Kniht's quote from Ed Bott is in reference to someone logging into your machine remotely. In that case, a blank password box is more secure. I have the feeling that your brother has physical access to your machine. Correct?
I suspect that he is not actually logging into your account, especially since you say that you have been using a secure password. (This must be something that he cannot guess. So~ no birthdays or pet names, etc. A really secure password is something like: "Four Hundred +22 is almost 425" or "3.14159 isn't as easy as pie.")
I think that he is booting your machine into Safe Mode and logging into the machine's ADMINISTRATOR account. From there he would be able to make the changes you describe.
To take total control, you must also password protect the ADMINISTRATOR account.
Boot to Safe Mode. As your computer's very first screen is loading, begin pressing F8 about twice a second until you arrive at a black screen with white writing. One of the lines of text will be highlighted. Use the arrow keys of the keyboard to move the highlighting to Safe Mode. Then press the Enter key of the keyboard.
If this is your first time in Safe Mode, it may seem scary. Lots of white writing on a black screen, and when things do load it all seems goofy looking. Perfectly normal.
Log on as ADMINISTRATOR. If no password has been set, simply click the ADMINISTRATOR icon and press Enter.
If a password has been set, type it in.
If you do not see an ADMINISTRATOR icon, type in Administrator for user name.
Once logged into Safe Mode as ADMINISTRATOR, go to User Accounts in the Control Panel and set a password for the ADMINISTRATOR account just as you would from your own account. While you are at it, you can also change your personal acount back to Admin as well.
Make sure that you have a fail-safe way to remember these passwords.
Especially for the ADMINISTRATOR account, since you won't be using it regularly.
Good luck, and please post back with your progress.