Microsoft is changing the way logins work: here’s what that means for you

Microsoft has (very quietly) announced that it will be changing the way account sign-ins work in February – and the new system could pose a significant security risk for some users.

Squirreled away in the Microsoft Account Help page of the Support section on Microsoft’s website, the change essentially states that users will remain logged in by default any time they sign in via a browser or app on any device – meaning that if you sign into your Microsoft account to check your emails in Outlook or access your OneDrive on a public computer (or, say, a friend or colleague’s device) you’ll no longer be automatically signed out afterwards, even if you close the browser entirely.

In other words, your emails, cloud files, and even your search and browsing history will remain accessible to anyone who uses that device, potentially leaving your personal data vulnerable. According to Microsoft, users will be able to circumvent the new sign-in setting by accessing their account while using the private browsing feature on their browser of choice.

An odd change from Microsoft

The real question here is simply: why? Automatically signing out in-browser users is a common staple of many software accounts, especially those that might be accessed from multiple devices – I personally have to log into a minimum of three different accounts in Chrome just to start working every morning. It seems to me that this should be an opt-in feature instead of the new default.

It doesn’t help that Microsoft hasn’t exactly been public about this change, especially given the potential security risks it poses – although I shouldn’t be too harsh straight off the bat, since the change hasn’t been implemented yet (I assume it will be active from February 1) and Microsoft could introduce a new pop-up or warning message informing users that they won’t be logged out automatically when they close the window unless they’re using private browsing.

If I had to guess, I’d say that this move is for the convenience of frequent users; although dedicated desktop apps for software like Outlook and OneDrive exist, there’s no doubt that a large cohort of Microsoft account holders who like to keep things old-school and access their emails and cloud storage via a browser instead. I get it; Gmail doesn’t have a standalone desktop app for Windows, but I’d probably still just open it in a browser tab anyway even if it did.

It’s worth noting that Microsoft’s upcoming change effectively mirrors the way that Google accounts already work – and before you ask, yes, this is a bit of a black mark against Google, since the same potential security issues apply here. If you don’t have two-factor authentication active and leave your Google account logged in on a device, you’ll remain signed in indefinitely unless you log out or use private browsing.

If you only access your emails and OneDrive on your home PC or laptop, this change could certainly speed things up for users – not having to sign in manually might only save a few seconds, but it feeds into the overall streamlining that Microsoft is currently going for across all of its services. Nonetheless, I’m a little concerned by the change, so I hope that Microsoft takes appropriate steps to make it as idiot-proof as possible.

You might also like…