MS Acct vs Local acct

Page 6 of 9 FirstFirst ... 45678 ... LastLast

  1. Posts : 194
    Win10
    Thread Starter
       #51

    Spot on!
    and, I see that you agree with me about a ton of hay wintering a cow.
      My Computer


  2. Posts : 98
    Windows 10 Pro
       #52

    Kari said:

    Sorry but as far as I am concerned it's exactly the opposite. Local account in Windows cannot be two step authenticated, if someone let's say could physically use my computer when I am not present he could try after trying to get in to a local account and although most probably not having any luck (I use quite strong passwords), I would never even know about that.

    With an MS Account I have absolutely no worries. I can give you my MS Account email and password and you would still never get in to my account to check my mail, not to speak about into security settings to change my password or other security options. Always on a new browser, one I have not yet verified, or on a new computer, the two step verification jumps in.


    Nobody else can sign in to my MS Accounts.
    Well, that's exactly what I wanted to say to DavidY . Perhaps I wasn't clear enough :)
      My Computer


  3. Posts : 17,661
    Windows 10 Pro
       #53

    NickTh said:
    Well, that's exactly what I wanted to say to DavidY . Perhaps I wasn't clear enough :)
    You said exactly this, the last sentence of your post I quoted:

    NickTh said:
    ...using an MS Acct needs you to be more carefull than a local one.
    And I still say no, it's exactly the opposite: you can never make a local account as safe as an MS Account. You need to be more careful with a local account which cannot be secured with two step verification.
      My Computer


  4. Posts : 1,524
    Windows 10 Pro (32-bit) 16299.15
       #54

    Kari said:
    Local account in Windows cannot be two step authenticated
    But, when used as a login to Windows on a computer (which is all a local account can do) neither can a Microsoft Account!

    With the exception that the very first time you login you need to provide a 2-step code, but the problem is it never seems to ask again for a 2-step code.

    In the scenario that an attacker has access to my laptop and knows my password, then assuming I've logged in once, the 2-step verification provides no more security, except that the attacker might have access to more things with a Microsoft Account, such as easy access to email.

    Sadly the 2-step verification doesn't seem to protect in this scenario.

    Kari said:
    Brink's excellent tutorial at our sister site the Eight Forums: Microsoft Account Two Step Verification - Turn On or Off
    You'll note who asked the first question on that tutorial.

    Here's the thing - I'm actually quite a fan of 2-step verification, and if it asked me for a 2-step password when I logged into Windows (at least sometimes, or gave me a checkbox to not remember the device) then there would be an advantage over a local account. Hence my question on that tutorial. But as it is, 2-step verification is a bit pointless as far as logging into a computer is concerned, because it remembers the device, seemingly for ever, and an old-fashioned 1-step password is all you need to login.

    Incidentally this page says:
    If you don't sign in to a particular trusted device at least once every two months, we'll automatically remove it from your Microsoft account. This helps keep your account secure in the event that a trusted device is lost or stolen without you realising it. You can always trust a device again later.
    ... but I just tried logging back in to the test account I set up in Feb 2014 in Windows 8 when I was working through that tutorial. I haven't logged into that account on that computer for ages (certainly more than 2 months) but it still didn't ask me for an authenticator code.

    Kari said:
    If someone let's say could physically use my computer when I am not present he could try after trying to get in to a local account and although most probably not having any luck (I use quite strong passwords), I would never even know about that.
    Fair point - you can see who's logged in - although it's unhelpful that the MS Account suggests you logged into Internet Explorer when all you've done is log into a PC - that log could be clearer.

    In general, my suspicion is that MS accounts have more ways to go wrong than a local one. I'm still not convinced that I should change my policy of keeping an admin-level local account on each device for maintenance and recovery purposes.
      My Computer


  5. Posts : 98
    Windows 10 Pro
       #55

    Kari said:
    You said exactly this, the last sentence of your post I quoted:
    And I still say no, it's exactly the opposite: you can never make a local account as safe as an MS Account. You need to be more careful with a local account which cannot be secured with two step verification.
    Sure and I said this from the perspective that someone who uses MS Account needs to be more careful by setting up a two-step verification. I didn't mean that local accounts are more secure than MS accounts. It's exactly the opposite as you said. But if someone uses MS account he/she needs to enable the two-step verification or setup a very strong password because an MS account includes all of your MS ...Account. :) It's not just an unvalued account like a local is.
      My Computer


  6. Posts : 1,524
    Windows 10 Pro (32-bit) 16299.15
       #56

    DavidY said:
    In general, my suspicion is that MS accounts have more ways to go wrong than a local one.
    So today I tried to log into my Windows 8.1 tablet using an MS Account which I'd previously set up.

    But it wouldn't let me.

    It said it was offline (true enough, but that shouldn't be a show-stopper on a mobile device which only connects via WiFi that might not be there) and that I should enter the last password used to log into my PC. But even entering the correct password for that account (which I'm pretty sure hasn't changed since I set up the account on the tablet) it still wouldn't let me in. The only way I could get in was with my local account. A little later, and after I'd connected to WiFi and logged in and out again on the MS Account, it was happy to connect when offline (using the same password), but this sort of flakiness is not what you want in a user login.

    I know it's Windows 8.1 rather than Windows 10, but this just adds to my belief that Microsoft Accounts are more likely to fail and can't be relied on as the sole login method.
      My Computer


  7. Posts : 7,128
    Windows 10 Pro Insider
       #57

    Kari said:
    Although easy to fix but one typical error which could be caused by thinking that when the auto sign in is once set up, you can forget it, and then when you for one or another reason change your email password, suddenly the auto sign in does not work anymore. Not a big issue, easy to fix, but for some newbies it could cause a sleepless night and sore forehead for banging it into the display.

    For all future readers of this thread: You want absolutely no password, use local account. You decide to go for an MS Account and set ip up to sign in automatically, follow these short instructions when you want to change your email (MS Account) password:
    • Boot to Windows normally, let Windows sign in to your Auto Sign-In acccount
    • When signed in to Windows using this account, surf to your email's web interface (Outlook.com if using an MS email, Gmail.com, Yahoo.com or whatever if using a third party email as MS Account)
    • Change your email password as instructed for the email service you are using
    • Sign out from the email web interface
    • Disable Auto Sign-In (WIN+R, type netplwiz and hit Enter, select "Users must enter a username and password to use this computer" and hit Enter)
    • Restart Windows, do not just sign out
    • Sign in to your Windows MS Account using the new password
    • Now you can enable the Auto Sign-In again


    Kari
    I don't know how I did it but my MS account password and my Gmail password are different. I think it was in February I changed my password for my Gmail. I still log in to my MS account with the old Gmail password. I wonder if that's why MS won't send my security code to my Gmail address any more. I have to have it sent to my cellphone.
      My Computers


  8. Posts : 1,811
    W7 Ultimate SP1 (64 bit), LM 19.2 MATE (64 bit), W10 Home 1703 (64 bit), W10 Pro 1703 (64 bit) VM
       #58

    The standard rule applies; if you want something to be secure, don't send it over a network.
      My Computer


  9. whs
    Posts : 1,935
    Windows 7
       #59

    There is a downside with a local account. If you want applications like Calendar to work, you need a MS account.
      My Computer


  10. Posts : 1,811
    W7 Ultimate SP1 (64 bit), LM 19.2 MATE (64 bit), W10 Home 1703 (64 bit), W10 Pro 1703 (64 bit) VM
       #60

    whs said:
    There is a downside with a local account. If you want applications like Calendar to work, you need a MS account.
    That's ridiculous.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:44.
Find Us




Windows 10 Forums