Microsoft further loses the plot…


I’ll try and keep this brief, but I find myself quite bemused with Microsoft’s idea of security.

When Windows 8 launched one of the first things I remember was being asked to link my Microsoft account, fair enough I thought it makes sense if I’m likely to buy anything off the store.

Like quite a few out there I suspect, I use a password manager with a fairly strong master password to then manage a collection of unique 20+ character secure generated passwords, it makes sense and especially important for websites which store my payment account information.

So after linking my account the next time I come to log in I find my usual login password is out the window and I *have* to use my ms account password. Wait what?

For me this is out of the question, I really cant remember a 20+ char long password with both cases numbers and symbols. I don’t need an uber secure password on my laptop but I normally have something that would take most hackers a fair while to crack. So I reverted back to my old login. At the time it seems you could still use the store without one it just wouldn’t sync your settings. That’s fine by me as I don’t have multiple Windows 8 computers or mobile devices.

Enter Windows 8.1 which I recently upgraded to.

I hear in the last few days from friends on twitter that Flipboard have released a Windows 8.x app and having recently switched back using Flipboard again I wanted to give it a try, one of the few metro apps which makes sense in that format.

But when I go to install I’m now told  I have to link to a Microsoft account, no option to opt out. So in order to try the app I find myself linked up with my MS account again back with the original problem.

A little look around the settings reveals I can set an access pin for local login…. of 4 digits…

So to recap the options presented to me by Microsoft are

  • Get my phone out to access my secure password and spend ages typing it in
  • Use a weak password for my MS account putting my account at risk
  • Keep the secure password or use a weak 4 digit pin for my laptop which anyone would watch over my shoulder and capture.
None of these options appeal to me and I’ll almost certainly find myself disconnecting my online account again.
I get linking your account, it makes sense and makes accessing parts of the ecosystem much easier. Apple have got it right. You have your local login, but you can link your account to iCloud/Apple ID to use services but you aren’t forced into using your (hopefully) secure password for local login.
I’m more than willing to accept I may have missed something along the line but I don’t see any obvious way around a huge flaw. It also raises concerns for me as to how this works in an enterprise setting. Logins being controlled by the Domain/Domain controller. So how do you use the store? Or is the store locked out or does using Windows 8.1 on a domain auto sign you up for an account?
Only this morning I tweeted how I’m hating Microsoft more every day after going through 20 mins of frustration just trying to get my xbox online after a few weeks without being played. You just keep going Microsoft, soon you’ll drive everyone away. Consumers, Enterprise the works…
Just to finish, I just tried to disconnect my account again which it tells me I can do. Only it wont let me keep my existing username. I have to create a new one. *sigh*

Leave a Reply

Your email address will not be published. Required fields are marked *