How safe is locking the screen?

Both Windows and Linux have a pretty useful feature that allows you to leave everything running on the PC while also keeping invaders away by locking the screen. My question is:
Say I leave my laptop with the screen locked while I go get a donut, and then it gets stolen. Assuming the thief has access to whatever software he needs, how easy/hard would it be for him to access my (currently logged-in) account?

I'm not asking if he can access the data on the hard drive. I know he can, and that issue would go under data encryption, which is not my question here. I'm focusing on how hard would it be to get around the "Insert Password" screen, and have full access to my account.

I'm looking for answers regarding both OS's; but, if needed, assume Ubuntu.


Solution 1:

The answer is probably "safe enough" and I would be more concerned about being without my laptop and having to buy a new one than having my data stolen.

Both operating systems are waiting for the password to be typed in and, as far as I know, there is no way of automating this process. You are therefore back to the normal safe password practices - so don't have the password written on a post-it note attached to the laptop's screen.

Also consider who is going to steal the laptop. Are you some mega-important government employee with extremely important information that a foreign government would pay millions for and use a team of highly trained spies to get, or is your laptop going to be stolen by some kid looking for a bit of beer (or other intoxicating substance) money?

Once someone sees the password prompt I would imagine that the chances are that they will just install a pirated copy of Windows over the top of your stuff anyway - that would be far easier and quicker than going to the trouble of cracking the password.

Solution 2:

Anyone with access to the computer can crack the password file, but it gets even scarier than that. If the thief is familiar with the cold boot attack, even data that's encrypted on-disk is not safe, because the contents of RAM can be read (including any in-memory decryption keys)--even after the RAM is physically removed from the machine and installed in a different computer.

Theoretically, the thief could get a memory dump and image your hard drive, then load both into another identical machine and see what you were working on behind the locked screen--and you wouldn't even know because your computer would still be at your desk.

But, as Neal mentioned, you're probably safe, because most people with physical access to your computer either don't have the know-how or aren't that interested in what's on your computer.

Solution 3:

I believe if i plug in my wireless receiver for my KB/Mouse, it automatically loads the drivers to make my KB/Mouse work, even while my screen is locked. So theoretically, someone can plug in an USB device that emulates typing on the keyboard and try a brute force attack on such a device. But then it just relies on the security of your password.

Solution 4:

If the hard drive can be accessed, that means password file/stores can be accessed. At the very least an attacker could brute force it using the password file and a cracker. Perhaps others can provide information on OS specific vulnerabilities in this scenario.