Microsoft have taken some time on their Windows Blog to explain how signing in to Windows 8 across multiple computers with a Windows Live ID will work.
They acknowledge that users have wanted to see true Windows desktop portability for quite a while.
With Windows 8, they plan to give us exactly that.
In the new OS, you will be able to have your personal Windows experience on any Windows 8 PC you sign in to with your Windows Live ID.
Settings such as your lock screen picture, desktop background, user tile, browser favorites and history, spell check dictionaries, Explorer settings, mouse settings, and accessibility settings, among many others will be associated with your Windows 8 account and stored in the cloud.
They will be kept in sync and come down to each machine you use as they are changed or updated. this is also going to include Metro style apps.
They give an example:
For example, let’s say you are reading the news in a reader app on your tablet. If you add specific feeds you want to continue to follow, those feeds could automatically be available in the same reader app on any of your other Windows 8 PCs. We will also enable developers to build Metro style apps that tell Windows their state, so you can pick up where you left off as you move between PCs. You can pick up on the same page of a book, the same level of a game, or the same place in the movie you were watching as you switch between your Windows 8 PCs. In the developer preview of Windows 8, you can see this functionality in Internet Explorer 10.
Important distinction here. Non Metro apps will not roam with Windows 8 PC’s and tablets on network domains (for obvious reasons) and this is discouraged.
Microsoft have also introduced a form of Single Signon into the mix. They removed the obstacle of having to sign in to multiple services and applications.
Once you’ve signed in to Windows with your ID, you do not need to enter it again to sign in to any app or website that also uses Windows Live ID.
Secondly, if you choose to, Windows can store separate Metro style app and web site credentials. Those credentials can then sync to each Windows 8 PC that you’ve trusted and verified yourself with.
The following setting groups can be modified so you can sync some or all of your information.
These groups include:
- Ease of access
- Language preferences
- Web browser
- Other stuff
- Some passwords
It is also important that you maintain control of your data when work and personal start to mix. The user has to think through what is appropriate to be synced between work and personal PC’s.
IT administrators are able to control what a user can sync to a work PC through group policy. They can decide if a worker can link their domain account to an ID, and if the admin allows that link, what types of data the worker is allowed to sync.
Cool Enterprise security note
Credentials that are entered and stored on a domain-joined machine do not get uploaded to the cloud, and never get synced to your other PCs – this ensures that corporate credentials stay on the PCs that are managed by the IT admin.
From a privacy perspective, they focus on 3 main areas
- Your Windows Live ID user name and password
- Your Windows Live ID user profile
- The settings and data you choose to sync
Microsoft will require a strong password (and you can’t leave password blank). They will also require secondary proof of your identity. Examples of secondary proofs are alternative email addresses, mobile phone numbers, and questions with secret answers—something that generally only you will know.
Another good thing about having a Windows ID is:
Signing in with a Windows Live ID also gives you much more control over your password, including your ability to recover a lost one. If you use a local account and you forget your password, you’re in a tough spot, and your options are limited.
You may be able to recover your password with a hint or a recovery key, but if neither of those works, you’re generally left with having to rebuild your PC from scratch. (Technically there are some password cracking tools available on the Internet that you could download and try, but they’re unlikely to work on a suitably strong password, and many of the cracking tools available online are actuallymalware downloads!)
However, if you sign in to your PC with your Windows Live ID and you later forget your password, you can reset your password from another PC by navigating to https://login.live.com and clicking on “forgot my password.” This will allow you to reset your password in a secure fashion without losing any information on your PC. Resetting your password this way is also more secure because it takes advantage of the secondary proof we mentioned earlier to make sure it’s really you resetting your password.
Now if your Windows LIVE ID gets stolen, Microsoft have some countermeasures as well.
Windows Live ID includes a number of different safety features to detect if your account is stolen, and it will change your account to a “compromised” state (limiting what it can do) until you can regain control of your account using the two-factor authentication features (secondary proofs) that you set up earlier.
Importantly, you will still have full access to your PC, since your PC will allow you to log in with the password you had before your account was stolen – you just won’t be able to use the services and applications that rely on this ID until you go through our “recover my account” workflow online.
As mentioned earlier, there are three categories of data that can be synced to your Windows 8 PCs when you sign in with your ID:
1) Windows settings,
2) App settings and data, and
This data is stored in the cloud so that it is available to you when you sign in to your various Windows 8 PCs.
In order to secure user data, Microsoft have taken several measures.
First, we do not roam data over WWAN by default. Second, all user data is encrypted on the client before it is sent to the cloud. All data and settings that leave your PC are transmitted using SSL/TLS. The most sensitive information, like your credential information, is encrypted once based on your password and then encrypted again as it is sent across the Internet.
The data stored is not available to other Microsoft services or third parties. Lastly, before the sensitive information can be accessed on a second Windows 8 PC for the first time, you must establish “trust” for that PC by providing further proof of your identity. This further proof can be done by providing Windows with a code sent to your mobile phone number or by following the instructions sent to an alternate email address.
Any of the data that is saved to the cloud via the roaming mechanism is only accessed by Windows for roaming. This is very important. So for example, Internet Explorer’s history is saved as a roaming state but is not used or accessed in any other context—it is no different than if you had manually created that same record of website history on another PC.
Basically Microsoft are doing their very best to knock this one out of the ball park.
This has been the number one requirement of cloud computing based OS’es that readers of this site have requested and Microsoft seem to have heard the call.
Here’s the video they released.
You can read the full article here.