3.Managing Accounts
In previous Windows versions, we
managed local user accounts in Control Panel, a desktop user interface
that dates back to the earliest days of Windows. But in Windows 8,
basic user account management tasks now occur within the Metro-based PC
Settings instead, while, confusingly, a few more advanced or esoteric
features can still be found in legacy control panels. So you may find
yourself moving back and forth between the two environments depending
on your needs.
Let’s start with the basics.
Managing Accounts in PC Settings
Like many Metro interfaces, the Users section in PC Settings is almost disarmingly simple. As you can see in Figure 4,
this UI lets you manage features related to your own and other user
accounts. (This figure displays the version of this screen that most
users will see, since it depicts a Microsoft account.)
These features, which vary somewhat depending on the type of account you use to sign in, can include:
- Switch to a local account/Switch to a Microsoft account: If
you’re signed in with a Microsoft account, there is a Switch to a local
account button that will let you do just that, albeit at the expense of
losing all of the included functionality one gets with such an account
type. If you are signed in with a local account, however, you will see
a Switch to a Microsoft account button instead.
- Connect your Microsoft account/Disconnect your Microsoft account: Those
who are signed in with a domain account (used only in corporations and
other businesses) will see a button, Connect your Microsoft account. If you’ve already connected your
domain account to a Microsoft account, you will see a Disconnect your
Microsoft account button instead.
- Change your password: Those
with local or Microsoft account sign-ins can change their password at
any time using this button. Domain users will not see this option;
instead, you can type Ctrl + Alt + Del and choose the Change a password
option from the full-screen menu that appears. However, your ability to
actually change your password will be based on corporate policy. (And,
in fact, many businesses may require you to change passwords on a
regular schedule, whether you want to or not.)
- Create a picture password/Change a picture password: With
the advent of touch-based Windows devices, including tablets and other
touch screen devices, Windows 8 now offers two fun and efficient new
ways to sign in to your computer: picture password and PIN (the latter
of which is described next). Neither replaces your normal password.
Instead, you can use either to implicitly sign in to the system using
your actual password, but using a method that is simpler (and, in this
case, a bit more fun) than a normal password. This is especially useful
because tapping out a long password on a touch screen can be tedious.
A picture password is essentially a photo
over which you trace any combination of three circles, lines, and/or
taps, using the device’s touch screen. You might imagine a picture of a
family member where you “poke” them in each eye and then draw a smile
over their lips as an example of this type of sign-in (though not
necessarily one you would want to choose to use, since such a
combination of swipes is fairly obvious and could undermine the
security of your PC).
Creating a picture password requires
completing a short wizard. After providing your password to prove that
this is your account, you’re prompted to choose the photo you’ll use.
Obviously, you can use any photo of your choosing.
Once you’ve selected the picture and the
wizard has verified this selection, you’ll be prompted to set up your
gestures, as shown in Figure 5.
Here, you choose the three gestures you want to use—again, any
combination of three circles, lines, and/or taps—as your sign-in.
The wizard will make you repeat the gestures
to ensure that you’ve got the sequence memorized correctly, and then
you’re good to go. You can later change the picture password or remove
it.
Common Sense Security Tips for Picture Password
With the understanding that common sense
is a key aspect of anyone’s personal security regimen—and, on the flip
side, that human error is almost certainly the number one factor behind
most security mishaps—we feel compelled to remind readers that picture
password, like any other authentication scheme, is only as secure as
you make it. So use some common sense when creating a picture password,
keeping the following tips in mind:
- Complexity: It’s
not hard to guess that a picture password that uses a person’s headshot
as the picture most likely involves poking both eyes and making a smile
across the lips. Be more creative than that and use a photo that is
more complex, with less obvious points of interest.
- Use different gestures: Three
identical straight lines do not secure apicture password make. Consider
mixing it up, using a combination of taps, straight/curved lines (in
both directions), and circles that move in both directions (clockwise
and counter-clockwise).
- Physically shield the screen: You
wouldn’t let strangers watch you enter your bank card’s PIN at a cash
machine. Don’t let onlookers see your picture password . . . no matter
how cute you think it is.
- Clean the screen: Today’s
touch-screen devices leave indelible smudges each time you tap or
gesture. So be sure to keep your screen clean, reducing the chance that
someone could tilt the device in the light and quickly guess which
gestures you use to sign in.
You’re not locked into using this or any
other sign-in type. You could have a password, a picture password, and
a PIN all configured for the same account and then choose which to use
at sign-in time.
- Create (or change) a PIN: If
you’ve ever used a smartphone, you know that four-digit PINs, or
personal identification numbers, are the norms for securely signing in
on such devices. This sign-in option allows you to use the same
convenient sign-in type on your Windows PC or device, and while it’s
particularly nice for touch-screen devices, we’ve both switched to
using this sign-in type on our traditional desktop PCs, too, since it’s
so fast. Setting up a PIN is very straightforward, and each digit must
be a number.
NOTE Oddly
enough, you can use the picture password and PIN sign-in types even
with a domain account. However, some corporations have very strict
password policies, you may not be able to use these features with a work-based
domain account.
- Add a user: If you select the Add a user link under Other users, you’ll be presented with the new full-screen interface shown in Figure 6.
It’s set up for a Microsoft account by default, but you can click the
link titled Sign in without a Microsoft account to configure a
traditional local user account instead.
So, yes, you can mix and match Microsoft and
local accounts (and even domain accounts) on a single PC, though our
general rule about using Microsoft accounts exclusively when possible
still applies for your own PCs.
