Friday, January 17, 2014

Windows 8 Microsoft Account Login Complaints

I think that using a Microsoft Account as the method to login to a computer is bad security.

I have been trying to shore up the security of my online accounts recently.  The way I've been doing it is to use my password manager, Easy Password Storage, to create random passwords for each of my website accounts.

Then, when I need to visit a website, I open Easy Password Storage and copy my password to the clipboard so that I can paste it into the website I'm visiting (I try to use at least 36 random characters to prevent brute force attacks, which means I don't know my passwords by memory any more).  The app makes this easy by launching the appropriate URL and copying my password to the clipboard so that I can paste it into the website's login form.

Window 8 allows me to set up my PC login using my Microsoft Account.  The problem is that when I'm logging into a computer I need a password that I can remember because I can't access my app to copy and paste my password when logging in to my PC.

My Microsoft Account protects much more than just my PC login: it protects my apps, my financial data, email and more.  I want a secure password, but there's no way I can remember 36 random characters each time I launch Windows.

I think the solution here would be to have a separate PC login password when using your Microsoft Account to log into your PC.  The chances of anyone at Microsoft reading this blog are slim, but I suppose it could happen....

Until then I think there are some alternatives, like using a PIN or a picture password...  they don't seem very secure to me either but I guess it's the only option if I want a very secure password for my Microsoft Account.  Maybe someone can recommend a more secure method in the comments?

Easy Password Storage, by Rebrand Software, LLC is currently available at the following locations:

No comments:

Post a Comment