Your PC is where you keep everything from your personal documents and saved passwords to work files and even your financial accounts. So keeping it secure becomes necessary, especially if you use it in an office or any public setting.

The good news is that Windows already helps you with this, not just by locking your PC with a PIN or password, but also by keeping a record of any failed sign-in attempts. Even better, finding this information is as easy as running a quick PowerShell command.

Event Viewer can show failed sign-in attempts, but it’s too much work

It has the data, just not the simplicity

Event Viewer is a built-in Windows tool that logs everything that happens on your PC. From system warnings and app errors to security events like failed sign-in attempts, you can find it all here. The only thing is, the tool isn’t designed for quick answers, so you need to dig in to find what you’re looking for.

To find details about failed sign-in attempts, open Event Viewer, and head to Windows log > Security. You’ll see a long list of entries with cryptic names. To narrow things down, click the Filter current log option on the far right, and you’ll see a dialog box. Here, you need to replace with 4625, which is the event ID for failed logon attempts. If you type 4624, it will show logs of all the successful login attempts.

Once the Event Viewer shows Audit Failure entries, you can double-click any of them to view more details. The good thing here is that this dialog box also explains what each entry means.

For instance, the Logon Type number indicates the kind of attempt that was made. Type 2 means someone tried to access your PC by directly entering the password, while type 3 indicates a network-based attempt. Of course, you’ll also see the exact date and time when the attempt was made and the reason for failure.

PowerShell makes it easy

One command does it all

Event Viewer shows useful information, but it takes too many clicks to actually get there. If you want a quicker way to see all the failed sign-in attempts, PowerShell is a much better option. Its Get-WinEvent command lets you query Windows event logs directly and filter them on the spot.

Open PowerShell with administrative privileges and run the following command:

Get-WinEvent -FilterHashTable @{LogName="Security"; ID=4625} | Select-Object TimeCreated, Message

This will bring up a simple two-column table that’ll tell you exactly when a failed sign-in attempt was made. If you want to see a detailed log like you get in Event Viewer, you can add Format-Table -Wrap at the end to produce a detailed response.

Get-WinEvent -FilterHashTable @{LogName="Security"; ID=4625} | Select-Object TimeCreated, Message | Format-Table -Wrap

This will show the same table, but with more details this time. You’ll see the account name, logon type, failure information, and all the other details. It’s essentially the same as what Event Viewer shows when you open the properties of an Audit Failure entry. If there was no unsuccessful sign-in attempt made, this command will simply return the “No events were found that match the specified selection criteria” message.

Of course, you can use this command to check successful login attempts too by simply replacing the ID from 4625 to 4624.

Related

Security Settings in Windows You’re Not Using (and Hackers Hope You Don’t Find)

Uncover the hidden Windows security gems that hackers dread you’ll discover.

Upgrade your PC security with Windows Hello or hardware keys

It’s time to ditch passwords

Credit: Yadullah Abidi/MakeUseOf

Relying only on a PIN or password to secure your PC can be risky, no matter how strong and complex it is. If you want better peace of mind, setting up Windows Hello face or fingerprint recognition is the easiest upgrade you can make.

Most newer laptops already have the required hardware for this, but if yours doesn’t, you can always get an external Windows Hello-compatible device. Once you’ve set up Windows Hello, head to Settings > Accounts > Sign-in options and turn on For improved security, only allow Windows Hello sign-ins for Microsoft accounts on this device. This way, the only way your PC can be unlocked is with your fingerprint or face.

Another option is to use a security key. These are small, flash drive-like devices that replace passwords entirely. Plug it in, and your PC unlocks. Remove it, and Windows locks itself. Even if someone guesses your PIN or password, they still can’t get in without the key. And you don’t necessarily have to buy a dedicated hardware key. You can turn any old USB flash drive into a security key with a tool like USB Raptor.

Brand

Logitech

Resolution

4K

Rotation

90-degree horizotally, 90-degree vertically

Wide Angle Lens

Yes (65, 78, or 90-degree field of view)

Monitoring failed sign-in attempts and securing your PC with better sign-in options is only a part of the job. You also need to make sure your Microsoft account is just as secure. All it takes is using a strong password, enabling two-factor authentication, and regularly reviewing account activity.