Windows 8 and Windows Live sign-on. Revolution or Flawed Gem?

About a month has passed since BUILD and that has left us with a lot of time to ponder about all the revealed features and possibilities. One feature that immediately captured my mind was the Windows Live integration. It amazed, dazzles and at the same time frightens me. It’s just so special, almost revolutionary, and might drastically change, and maybe endanger how we use a PC in the future.

I once joked about the “3 screens and the cloud” strategy Microsoft had (and still has) several years back and said: “In ten years, you’ll be able to log in on any device with the same username and password and all of the content (UI, applications, games) is streamed from SkyDrive so you don’t need to redownload or reconfigure applications, as everything is one.” Now, they kind of did that with Windows 8, in a much smaller form but still… it’s fascinating, and scary.

Today, many programs and websites require you to have a custom user account and password to use their applications (Think of applications like Teamviewer, social media in desktop clients, Skype,…). In Windows 8 developers can integrate Windows Live in their applications to handle sign ins. Taking this approach means users will only have to use 1 password, and developers can easily integrate SkyDrive to save user’s settings, media and other stuff. On top of that, your data is stored in the cloud so your applications essentially becomes computer-independent. You can log in on a Windows 8 PC, netbook or slate from anywhere in the world, run your application and have all your data and settings automatically stored to, and pulled from the cloud. Maybe you can go even further and synchronize application state to the cloud, making you able to continue working in your application from where you left off, from anywhere or any device you’d want.

Below are some quotes from the Building Windows 8 blog

  • Associate the most commonly used Windows settings with your user account. Saved settings are available when you sign in to your account on any Windows 8 PC. Your PC will be set up just the way you are used to!
  • Easily reacquire your Metro style apps on multiple Windows 8 PCs. The app’s settings and last-used state persist across all your Windows 8 PCs.
  • Save sign-in credentials for the different apps and websites you use and easily get back into them without having to enter credentials every time.
  • Automatically sign in to apps and services that use Windows Live ID for authentication.

Another benefit of signing in with a Windows Live ID is how we’ve simplified the need to sign in to multiple services and applications. We accomplish this in two ways. First, once you’ve signed in to Windows with your ID, you do not need to enter it again to sign in to any app or website that also uses Windows Live ID.

There are two great blog posts on the Windows Live integration on the Building Windows 8 blog so far, one of them covering the basics, the other going a little bit more in-depth about the programming side.

While all of this is great, having only one password for everything raises some security concerns. The B8 blog details some of their improved security measures, but I can’t help seeing some serious issue

We’ve taken measures to safeguard the ID and password you use to sign in to Windows. We do this in a couple of ways. First, we will require a strong password (and you can’t leave password blank). Next, we’ll collect a secondary proof of your identity. This will allow us to establish “trust” with specific PCs that you use frequently or own. This in turn will also enable more secure syncing of private data like passwords. Collecting the secondary proof of your identity also helps make account recovery easier and more secure. Examples of secondary proofs are alternative email addresses, mobile phone numbers, and questions with secret answers—something that generally only you will know.

Still it frightens me, no matter how you turn it, it stays an hardware-independent email and password, and your @hotmail or @live-email address is public already. According to the team’s blog post on Windows Live integration, there will be several safety features to prevent account theft, but I’m still wary of this. It stays a password which everyone on the planet can try to hack at any time.

You might also be wondering, “what happens if somehow my Windows Live ID gets stolen?”  Well, we have some help for you there too. Windows Live ID includes a number of different safety features to detect if your account is stolen, and it will change your account to a “compromised” state (limiting what it can do) until you can regain control of your account using the two-factor authentication features (secondary proofs) that you set up earlier. Importantly, you will still have full access to your PC, since your PC will allow you to log in with the password you had before your account was stolen – you just won’t be able to use the services and applications that rely on this ID until you go through our “recover my account” workflow online.

Today, if your password gets hacked, people can see your emails and files on Skydrive until your account gets deactivated. In the future, Windows 8 users will probably share many more of their files on Skydrive, and all of this together with all your Windows 8 application settings and personalization options. Sounds dangerous right? When someone obtains your password and logs into their Windows 8 machine, you can be in serious trouble. And what if  you disable your Live ID? Do all settings suddenly get lost? Can you still log into Windows 8 and use the applications which makes use of the Windows Live Log-On feature? All of this still remains to be seen but right now the security in the Developer Preview seems weak, I was able to log onto another Windows 8 PC on another network using my Live ID and all of my settings and (the small amount of) personalization immediately popped up. I really hope they implement a bit more security here, like a secret question, fingerprint or webcam verification.

In the end, the Windows Live Integration is a great thing for other applications to easily enable a single and unified log-on experience. Its success will entirely depend on whether developers can do some interesting things with it. I’m worried that this feature, because of poor developer support and security will turn out like the Windows 7 Federated Search feature (Something quite cool that nobody really remembers, you?). If it does not, however, this might just become the “killer app” of the so many killer apps in Windows 8 as it enables you to be completely hardware-independent. All of your PCs, even public Windows 8 PCs will be “one” after logging in with your Live ID, provided your password didn’t get hacked. It could be revolutionary, even “magical”, and Microsoft will finally be a little bit closer to their 3 Screens and the Cloud strategy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s