You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action
What is the most insecure way to log into Windows?
RE: What is the most insecure way to log into Windows?
In Windows 8/10 (including the upcoming 1909 update) the most insecure way to log into your Windows account is using a picture password. Once a picture password is set, Windows stores the current logon password in a way it can be easily decrypted to plaintext by any user who has access to the PC.
Potential weakness: predictable passwords. I expect the primary weakness is likely to be that users choose a "picture password" that is guessable or predictable. If the user chooses a predictable set of locations/gestures, someone may be able to guess the "picture password".