Windows 11 privacy settings: Relaxed level

What for: To secure your account and set up secure sign-in.

By default, you can sign in to a Windows 11 device without a password, with your Microsoft account credentials or with a local (device-specific) user account. None of the three options ensure a due level of security, but you can't set up secure sign-in with a PIN or fingerprint unless you set a password first. If you haven't connected a Microsoft account and you're not planning to, you can set a local account password. A strong password:

• Is at least 8 characters long;
• Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.);
• Is not a word, popular expression or easy-to-guess combination of characters, such as "123456789" or "pa$$word";
• Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, and so forth — or those of your friends or relatives);
• Is not the same as your passwords for any other accounts, including your Microsoft password.

To set a local account password:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to the Accounts menu;
3. Under Accounts, select Sign-in options;
4. Under Ways to sign in, select Password and click Add;
5. In the window that opens, enter your new password twice in the appropriate fields and add a hint in case you forget your password;
6. Click Next;
7. Click Finish.

Please note: We recommend adding further methods to secure your device in addition to a password. A PIN or fingerprint are the recommended methods.

What for: To prevent your account from being hacked.

Windows 11 offers several additional options for more secure sign-in: picture password, PIN, facial recognition, fingerprint recognition and hardware security key. For the most effective protection, we recommend using a PIN code or a fingerprint scanner.

The PIN code is stored locally on the device and is tied to your computer. Even if someone finds out your password combination, they will not be able to log in to your account from another device. That's a PIN code's advantage over a password.

Avoid short and easy PINs that a stranger may easily guess to get to your data. A strong PIN is one that meets the following requirements:

• Is at least 8 characters long;
• Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.);
• Is not a word, popular expression or easy-to-guess combination of characters, such as "123456789" or "pa$$word";
• Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, and so forth — or those of your friends or relatives);
• Is not the same as your passwords for any other accounts, including your Microsoft password.

Please note: You have to secure your account with a password before you can use a PIN.

To create a PIN code:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to the Accounts menu;
3. Under Accounts, select Sign-in options;
4. Under Ways to sign in, select PIN (Windows Hello);
5. Click Set up. If necessary, click Next and enter the password for your local or Microsoft account;
6. Select Include letters and symbols in the opened window and create a secure combination.

If you have a dedicated built-in or plug-in scanner, you can enable fingerprint sign-in after you create a PIN. It is not so easy to fake a fingerprint, so this method is safer than face recognition, which in some cases can be tricked, for example, by using a photo. Keep in mind though that Windows will send your biometric data and your sensor usage details to Microsoft.

To enable sign in by fingerprint:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to the Accounts menu;
3. Under Accounts, select Sign-in options;
4. Under Ways to sign in, find Fingerprint recognition (Windows Hello), click that and then click Set up;
5. Click Get started;
6. Enter the PIN code that you use to log in to the system;
7. Scan your fingerprint;
8. Click Close.

Please note: Even if you have set up PIN or fingerprint sign-in, Windows lets you use your Microsoft account password to sign in. This makes the device less secure, as the password for a cloud account is more likely to be leaked. The option is off by default, but if you have changed the system settings, we recommend checking and adjusting if needed.

To prevent your device from using an account password instead of a PIN or fingerprint for authentication:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to the Accounts menu;
3. Under Accounts, select Sign-in options;
4. Under Additional settings, turn on For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device (Recommended).

You cannot completely remove your PIN or any other Windows Hello sign-in method as long as this option is on.

What for: To keep strangers from gaining access to the system while you're away from your device and haven't locked it manually.

Windows 11 can lock your computer if you haven't used it for a preset period of time. This will prevent strangers from accessing your confidential information in your absence.

To configure the screen lock:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to the Personalization section;
3. Click Lock screen;
4. Under Related settings, select Screen Saver;
5. In the window that opens, select a screen saver of your choice. We suggest choosing "Blank", "Mystify" or "Ribbons", which prevent viewing or recovering your desktop and data;
6. In the windows that opens, check the On resume, display logon screen box and select your preferred lock interval;
7. Click OK.

This will cause the screen to start locking, and you will have to enter your password to unlock it.

You can lock the computer manually by using the Windows+L key combination or in the Start menu:

1. Open the Start menu;
2. Click your profile icon;
3. Select Lock.

What for: To find your computer if you lose it.

Windows 11 saves the location of your device regularly. If you lose your computer or if it is stolen, you can track it and, if necessary, lock it. This feature is enabled by default, but we recommend checking your settings:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to Privacy & security;
3. Under Privacy & security, select Find my device and turn on the identically named option.

You can find and lock a lost device in the Devices section on the Microsoft Account page.

Remember that you must use the Microsoft user account linked to your lost computer. A lost device can send its location only if it is turned on and connected to the Internet.

Downside: Your computer's location will be sent to the company's server and stored on the device.

What for: To stop Windows from spamming you with Microsoft offers.

By default, Windows 11 shows you notifications with tips and product recommendations from Microsoft. You can turn off these notifications:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to System;
3. Select Notifications;
4. Click Additional settings and uncheck Get tips and suggestions when using Windows.

If it is just the notification sounds that get on your nerves, try muting them: Uncheck the box next to Allow notifications to play sounds in the Notifications section.

What for: So that no one can spy on you.

Apps and websites can obtain access to the camera and microphone on your computer, for example to make video calls. Certain malware and Web pages try to get these permissions either covertly or by tricking you to spy on you. You can partially or fully restrict the system or apps and websites from accessing the camera and microphone.

To limit access to your camera:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to Privacy & security;
3. Under App permissions, select Camera;
4. To block access to your camera:
5. For most apps (see below the steps for exceptions), turn off Let apps access your camera;
6. For individual apps, turn off the appropriate options. After that these apps will not be able to use the camera directly. However, they will still be able to ask you to grant them access in the Camera app. If you do that, the permission will remain valid until you cancel it;
7. If your account has local administrator permissions, you can prevent other accounts on the PC to set up app camera access. Just turn off Camera access.

Please note that if you use Windows Hello to sign in to your computer, the service will still have access to the camera.

To limit access to your microphone:

1. Open your system's settings by clicking the cogwheel in the Start menu or using the Windows + I key combination;
2. Go to Privacy & security;
3. Under App permissions, select Microphone;
4. To block access to your microphone:
5. For most apps (see below the steps for exceptions), turn off Let apps access your microphone;
6. For individual apps, turn off the appropriate options in the app list.
7. If your account has local administrator permissions, you can prevent other accounts on the PC to set up app microphone access. Just turn off Microphone access.

Please keep in mind that you will find only default and Microsoft Store apps in the list. This setting will not affect apps that were downloaded from other sources.

Downside: In Windows 11, one camera and microphone access setting applies to all apps except for the built-in ones. So, if you need to give camera or microphone access to one of your apps, you'll have to turn access back on for all of them.