A major focus of Windows 8 is convincing users to login using a Microsoft account (formerly Live ID) rather than a traditional local account. A Microsoft account is a sort of portal to access various cloud services including 25GB of free storage via SkyDrive which is accessible directly through various apps in the new modern UI.
While it certainly makes some things much more convenient, it also introduces new security concerns which don't apply to local user accounts. Some are specific to Microsoft's services while others are simply inherent risks which go along with integrating the cloud into your daily computer use.
Some of these issues also apply to Windows 8 workstations in enterprise environments. Although Microsoft account logins don't replace the standard active directory (Windows domain) login system, you can (if your employer allows it) connect a Microsoft account to your regular Windows login. This shifts some of the security burden to your employer's IT department there may still be some measures you should take for yourself.
In this article we will examine 5 things you can do to avoid potential security problems when using your Microsoft account to login to Windows 8. That doesn't mean I recommend doing so. In fact I use a local account almost exclusively, although I do have a Microsoft account. If using this new login method doesn't address some need you have, by all means skip it entirely. But if you do decide to login this way here are some things you should think about.
Even if you have no intention of ever using a Microsoft account you may want to read through these suggestions. While some of the specifics may not apply to you, they are all rooted in basic principles anyone who uses a computer or accesses the Internet should be aware of.
Every Microsoft account must be associated with an email address. Because you can use this email account to reset your Microsoft account password if you forget it or if it has been hacked it's essential that this email account be as secure as possible. When you create
your Microsoft account you will be given the option to create a new Hotmail or Live.com email address. Don't do it.
Both services rely on simple password policies based on outdated security standards based almost entirely on complexity. That is to say they require at least one upper case letter, one lower case letter, one number & one symbol with a maximum length of 16 characters. While this system actually can be quite effective, it almost requires using computer generated passwords.
Unlike a computer, the human brain has a bias towards familiar and predictable patterns. Today security experts recommend using very long passwords instead - in excess of 30 characters preferably. GMail allows passwords up to 200 characters long.
In fact don't even think of it as a password. Instead you're looking for a passphrase. The more words the better. You still need to be careful about predictability. Common phrases you use (or hear) in everyday conversation are still easily guessed. On the other hand a title or quote from your favorite song, movie or book is probably pretty safe.
For even more security you could come up with a password which combines two or more unrelated phrases. For example you could put together a song and movie title to come up with
GMail 2 Factor Authenticationpassword.
If you're really serious about security an even more useful feature available in GMail is two factor authentication, which once again Microsoft's free email services don't have. Two factor authentication has been in use in corporate IT for many years but more recently has seen increasing adoption for logging into financial web services. In GMail's case it involves entering information sent to your phone after the correct password has been entered.
Of course your email account isn't the same as your Microsoft account login. When you create this account you will be asked for another password, unfortunately with the same limitations of their email accounts. They are limited to 16 characters and no two factor authentication is available. However there are some things you can do to improve security.
Here are just a few suggestions:
Hopefully this last one goes without saying, but research says otherwise. Use a unique password. The more places you use a particular password, the more vulnerable each of them is. If you don't think that's a major concern consider what Eric Doerr, a Microsoft manager intimately involved with the development of SkyDrive and Hotmail until 2010, had to say about it in July of this year:
In other words out of all the stolen password lists Microsoft gets their hands on to test, 1 in 5 of the usernames which match Microsoft accounts also share the same password. That doesn't even begin to count cases where someone doesn't have the same username but still uses the same password or others which duplicate passwords Microsoft has never gotten access to. It also doesn't include a single person who signed up after Windows 8 was launched more than three months later.
Don't add any personal information to your Microsoft account profile without a specific reason for doing so. Microsoft recommends you add as much information as possible. That's fine until someone breaches their security and is logged into your account with full access to all of it.
Adding personal information may be necessary if you are connecting an app or third party service to your Microsoft account. Adding it without any purpose, though, is really only helpful to Microsoft. The more information people include the easier it will be to sell Microsoft account interoperability to developers. From a security (or privacy) perspective the golden rule is less exposure means less risk.
You shouldn't send any information across the Internet without a good reason, and that goes double for storing it in the cloud.
Secure encryption can be simple and freeOf course some details will be required. The specifics vary by region since privacy laws aren't uniform around the world. If you live in the EU, for example, Microsoft will be less insistent on getting personal details than if you are in the US.
This also applies to any files you store on SkyDrive, including anything in a SkyDrive sync folder on your hard drive. If you need to store a file with sensitive information on SkyDrive at least make sure to encrypt it. This also applies to any sort of cloud storage, and in fact is a good precaution to take even with files stored on your local hard drive.
And don't forget about other accounts or services you may decide to link to your Microsoft account. A handful of services and software titles can already share information with your Microsoft account like email or social networking contacts; even files from other cloud services. In fact many of Microsoft's modern UI apps for Windows 8 are essentially crippled without access to their cloud storage.
There are always tradeoffs between convenience and security, especially when you are talking about cloud services. If you are going to use a Microsoft account to login to Windows 8 that will always have to be in the back of your mind.
Most people only have a single user account on their computer which means it must be an Administrator account. If you are logging in to Windows 8 using a Microsoft account you should always have an additional local account to use in case your Microsoft login doesn't work for whatever reason.
As long as you make that account an Administrator, and if that's the one you setup when you first install Windows 8 it will be by default, your Microsoft account doesn't have to be. This certainly isn't the most convenient arrangement in the world since some things require administrative privileges to do. If you want to install most software or change certain Winodws settings you will need to login with your local account if your Microsoft account isn't an Administrator.
In my experience most people don't need Administrator access the vast majority of the time. If you aren't sure whether this applies to you it's something you should be able to figure out before you start using Windows 8. When was the last time you installed a program or changed a major Windows system setting. How many programs do you even use?
On the other hand if your Microsoft account password is compromised whoever has access to it, assuming they also have access to your computer, can also do all those things. Access doesn't necessarily mean sitting in front of the computer either. If you have Remote Desktop turned on every Administrator account is automatically allowed to use it. Of course if you don't use Remote Desktop it should be turned off on general principle anyway
In fact if you get right down to it most people shouldn't be logged into your computer as an Administrator even if they aren't using a cloud login. It's yet another established security principle - the same one Microsoft finally adopted with Windows Vista which resulted in all those annoying
"Do you want this program to make changes to this computer?" popups.
It even has a name. It's called Least Privilege. Basically the idea is that all users should always have no more ability to screw up the system as possible. It's one of many things Windows was years overdue in borrowing from the world of UNIX computing. Keep in mind that when you run a piece of software it inherits all your authority over the system. It makes it less likely you will unwittingly assist in sabotaging your own computer in ways you don't anticipate.
Make sure to check the email address associated with your Microsoft account often. If you get an email saying something was changed and you don't know anything about it you should immediately change the password. Likewise if your password doesn't work when you try to login to Windows you should login to the website as soon as possible (using a local account or different computer) and reset the password.
Click to see an example
Ultimately your vigilance is the most essential security measure whether you're using a Microsoft account or not. There is no security which can't be bypassed one way or another. Unless your computer never connects to any network (including other computers in your home), doesn't have any new software installed on it, and is kept in a locked room where only you can access it you need to think about security.
You also need to seriously think about whether the benefits to a Microsoft account outweigh any concerns you might have. Microsoft has designed Windows 8 to push you toward logging in that way because it's also required for buying apps through the Windows Store. They've even designed most apps, and even Windows 8 itself, to be less useful if you use a traditional local account.
Some of these issues also apply to Windows 8 workstations in enterprise environments. Although Microsoft account logins don't replace the standard active directory (Windows domain) login system, you can (if your employer allows it) connect a Microsoft account to your regular Windows login. This shifts some of the security burden to your employer's IT department there may still be some measures you should take for yourself.
In this article we will examine 5 things you can do to avoid potential security problems when using your Microsoft account to login to Windows 8. That doesn't mean I recommend doing so. In fact I use a local account almost exclusively, although I do have a Microsoft account. If using this new login method doesn't address some need you
Featured Windows 8 articles
Even if you have no intention of ever using a Microsoft account you may want to read through these suggestions. While some of the specifics may not apply to you, they are all rooted in basic principles anyone who uses a computer or accesses the Internet should be aware of.
1. Use a GMail account
Every Microsoft account must be associated with an email address. Because you can use this email account to reset your Microsoft account password if you forget it or if it has been hacked it's essential that this email account be as secure as possible. When you create
Both services rely on simple password policies based on outdated security standards based almost entirely on complexity. That is to say they require at least one upper case letter, one lower case letter, one number & one symbol with a maximum length of 16 characters. While this system actually can be quite effective, it almost requires using computer generated passwords.
Unlike a computer, the human brain has a bias towards familiar and predictable patterns. Today security experts recommend using very long passwords instead - in excess of 30 characters preferably. GMail allows passwords up to 200 characters long.
In fact don't even think of it as a password. Instead you're looking for a passphrase. The more words the better. You still need to be careful about predictability. Common phrases you use (or hear) in everyday conversation are still easily guessed. On the other hand a title or quote from your favorite song, movie or book is probably pretty safe.
For even more security you could come up with a password which combines two or more unrelated phrases. For example you could put together a song and movie title to come up with
lucyintheskywithdiamondsareforever. And of course since you are using actual words instead of random gibberish you should have no problem remembering your
GMail 2 Factor Authentication
If you're really serious about security an even more useful feature available in GMail is two factor authentication, which once again Microsoft's free email services don't have. Two factor authentication has been in use in corporate IT for many years but more recently has seen increasing adoption for logging into financial web services. In GMail's case it involves entering information sent to your phone after the correct password has been entered.
2. Put thought into your Microsoft account password
Of course your email account isn't the same as your Microsoft account login. When you create this account you will be asked for another password, unfortunately with the same limitations of their email accounts. They are limited to 16 characters and no two factor authentication is available. However there are some things you can do to improve security.
Here are just a few suggestions:
- Use all 16 characters. It may not be ideal but 16 characters is still better than 15 or 14.
- Combine three or more words instead of using just one. Even better, start with a short phrase (as described above) and just use the first 2-3 letters from each word. That should prevent dictionary attacks (guessing commonly used passwords) without making it too hard to remember.
- Capitalize one or more letters in the middle or at the end of your password. Capital letters are almost always found at the beginning of a password.
- Put numbers and symbols at the beginning or middle instead of the end. Just like most people put required capital letters at the beginning, they almost always add required numbers and symbols at the end.
Hopefully this last one goes without saying, but research says otherwise. Use a unique password. The more places you use a particular password, the more vulnerable each of them is. If you don't think that's a major concern consider what Eric Doerr, a Microsoft manager intimately involved with the development of SkyDrive and Hotmail until 2010, had to say about it in July of this year:
When we get a list, first, we check to see if it actually matches any accounts and passwords in our system. This is done in an automated and secure way so no human actually sees the account info of our customers. You'd be surprised how often the lists – especially the publicly posted ones – are complete garbage with zero matches. But sometimes there are hits – on average, we see successful password matches of around 20% of matching usernames.
In other words out of all the stolen password lists Microsoft gets their hands on to test, 1 in 5 of the usernames which match Microsoft accounts also share the same password. That doesn't even begin to count cases where someone doesn't have the same username but still uses the same password or others which duplicate passwords Microsoft has never gotten access to. It also doesn't include a single person who signed up after Windows 8 was launched more than three months later.
3. Keep personal details to a minimum
Don't add any personal information to your Microsoft account profile without a specific reason for doing so. Microsoft recommends you add as much information as possible. That's fine until someone breaches their security and is logged into your account with full access to all of it.
Adding personal information may be necessary if you are connecting an app or third party service to your Microsoft account. Adding it without any purpose, though, is really only helpful to Microsoft. The more information people include the easier it will be to sell Microsoft account interoperability to developers. From a security (or privacy) perspective the golden rule is less exposure means less risk.
You shouldn't send any information across the Internet without a good reason, and that goes double for storing it in the cloud.
Secure encryption can be simple and free
This also applies to any files you store on SkyDrive, including anything in a SkyDrive sync folder on your hard drive. If you need to store a file with sensitive information on SkyDrive at least make sure to encrypt it. This also applies to any sort of cloud storage, and in fact is a good precaution to take even with files stored on your local hard drive.
And don't forget about other accounts or services you may decide to link to your Microsoft account. A handful of services and software titles can already share information with your Microsoft account like email or social networking contacts; even files from other cloud services. In fact many of Microsoft's modern UI apps for Windows 8 are essentially crippled without access to their cloud storage.
There are always tradeoffs between convenience and security, especially when you are talking about cloud services. If you are going to use a Microsoft account to login to Windows 8 that will always have to be in the back of your mind.
4. Limit Administrator access
Most people only have a single user account on their computer which means it must be an Administrator account. If you are logging in to Windows 8 using a Microsoft account you should always have an additional local account to use in case your Microsoft login doesn't work for whatever reason.
As long as you make that account an Administrator, and if that's the one you setup when you first install Windows 8 it will be by default, your Microsoft account doesn't have to be. This certainly isn't the most convenient arrangement in the world since some things require administrative privileges to do. If you want to install most software or change certain Winodws settings you will need to login with your local account if your Microsoft account isn't an Administrator.
In my experience most people don't need Administrator access the vast majority of the time. If you aren't sure whether this applies to you it's something you should be able to figure out before you start using Windows 8. When was the last time you installed a program or changed a major Windows system setting. How many programs do you even use?
On the other hand if your Microsoft account password is compromised whoever has access to it, assuming they also have access to your computer, can also do all those things. Access doesn't necessarily mean sitting in front of the computer either. If you have Remote Desktop turned on every Administrator account is automatically allowed to use it. Of course if you don't use Remote Desktop it should be turned off on general principle anyway
In fact if you get right down to it most people shouldn't be logged into your computer as an Administrator even if they aren't using a cloud login. It's yet another established security principle - the same one Microsoft finally adopted with Windows Vista which resulted in all those annoying
It even has a name. It's called Least Privilege. Basically the idea is that all users should always have no more ability to screw up the system as possible. It's one of many things Windows was years overdue in borrowing from the world of UNIX computing. Keep in mind that when you run a piece of software it inherits all your authority over the system. It makes it less likely you will unwittingly assist in sabotaging your own computer in ways you don't anticipate.
5. Monitor changes to your Microsoft account
Make sure to check the email address associated with your Microsoft account often. If you get an email saying something was changed and you don't know anything about it you should immediately change the password. Likewise if your password doesn't work when you try to login to Windows you should login to the website as soon as possible (using a local account or different computer) and reset the password.
Click to see an example
Ultimately your vigilance is the most essential security measure whether you're using a Microsoft account or not. There is no security which can't be bypassed one way or another. Unless your computer never connects to any network (including other computers in your home), doesn't have any new software installed on it, and is kept in a locked room where only you can access it you need to think about security.
You also need to seriously think about whether the benefits to a Microsoft account outweigh any concerns you might have. Microsoft has designed Windows 8 to push you toward logging in that way because it's also required for buying apps through the Windows Store. They've even designed most apps, and even Windows 8 itself, to be less useful if you use a traditional local account.
