Windows 8's "Microsoft Account" (as opposed to Local Account), security implications?

Toggle sidebar Toggle sidebar
mikeymikec

mikeymikec

Lifer
May 19, 2011
21,108
16,318
136
If you haven't read this article before on a guy's online accounts getting hacked and the resulting mess, you might find it interesting:

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

I'm wondering what the implications are for the Windows 8 user if a Microsoft account was compromised.

I assume that a Windows 8 machine will allow a user to log into their user profile even if the computer is off the Internet and the user is using a Microsoft account (just like a Windows domain user can log into their computer even if it isn't network-connected to the domain), but what's the fall-back option if a user's Microsoft account has been compromised?
 
Last edited:
BrightCandle

BrightCandle

Diamond Member
Mar 15, 2007
4,762
0
76
Its not just the compromise of the account its the fact that your documents are stored on Microsoft's cloud servers. So all that data is already being filtered through by the NSA and to the government without you ever knowing it. The security implications of putting your documents into the hands of someone else to store for you with no form of encryption at all is a major security risk.

Then of course there is the additional problem of having an account on the internet that can be progressively attacked with password hacking until they eventually find your access and can access anything the account uploaded. A Microsoft account simply put is wide open to the government and much easier to access to criminals. Its mighty convenient but its also a security disaster. Considering how many sites these days publish the "we lost your account details" emails that have become almost daily it seems kind of obvious that you don't put stuff online you don't want the world to see, regardless of the password you try to hide it behind.
 
E

escrow4

Diamond Member
Feb 4, 2013
3,339
122
106
BrightCandle said:
Its not just the compromise of the account its the fact that your documents are stored on Microsoft's cloud servers. So all that data is already being filtered through by the NSA and to the government without you ever knowing it. The security implications of putting your documents into the hands of someone else to store for you with no form of encryption at all is a major security risk.

Then of course there is the additional problem of having an account on the internet that can be progressively attacked with password hacking until they eventually find your access and can access anything the account uploaded. A Microsoft account simply put is wide open to the government and much easier to access to criminals. Its mighty convenient but its also a security disaster. Considering how many sites these days publish the "we lost your account details" emails that have become almost daily it seems kind of obvious that you don't put stuff online you don't want the world to see, regardless of the password you try to hide it behind.
Click to expand...

The NSA already has all your bank/job/address/life details and can easily hunt you down in the US. You have no privacy anymore. You want that, go live in the bush somewhere off the grid. As for attack pick a strong unique password and encrypt whatever you upload. And that encryption is purely for protection, I really couldn't care less if the NSA goes through it.
 
Rhonda the Sly

Rhonda the Sly

Senior member
Nov 22, 2007
818
4
76
You don't need to put your documents on SkyDrive. You can use a Microsoft account for access to the Store and syncing settings but skip out on storing files and such.

Windows 8 really makes no difference. All the files are on SkyDrive and the emails on Outlook, which are web services just like GMail and Yahoo. If someone else has your email and password, they can just log into the service and do whatever they want. And if someone else has your password, you change it just like any other service.
 
mikeymikec

mikeymikec

Lifer
May 19, 2011
21,108
16,318
136
Rhonda the Sly said:
You don't need to put your documents on SkyDrive. You can use a Microsoft account for access to the Store and syncing settings but skip out on storing files and such.

Windows 8 really makes no difference. All the files are on SkyDrive and the emails on Outlook, which are web services just like GMail and Yahoo. If someone else has your email and password, they can just log into the service and do whatever they want. And if someone else has your password, you change it just like any other service.
Click to expand...

So you can log in with your Microsoft account on Windows 8 even if someone has changed the password on your Microsoft account (say through the website)?
 
corkyg

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
240
106
I have Win 8 Pro enhanced with Start8. Have never connected to Windows Live or Sky Drive - and at present see no need to. Microsoft has long wanted everyone to be online and connected. I have never logged on to a "Microsoft Account" other then TechNet - and that is going away.

If you are concerned about privacy, then you would use the Internet sparingly. Once data is flying through the ether it belongs to anyone who catches it. There really is no expectation of privacy with email.
 
notposting

notposting

Diamond Member
Jul 22, 2005
3,498
33
91
Hello, 2-factor authentication.

Outside of zee NSA, it provides protection against getting your password stolen.
 
smakme7757

smakme7757

Golden Member
Nov 20, 2010
1,487
1
81
I'm using local accounts on all my computers. I will continue to do so until Microsoft forces me to use a MS account and in that case I will move over to Debian where possible and use Windows purely for recreational needs.

Sadly it seems Windows 8.1 is heading in that direction - Forced MS accounts. On my test laptop I've been unable to get Skydrive working without switching to an MS account.

Most people don't care about their data. They just want what's easiest and i don't have a problem with that. But personally I want to keep my Personal Computer -> Personal.
 
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,587
10,225
126
What's the scoop with 8.1? I installed the Preview version on a test computer the other night. I remembered reading in another thread, that when it prompts you for your MS account details, fill in junk, and it then prompts you to create a local account.

I kinda think that this is BS, personally, they should just give you the option of a local account up front. More horse***t from MS. Good thing Ballmer is getting ousted.
 
smakme7757

smakme7757

Golden Member
Nov 20, 2010
1,487
1
81
You can unplug the internet and make a local account. The problem is that to use SkyDrive you have to be logged with an MS account. So when you setup SkyDrive you are actually converting your local account to your MS account.



The problem is the entire planet wants their life plastered all over the web. They want their files in the cloud.



I don't
 
D

Doh!

Platinum Member
Jan 21, 2000
2,325
0
76
VirtualLarry said:
What's the scoop with 8.1? I installed the Preview version on a test computer the other night. I remembered reading in another thread, that when it prompts you for your MS account details, fill in junk, and it then prompts you to create a local account.

I kinda think that this is BS, personally, they should just give you the option of a local account up front. More horse***t from MS. Good thing Ballmer is getting ousted.
Click to expand...

I noticed it when testing the 8.1 RTM. But you can disconnect the internet connection prior to the installation then the MS account setup is not required and the local account setup is available.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom