If you suspect someone with physical access to your computer system is attempting to log in without authorization, the security logs are a dependable treasure trove of evidence. If you think the hacker knows your login information, first change the password to something more secure. Next time, they try to log in with the old password, it will be noted in the security log. The same applies for previous failed attempts.
View the security log by navigating to Windows Logs > Security. In the Windows event viewer, search the Event ID for the code “4625”. This is the marker for failed login attempts on your account. If you mis-typed your own password, that will register here as a failed login attempt, so in reading these records, look for failed login attempts that are unusual. The “4625” codes that you didn’t create yourself are confirmation that someone tried to access your computer without authorization.