Steven Sinofsky, President, Windows and Windows Live Division at Microsoft, writes on the Building Windows 8 blog about Signing in to Windows 8 with a Windows Live ID, including a section on "Privacy and Security" below:
With Windows 8, we introduce the optional capability to sign in to your PC with a Windows Live ID and, by doing so, gaining the ability to roam a broad range of settings across all of your PCs. In this article by Katie Frigon, the group program manager of the You-Centered Experience team, she describes the feature and its benefits. --Steven
Each Windows user wants to have the ability to set up and use a PC in a way that is unique to them. Doing so, however, can be challenging in today’s multiple user and multiple PC environment. We know that shared PC usage is common and we’ve heard from many of you that switching between multiple accounts can be cumbersome. The difficulties associated with managing multiple accounts often lead to the sharing of a single account on a PC, and a less personal (and potentially less private) experience for each user. We also know that users are utilizing multiple devices more often now, and setting up a new PC can be inconvenient and time consuming. In Windows 8, we have set out to ensure that each PC user has a truly personal experience that seamlessly bridges their online and offline tasks, is simpler to set up and use, and persists across their set of Windows 8 PCs. To do this, we’ve introduced the ability to log in to Windows (optionally) with a Windows Live ID that works across devices, apps, and services, allowing you a uniquely personal experience with Windows.
Benefits of signing in to Windows 8 with Windows Live ID
Signing in with an ID allows you to:
- Associate the most commonly used Windows settings with your user account. Saved settings are available when you sign in to your account on any Windows 8 PC. Your PC will be set up just the way you are used to!
- Easily reacquire your Metro style apps on multiple Windows 8 PCs. The app’s settings and last-used state persist across all your Windows 8 PCs.
- Save sign-in credentials for the different apps and websites you use and easily get back into them without having to enter credentials every time.
- Automatically sign in to apps and services that use Windows Live ID for authentication.
When you buy a Windows 8 PC and set up your user account for the first time, you can optionally choose to create an account that is associated to a Windows Live ID. You can either use an existing ID or create a new one. If you choose to create a new one, you can use any email address you want as your new ID, and then create your unique password. For example, you can use firstname.lastname@example.org or you can use email@example.com. You just need to identify an email address that you want to have associated with the Windows Live ID service, and provide a unique password. Of course, you can also continue to use local Windows accounts as you always have and obviously, domain-administered accounts work as they always have as well.
So, although many people assume they will need to sign up for a new email account to get a Windows Live ID, it’s actually not necessary. In fact, many online services use a "string" like firstname.lastname@example.org to represent a user name, even though that string looks like an email address. For example, when you order books at an online bookstore, your user name may look like an email address, even though your online book seller does not manage your email. The email@example.com address is just a convenient way of identifying you, since most Internet users these days have email addresses. So, your email account and password will still be managed by whatever email provider you choose, and we use the user name and password you give us to help manage your settings and state across your Windows 8 PCs, even if you haven’t signed up for Hotmail or other Microsoft services that use this ID.
Like all of us, you probably spend a significant amount of time personalizing your Windows experience to reflect your style, your life, and how you use your PC. We all know how frustrating it is when all that work is lost when you buy a new PC or use a different one (or just reformat your hard drive). With Windows 8, we are working to change that—you will be able to have your personal Windows experience on any Windows 8 PC you sign in to with your Windows Live ID. Settings such as your lock screen picture, desktop background, user tile, browser favorites and history, spell check dictionaries, Explorer settings, mouse settings, and accessibility settings, among many others are now associated with your Windows 8 account and stored in the cloud. They are kept in sync and come down to each machine you use as they are changed or updated.
Having a truly personal experience in Windows 8 also includes your Metro style apps—how you use them, the settings you use, and where you left off. It will be easy to see which Metro style apps you’ve purchased and choose which ones you want to have on each of your Windows 8 PCs. By using your ID to sign in to Windows, the settings and state for your Metro style apps stay in sync between each PC you use. For example, let’s say you are reading the news in a reader app on your tablet. If you add specific feeds you want to continue to follow, those feeds could automatically be available in the same reader app on any of your other Windows 8 PCs. We will also enable developers to build Metro style apps that tell Windows their state, so you can pick up where you left off as you move between PCs. You can pick up on the same page of a book, the same level of a game, or the same place in the movie you were watching as you switch between your Windows 8 PCs. In the developer preview of Windows 8, you can see this functionality in Internet Explorer 10.
You might be wondering how you can roam non-Metro style apps and settings without a domain. This isn't something that can be done with Windows Live ID, and we would discourage using tools that manually attempt to do this by mechanisms such as going through the registry or copying around executables. However, using the new Restore/Refresh tools, it is possible to easily create an image that has your preferred desktop apps installed, and then use that as a refresh point. If you do want to roam your settings for desktop apps then you can continue to use the mechanisms available for roaming profiles and client side caching of files available with Active Directory and Windows Server.
Another benefit of signing in with a Windows Live ID is how we’ve simplified the need to sign in to multiple services and applications. We accomplish this in two ways. First, once you’ve signed in to Windows with your ID, you do not need to enter it again to sign in to any app or website that also uses Windows Live ID. For example, once you sign in to Windows with your ID, you can launch the Windows Messaging app and start talking with your friends without the need to sign in again. Similarly, you can browse to your Hotmail inbox page without needing to enter your email address and password again. You can always sign out of a webpage and sign in as a different user, but by default you will be automatically signed in. To be clear, however, those applications and websites do not have special access to your Windows PC or your personal data.
Second, if you choose to, Windows can store separate Metro style app and web site credentials. Those credentials can then sync to each Windows 8 PC that you’ve trusted and verified yourself with. You won’t have to type in your user name or password; just confirm your sign-in as needed. Similar to the Messaging application example, when launching a Metro style application that uses this feature, you will be signed in automatically and the application will resume right where you left off.
There is a lot of benefit to using a Windows Live ID to sign in to Windows. However, it is important to note that every Windows user is unique in their needs. Your Windows 8 experience is in your control. When you create a Windows account, you choose the type of account you want to use. You can choose to create one that associates with Windows Live ID, or stick with a local account that works just like in Windows 7. You can also change a local account to link it with a Windows Live ID at a later date.
If you choose to associate your local account with an ID, we’ve provided control over what you want to sync to each Windows 8 PC you use. In Control Panel, there is a section called “Sync PC Settings” where you can manually turn settings sync on or off.
You can choose to turn off all syncing or you can turn off syncing per the type of setting. The settings groups include:
- Ease of access
- Language preferences
- Web browser
- Other stuff
- Some passwords
We’ve recommended a default behavior that assumes you want to roam settings that are used most often to personalize and customize the way you use your PC. In particular, we’ve heard from you that visual personalization for your PC is important. For Windows 8 we’ve included key settings like changing your lock screen image. In addition, you can also roam the desktop themes you use and create, including colors, sounds, and desktop background (note: currently for the background image we roam the original image that was selected if it’s under 2MB. If the image is over 2MB we compress and crop the image to 1920x1200).
It is also important that you maintain control of your data when work and personal start to mix. In Windows 8, when you link your Windows domain account to a Windows Live ID, we ask you up front (before data is synced) what data you want to sync between your domain-joined PC and other PCs you use with that ID. That way, you can decide if things like your web history, favorites, or credentials should sync to your work machine, or if you’d prefer to keep those or anything else that is synced only on your personal machines.
We also empower IT administrators to control what a user can sync to a work PC through group policy. We have provided control to IT administrators to decide if a worker can link their domain account to an ID, and if the admin allows that link, what types of data the worker is allowed to sync.
Finally it’s important to note that credentials that are entered and stored on a domain-joined machine do not get uploaded to the cloud, and never get synced to your other PCs – this ensures that corporate credentials stay on the PCs that are managed by the IT admin.
Privacy and security
We understand that when using services connected to the cloud, privacy and security are on the top of your mind. When you associate your Windows user account with a Windows Live ID, there are three categories of data that are especially interesting from the privacy and security perspective:
- Your Windows Live ID user name and password
- Your Windows Live ID user profile
- The settings and data you choose to sync
We’ve taken measures to safeguard the ID and password you use to sign in to Windows. We do this in a couple ways. First, we will require a strong password (and you can’t leave password blank). Next, we’ll collect a secondary proof of your identity. This will allow us to establish ??trust” with specific PCs that you use frequently or own. This in turn will also enable more secure syncing of private data like passwords. Collecting the secondary proof of your identity also helps make account recovery easier and more secure. Examples of secondary proofs are alternative email addresses, mobile phone numbers, and questions with secret answers—something that generally only you will know.
Signing in with a Windows Live ID also gives you much more control over your password, including your ability to recover a lost one. If you use a local account and you forget your password, you’re in a tough spot, and your options are limited. You may be able to recover your password with a hint or a recovery key, but if neither of those works, you’re generally left with having to rebuild your PC from scratch. (Technically there are some password cracking tools available on the Internet that you could download and try, but they’re unlikely to work on a suitably strong password, and many of the cracking tools available online are actually malware downloads!) However, if you sign in to your PC with your Windows Live ID and you later forget your password, you can reset your password from another PC by navigating to https://login.live.com and clicking on “forgot my password.” This will allow you to reset your password in a secure fashion without losing any information on your PC. Resetting your password this way is also more secure because it takes advantage of the secondary proof we mentioned earlier to make sure it’s really you resetting your password.
You might also be wondering, “what happens if somehow my Windows Live ID gets stolen?” Well, we have some help for you there too. Windows Live ID includes a number of different safety features to detect if your account is stolen, and it will change your account to a “compromised” state (limiting what it can do) until you can regain control of your account using the two-factor authentication features (secondary proofs) that you set up earlier. Importantly, you will still have full access to your PC, since your PC will allow you to log in with the password you had before your account was stolen – you just won’t be able to use the services and applications that rely on this ID until you go through our “recover my account” workflow online.
With Windows 8, we want to put you in control of how your data is used and what you want to sync between Windows 8 PCs. When you choose to sign in to your Windows 8 PC with a Windows Live ID, only a small amount – your first name, last name, and display name -- are shared with Windows. Windows does not use any of your other profile data. Your profile data stored in the cloud is released to apps or websites that you allow to have that data. While any Metro style app can leverage Windows Live ID for their own sign-in authentication, they must always ask you first if you want to allow access to particular details from your profile.
As mentioned earlier, there are three categories of data that can be synced to your Windows 8 PCs when you sign in with your ID: 1) Windows settings, 2) App settings and data, and 3) credentials. This data is stored in the cloud so that it is available to you when you sign in to your various Windows 8 PCs. The size of the data we roam is minimal and we only enforce some limits on a per setting basis, for example, the file size for the lock screen image. None of this counts against your Windows Live storage quota. This data is also stored separately from your other Windows Live data, for example, what you store on SkyDrive.
You might be concerned with how profile data is protected. In order to secure user data, we’ve taken several measures. First, we do not roam data over WWAN by default. Second, all user data is encrypted on the client before it is sent to the cloud. All data and settings that leave your PC are transmitted using SSL/TLS. The most sensitive information, like your credential information, is encrypted once based on your password and then encrypted again as it is sent across the Internet. The data stored is not available to other Microsoft services or third parties. Lastly, before the sensitive information can be accessed on a second Windows 8 PC for the first time, you must establish “trust” for that PC by providing further proof of your identity. This further proof can be done by providing Windows with a code sent to your mobile phone number or by following the instructions sent to an alternate email address.
Any of the data that is saved to the cloud via the roaming mechanism is only accessed by Windows for roaming. This is very important. So for example, Internet Explorer's history is saved as a roaming state but is not used or accessed in any other context—it is no different than if you had manually created that same record of website history on another PC.
We are very excited about the opportunity to make the Windows 8 experience more personal and easier to set up in a way that protects your privacy and safety. We look forward to hearing about how you are enjoying the feature and to receiving your feedback!