So imagine / apply your prior experience that you have a crazy ex / abusive parents / arch-enemy, and there's the risk that one day, while you're out, they'll (among other things) take your PC and sell it, throw it in a ditch etc. Is a good ol' login and password enough (assuming the PC doesn't get handed to Master Hackers) and are there other simple steps to take to stop a stranger that's powering it on from getting all your info?
A login and password will protect you from a thief, 'cos they'll wipe it (or their fence will, whatever) to sell it on. If someone took it because they want your data, though, it'll do jack. It's easily bypassed, or you can just whip the drive out and pop it in another system - or boot from a Linux live CD. Bosh, full access to all your files. What you want is encryption. Windows has BitLocker: once enabled, the data is encrypted at-rest. If you don't authenticate properly, no data for you. And I mean no data for you: it can lock you out just as easily as anyone else. There have been attacks against BitLocker, but of the nation-state type rather than the irate-ex type. Nothing to worry about, I'd say.
Yup, encryption with bitlocker is what you need for Windows. Keep the recovery key somewhere safe. If you are only concerned about a subset of files you could use something like Veracrypt to encrypt them. But if you have logged in sessions left in your browser or passwords stored in a browser without a master password you're better off encrypting everything with bit locker
