Today Steven Sinofsky published another post about Windows 8 this time discussing how Microsoft is planning to tackle identity protection on the new operating system. The article first discusses how typical users of Windows in the US have about 25 different online accounts that they are required to sign in to. These accounts range from banks to e-commerce sites and all the way to social networks. The article points out how this is not a great experience for users and that on average people only have 6 different passwords for all those services. Obviously that ratio of different passwords to online accounts isn’t very secure.
That is where Microsoft plan to allow Windows 8 to step in and make life easier and more secure for its users. Windows 8 will aid in the managing of unique and complex password in 2 ways.
The first is by providing a way to automatically store and retrieve multiple account names and passwords for all the websites and applications you use, and do so in a protected manner.
The second important investment in this area was covered in an earlier post by Katie Frigon, Signing into Windows 8 with a Windows Live ID. One of the great things you get when you sign in to Windows with your Windows Live ID is the ability to sync the credentials you’ve stored to all of the Windows 8 PCs that you register as your “Trusted PCs.”
Basically Microsoft plans to allow a user to have a different password for all the sites they have to log in to and then use Windows 8 to save that password and associate it with that online account. That account information and password would then be saved across all the Windows 8 PCs that the user is logged in on thanks to the use of Windows Live ID to sign in to a Windows 8 account. That means that a user would not need to know their password for an account but would automatically log into any site they use from any of their Windows 8 PCs. That certainly sounds like a simple way to log into sites.
It’s actually more secure too as it gets around the threat of key loggers and by not requiring a user to remember a password it’s likely the password would be more complex than it otherwise would have been.
Of course there are a few concerns here but Microsoft addresses most of them in the blog post. Such as sites being able to request that passwords are not to be saved, this is likely to be banks, and Windows 8 will not save the password. Also users don’t have to allow Windows 8 to auto remember their passwords.
The clever part of the way that this new security method will be implemented though is that it wont just be for Internet Explorer 10 but will in fact be available to developers too. This means that an app that requires a user to sign in will will store the account info and password in the same way as any website’s log in information. A user who logs into an app on one Windows 8 PC will also be logged in when they move to a different Windows 8 PC (provided they signed in with the same Windows Live ID). It’s likely that other browsers on Windows 8 will be able to make use of this just like Internet Explorer 10.
Microsoft also published a video along with the post to highlight another new security feature of Windows 8, where hardware security mechanisms can be virtualised. Watch the video.
It sounds like security on Windows 8 is going to far more “frictionless” than it ever has been before and at the same time it will allow people to be more secure online and with their apps.