Passwords on computers are there to make things difficult for, say, other people in your office. They've never been much good for deterring people who're determined to get into computers.

I sometimes buy old laptops at auction and then see what I can do with them (such as installing a non-Windows operating system), so I'm quite familiar with getting around password problems. As has been said, going into the BIOS to ensure that a computer will boot from a USB memory stick, and then booting the computer from such a stick containing password-breaking software, is often all that's needed. (Such a device will usually generate a list of all accounts and their passwords within a few minutes). However I'm told that Windows 10 passwords are harder to crack. (I've not had to try it yet as Windows 10 laptops don't get sold for a tenner or so, which is all that I normally pay for an old laptop).

Note the time factor in what I've already written though. A potential hacker needs a few minutes to check that the computer's BIOS is probably configured (changing it if necessary) and then waiting for the passwords on it to be found. A work colleague can't easily do that while you've just nipped out of the office to fetch another box of paperclips, especially if there are others watching him.

A more secure way of using a password on a computer is to password-protect the BIOS, rather than Windows itself. Then, when it's turned on, the computer won't even start trying to load Windows. It will require a password before any progress can be made at all. It's still possible to defeat such a password but it involves opening up the computer to disconnect the BIOS battery, so once again it's something which needs some time to accomplish. (I did just that though with an old BIOS-protected netbook a few months ago, which I'd purchased at auction. I found some very saucy photos of the previous owner's girlfriend on it!).

So far I've covered password-protecting the computer as a whole (using a BIOS password) and Windows itself. As I've indicated, neither are any good for defeating a determined hacker who's got sufficient time to do his work. However it's password-protecting files, folders and external drives which is really effective. That's because, before applying a password, encryption is used, so simply by-passing the password wouldn't help, as it would only show a load of garbled data.

There have been several high-profile cases where people suspected of (say) revealing information to Wikileaks have refused to provide the passwords to their encrypted memory sticks, and where the combined might of the CIA, the FBI, GCHQ and other security services have been unable to access the data. So encryption definitely does work!

Many memory sticks (such as those sold by SanDisk) are now sold with encryption software already on them, so additional security doesn't need to cost a penny. For the very best rated software though (with, for example, the facility to create hidden, password-protected, encrypted drives on your computer), look no further than the might Steganos:
https://www.steganos.com/en/steganos-privacy-suite-19

I know very little about Macs but this looks as if it might be relevant:
https://www.intego.com/mac-security-blog/is-using-filevault-encryption-in-macos-good-enough/