Re-authentication after inactivity

by Chris Taylor

About Chris Taylor:  Chris is on the Community Review Board for SANS’s OUCH! (the security awareness newsletter designed for everyone), has given over 470 computer-related presentations at the Ottawa Public Library, and is President of the Ottawa PC Users’ Group.

In September ( I showed how to disable automatic sign-in to Windows and make sure all user accounts have a password. In October ( I showed how to ensure re-authentication is required after waking from sleep mode or after a screen saver is dismissed.

Choosing what should blank the screen

One drawback to using a screensaver is that it doesn’t cut the video signal (even if the screensaver is set to Blank) and this prevents the monitor from going into a low-power state.

On the other hand, power settings in Windows provide the capability of turning off the monitor after a period of inactivity and this feature does cut the signal to the monitor. A modern monitor can then go into a low-power mode.

Go to Settings | System | Power & sleep and select a time for Screen – turn off after.

You can also set the time for individual power plans. Click the Additional power settings link and then Change plan settings.

Unfortunately, the Windows setting to turn off your monitor doesn’t have an option to require re-authentication when the monitor turns back on after you start using the computer again. However, you can combine the two options to get the best of both worlds.

Set your screen saver to On resume, display log-on screen and choose the Wait period you want. Then, in Power & sleep in Settings set the Screen – turn off after to the same time period. The screen saver will ensure re-authentication is required when you resume and the Power & sleep option allows your monitor to go into low-power mode.

While it is possible to use only power options to have Windows prompt for re-authentication when you resume using your computer, it requires modifications to the registry. While not particularly difficult, I don’t think there is a major downside to use the combination of power settings and screensaver as detailed above.

Dynamic lock

You can configure windows to lock your computer if the Bluetooth signal for a paired phone falls below a certain threshold. In Settings| Accounts | Sign-in options under Dynamic lock select Allow Windows to automatically lock your device when you’re away.

Microsoft says Dynamic lock works with “devices that are paired with your PC” but a phone is the “only currently supported configuration”.

I don’t view Dynamic lock as a main means of protection. It only locks your computer after the Bluetooth signal strength drops below a certain level for 30 seconds and it is interrupted by any keyboard or mouse activity. While it might help you if you accidentally walk away from your computer without locking it, a quick-thinking attacker watching you walk out of the room can easily defeat Dynamic lock simply by moving the mouse or pressing a key.

If you haven’t downloaded the best firewall yet use one of the two buttons below. Need help? Contact us, or join our forum. We look forward to hearing about how you have joined our firewall community and we’d like to hear how you use the best firewall software to protect your device and network.

Get it on Google Play Download for Windows