listed are the ones that are backed up - make sure everything you want to backup is in one of these folders. If not, click the Add a folder button, browse to the required folder, select it and click the Choose this folder button.
From this point on, File History will work silently in the background backing up the specified folders to the backup drive. By default, the backup is updated every hour, which is something you can change if you want to by opening the Backup options screen and selecting a different period. You can also specify how long Windows is to keep the backup - the default is forever but you can set it to be between one month and 2 years.
Complete System Backup
The File History utility is fine as far as it goes but it does not let you create a complete backup of your system. For this, you need to use another of Window 10's utilities, Back up and Restore.
- Right-click on the Start button and click Control Panel.
- Click "Back up and Restore (Windows 7)".
- At the left of the screen, click Create a system image.
- Windows will look for a separate drive on which to place the system image backup. You can also save it on DVD discs or to a network location. Make your choice and click Next.
- At the next screen, select all the drives (assuming you have more than one) to be included in the backup
- Click Next and then Start backup at the final screen.
Restore Your System
When your system image backup has been built (and this can take several hours), you then need to create a system repair disc, which you use with the system image to restore your computer.
To do this:
- Open Back up and Restore (Windows 7) as previously described.
- At the left of the screen, click "Create a system repair disc".
- Make sure there is a DVD in the CD/DVD drive and then click Create disc. The procedure takes just a few minutes.
Restoring From a System Backup
Should you ever have reason to restore your computer from the system image backup, do the following:
- Place the system repair disc in your DVD drive.
- Restart the computer
- When prompted, press any key to boot the computer from the disc.
- From the recovery options displayed, select System Image Recovery.
The computer will now be restored from the system image to how it was when the image was created - any data created since will be lost.
If you don't have a DVD drive in your computer, you can create a recovery drive instead - this uses a USB flash drive. Open the Control Panel and click Recovery. At the top of the window, click "Create a recovery drive" and follow the instructions. The recovery drive works in much the same way as the system repair disc - connect it to the computer, restart it, find the System Image Recovery option and go from there.
Antivirus Software
Antivirus software are programs designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
Windows 10 provides a built-in antivirus program called Windows Defender. Access its settings at Settings → Update & Security → Windows Defender. The program is a fairly basic example of its type and offers just two options: an on/off switch and the ability to add exclusions.
For all that it's straightforward, Windows Defender has a number of advantages. It's builtin, won't harass you with pop-ups, and is simpler than some competing antivirus products. Also, it won't attempt to harvest your browsing data as some free antivirus programs have started doing in an attempt to make a profit. Plus, it's free!
Overall, Windows Defender provides reasonably good protection and will probably be fine for most computers, along with some common sense and good security practices.
However, if you're regularly downloading pirated applications and engaging in other highrisk behavior, you may want to disable Windows Defender and get something that offers a higher level of protection.
We also suggest an anti-exploit program to protect your web browser and plug-ins, which are the most targeted by attackers. MalwareBytes Anti-Exploit is a free program and we recommend it. It functions in a similar way to Microsoft's EMET security tool, but is more user-friendly and offers more security features that help block common exploit techniques.
If you are looking for something better than Windows Defender, the ones to go for are Kaspersky AntiVirus and BitDefender. Both are consistently ranked at the top of the detection rate charts.
If you do install a third-party antivirus program, Windows Defender will automatically disable itself and then re-enable itself if you ever uninstall the third-party program.
Privacy Issues in Windows 10
Personal privacy is a serious concern for anyone who surfs, shops or banks online. Google, Facebook, advertisers, hackers and others are all constantly trying to get your information so they can make money out of you.
This includes Microsoft. With every version of Windows, it's digging further and further into your personal life, and Windows 10 is no exception. In fact, it introduces some new features that collect your data like never before. And by default, they are all turned on. Fortunately, you can turn them off if you know where to look.
The main offenders are:
Advertising
Like every other major online company, Microsoft is using targeted advertising to increase revenue. That means it's sending advertisers your data so they know what ads to send you. While you can't shut off the advertising, you can stop advertisers from seeing what you're doing. Do this by going to Start → Settings and select Privacy. In Privacy, go to General and switch "Let apps use my advertising ID" to Off. Now, advertisers won't get your advertiser ID when you visit a page.
Location
Still on the Privacy screen, head to the Location area. Here, you can tell Windows to stop tracking your location entirely, or specify which apps can and can't use your location. Location is useful for apps like the Weather app or when you're looking at maps because you don't have to put in your address every time. However, other apps might use it to keep tabs on you.
Cortana
As we have seen, Cortana is Microsoft's digital personal assistant. In order to provide you with information when requested, it has to learn as much about you as possible and it does this by monitoring your movements, browsing habits, contacts, calendar and more. If you don't think you'll use Cortana, you can turn it off completely by clicking in the Taskbar search box and clicking the Notebook icon at the left. Then click Settings and turn Cortana off.
Finally, there is another setting that lets you manage what it has already learned about you. Plus, you can stop Bing from recording information about you to improve your searches.
Open the Privacy screen and under Speech, Inking & Typing, find "Getting to know you". This controls whether or not Cortana is learning certain things about you. Turn it off by clicking "Stop getting to know me".