I got the question last week, why there are so many logon failure events on Windows XP when it is not domain joined.
The short answer is, by design. (Yes, bad design.)
The longer answer is that the shell team is working around the fact that there is no “tell me if this user account has a blank password” API.
When in a workgroup (not domain joined), Windows XP displays a welcome screen that has little pictures (called “tiles”) for each user who is permitted to log on to the computer.
The shell team wanted the experience that when you click on a tile, that you will immediately be logged on if your password is blank (we have good data that a large percentage of home users have blank passwords). They only want you to be prompted for a password if you actually have a password. Fair enough, and it also helps with accessibility for people for whom typing is challenging.
Windows XP, Troubleshooting