Is there a way to make the Windows Login Screen much more secure?

[KatzWo]

So I already have the group policy 'press CTRL+Del+shift to get to the login screen' in effect. I also have Bitlocker enabled on my C Drive so when I start my PC, it requests my 12 digit PIN.

But I feel like the Windows Login Screen isn't secure. It's so easy to crack the password if you don't know it. And I don't want to go through the hassle of shutting down my PC every time I don't use it just so Bitlocker can make my PC more secure

 

[garlin]

Why is the logon screen less secure? I would be more worried about remote access attempts than physical access.
If you wanted extra security, add 2FA (two-factor auth) like a fingerprint reader or Windows Hello webcam, or a Yubikey-style authenticator.

 

[KatzWo]

Why is the logon screen less secure? I would be more worried about remote access attempts than physical access.
If you wanted extra security, add 2FA (two-factor auth) like a fingerprint reader or Windows Hello webcam, or a Yubikey-style authenticator.

I tried to encrypt my USB flashdrives with Bitlocker, but once encrypted, I couldn't load their content in the boot menu (if this makes sense). So if the USB flashdrive has been encrypted with BitLocker, whatever ISO is on it, I can't boot into it.

Is there a way to encrypt a USB flashdrive and still be able to boot into any ISO that's on it?

 

[garlin]

No. Unlike Windows, WinPE has no support for booting from a locked volume. Windows to Go works with BitLocker, because it's a full Windows deployment and not PE.