Multiple accounts required to keep Windows private and secure

Getting the best of security, privacy, and the services delivered by other-people’s-servers requires some extra login work on your part. Are you doing everything on your personal computer from one user account? That is probably not a good idea for the machine’s security nor your personal privacy. Simple separations can mitigate both.

What are all these accounts anyway?

By default, your Windows computer will be set up to use one administrative user account for everything. Mac OS X is set up in the same way from the factory, for that matter. If you were instead to use a standard unprivileged user account, 92 % of Critical vulnerabilities in all versions of Windows in 2013 could have been mitigated.[1]. A secondary account for administrative purposes would be kept on the system but not used for day-to-day stuff. I’ll come back to this later.

On the privacy side of things, we have the troubled default settings for any Microsoft account. A Microsoft account is a single sign-in for all things Microsoft. Under the default settings in Windows 8.1, almost everything stored in the user’s local account — including passwords! — is synchronized to Microsoft’s hosted consumer services (“cloud.”) You may be comfortable or even happy about having all your data stored on someone else’s servers. More likely, however, you aren’t even aware that it’s happening.

I’m not comfortable with sharing my “app data” (settings, authentication tokens, usage, documents), accounts and passwords, the websites I visit, nor my documents. I believe these things are personal and that no one else has any business looking into them. I want to control what is synced and what isn’t myself. Microsoft offers no way for users to see into what data is shared with Microsoft. There’s no single place to go and inspect what data the software giant has stored with your account.

There are two primary account types in Windows 8.1: a local user account and a Microsoft account. The latter is required for gaming and most of the hosted services. Both account types can have standard account privileges or have administrative privileges. There are also additional account types intended for parental control and enterprise situations, but I’ll not go into those.

A Microsoft account is controlled by Microsoft’s servers. Which means you never have control over it. Their current terms of service[2] require you to login at least once per year, and they retain the right to cancel the service on request by laws (unspecified region) or third-parties claiming copyright infringement.

If any your Services are canceled or terminated, or if your Microsoft account is closed, we will delete information or Content associated with your Microsoft account or will otherwise disassociate it from you and your Microsoft account. We are under no obligation to return Content to you.” [3]

It isn’t clarified anywhere, but presumably, you could even be locked out of your local computer if it relied on a Microsoft account for login.

There’s a rule of thumb for hosted services that says you should always assume anything you put on it will be made publicly available. When using a Microsoft account on your local computer, you should also assume this rule holds true for anything on you do. You don’t need to be paranoid about it, just keep your stuff out of it and avoid the problem in the first place. You’ll get better security and maintain higher privacy at the same time.

Multiple accounts: One for each purpose

As mentioned above, it’s recommended that everyone create a passive administrative account that’s only used when needed. Then start your new life as a multi-account computer user by changing your current account into a standard account. Stop using an admin account for day-to-day activities! All of this can be achieved from Control Panel: User Accounts and Family Settings: User Accounts: Manage Accounts and from PC Settings: Accounts: My account.

This is the scheme I use on my own computers:

  1. One local administrative account. I never login to it directly, but use its credentials when I need to install new software or updates.
  2. One local standard account for browsing, programming, video editing, and everything else.
  3. One standard Microsoft account that’s used exclusively for gaming (Steam, Xbox, others) and “toy apps” like games from the Windows App Store.
  4. One local standard account for work to keep that separate from my personal stuff.

The reason I’m okay with the gaming stuff being synchronized to Microsoft’s servers and not the other is pretty simple. Everything on Steam and Xbox is already public. What I’m playing, when, and how I did is public through the social features in the game. Nothing I do in a game is all that private. My high-scores may be pathetic if they were ever to be exposed, but it’s not something I’d care about. I play on multiple computers and platforms. I enjoy progress and achievements being synchronized for me.

Make a conscious decision about what you are comfortable with sharing with Microsoft, law enforcement, and possibly the world.