Lol, as soon as you said this, it clicked in my head of how they got in. I just got home from work and looked at account settings. I have an old test account with a 4 letter password hahaha. I just removed that account haha. Going to turn server back onI am not a top rated computer expert, by anyones imagination. But, I am , from choice, the "caretaker of the computers of most of my family and friends.
Several of these are "no longer young", and a principal problem is the forgetting of passwords into their computers.
The password , whether face: word or key, will only prevent nosey and local snoopers from looking at your data. It is a simple process to bypass it and look at the contents of the hard disk.