The process for upgrading a Windows installation to Windows 10 is fairly simple and straightforward — perhaps to a fault.
Towards the end of the installation, Windows 10 prompts users for their account passwords. After the password is entered, the operating system finishes installing files and prepares the computer for use. However, it does not prompt for a second password entry before showing the desktop. A screenshot from the installation process is displayed below.
At Datarecovery.com, we believe that this is a potentially serious security vulnerability. If a user were to enter a password and then leave the installation unattended, the installation will complete and the computer will be left vulnerable. Sensitive personal files could be accessed by anyone who walks by the computer.
This is not an issue for most home installations of Windows 10, but could endanger sensitive information in some situations. Most people will not remain with their computers through the entire upgrade/installation process, and in offices or homes with multiple computer users, this may be enough to allow temporary file and application access to unauthorized users. For administrator accounts, the vulnerability is especially notable.
How to Avoid Security Issues When Upgrading to Windows 10
To avoid the security vulnerability, do not leave your Windows 10 installation unattended at any point in the upgrade process. Allow the process to complete, then log out of the operating system or shut down your computer. Windows 10 will then require a password before allowing access to programs data.
We also recommend choosing a secure password that uses a mix of uppercase and lowercase letters, symbols, and numbers. The password should be random and not based on a specific term or word. You may decide to change your password during the upgrade, which will help you keep your information secure as you explore the new features of the Windows 10 operating system.
To change your Windows 10 password, take the following steps:
- Press Ctrl + Alt + Delete. Click “Change a Password.”
- Follow the onscreen prompts. You will need to enter your old password once and the new password twice.
These steps will also allow you to change your password in Windows 7 or Windows 8 prior to upgrading.
If you notice any other Windows 10 security vulnerabilities, please email us at support@datarecovery.com. You can also call us at 1-800-237-4200.
