A researcher demonstrated how easy to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The device needs to masquerade as an USB-to-Ethernet LAN adapter in such a way that it becomes the primary network interface on the target computer. This shouldn’t be difficult because operating systems automatically start installing newly connected USB devices, including Ethernet cards, even when they are in a locked state. The time it takes for a rogue USB device to capture credentials from a system using this attack is around 13 seconds.”]