What Is A Microsoft Account Used For

User account required for Microsoft-owned services

Microsoft account

An example of a Microsoft account sign-in page
Type of site	Unmarried sign-on
Possessor	Microsoft
URL	business relationship.microsoft.com
Registration	Required (xviii+ since 2012 for Windows Phone, 2013 for Xbox and 2015 for Windows 10, users thirteen-17 years of age must be linked to a parent'southward account)

A Microsoft account or MSA ^[ane] (previously known as Microsoft Passport,^[ii] .Net Passport, and Windows Live ID) is a single sign-on Microsoft user account for Microsoft customers to log in to Microsoft services (like Outlook), devices running on one of Microsoft's electric current operating systems (e.1000. Microsoft Windows computers and tablets, Windows Phones, and Xbox consoles), and Microsoft application software (including Visual Studio).

History [edit]

Microsoft Passport, the predecessor to Windows Live ID, was originally positioned equally a unmarried sign-on service for all spider web commerce. Microsoft Passport received much criticism. A prominent critic was Kim Cameron, the author of The Laws of Identity, ^[three] who questioned Microsoft Passport in its violations of those laws. He then joined Microsoft in 1999 after his visitor was acquired and was its Chief Builder of Access and Identity until his 2019 retirement, helping to address those violations in the pattern of the Windows Live ID identity meta-system. As a consequence, Windows Live ID is non positioned as the single sign-on service for all web commerce, but as i option of many among identity systems.

In December 1999, Microsoft neglected to pay their annual $35 "passport.com" domain registration fee to Network Solutions. The oversight made Hotmail, which used the site for authentication, unavailable on December 24. A Linux consultant, Michael Chaney, paid it the adjacent day (Christmas), hoping it would solve this issue with the downed site. The payment resulted in the site being bachelor the next morning.^[4] In Fall 2003, a similar skillful Samaritan helped Microsoft when they missed payment on the "hotmail.co.great britain" address, although no reanimation resulted.^[5]

In 2001, the Electronic Frontier Foundation's staff attorney Deborah Pierce criticized Microsoft Passport as a potential threat to privacy after it was revealed that Microsoft would take total access to and usage of customer information.^[6] The privacy terms were quickly updated by Microsoft to allay customers' fears.

In July and Baronial 2001, the Electronic Privacy Information Middle and a coalition of fourteen leading consumer groups filed complaints^[7] with the Federal Merchandise Commission (FTC) alleging that the Microsoft Passport system violated Section 5 of the Federal Trade Commission Act (FTCA), which prohibits unfair or deceptive practices in trade.^[eight]

Microsoft had pushed for not-Microsoft entities to create an Net-wide unified-login arrangement.^[ix] Examples of sites that used Microsoft Passport were eBay and Monster.com, but in 2004 those agreements were cancelled.^[10] In August 2009, Expedia sent notice out stating they no longer support Microsoft Passport / Windows Live ID.

In 2012, Windows Live ID was renamed Microsoft account.^[xi] ^[12]

Overview [edit]

Microsoft account allows users to sign into websites that support this service using a single set of credentials. Users' credentials are not checked by Microsoft account-enabled websites, but by a Microsoft account authentication server. A new user signing into a Microsoft account-enabled website is kickoff redirected to the nearest authentication server, which asks for username and countersign over an SSL connection. The user may select to accept their computer retrieve their login: a newly signed-in user has an encrypted time-express cookie stored on their computer and receives a triple DES encrypted ID-tag that previously has been agreed upon betwixt the authentication server and the Microsoft account-enabled website. This ID-tag is then sent to the website, upon which the website plants another encrypted HTTP cookie in the user'due south computer, also time-express. Equally long equally these cookies are valid, the user is not required to supply a username and password. If the user actively logs out of their Microsoft account, these cookies volition be removed.

Microsoft account offers a user two different methods for creating an account:

Use an existing electronic mail address: Users are able to utilize their own valid east-mail address to sign up for a Microsoft account. The service turns the requesting user'southward eastward-mail address into a Microsoft account. Users may also choose a password of their ain choice.
Sign upwardly for a Microsoft email address: Users can also sign upwardly for an eastward-mail account with Microsoft'south webmail services designated domains (i.e. @hotmail.com, @live.com, @msn.com, @passport.com and @outlook.com or any variant for a specific land) that can be used every bit a Microsoft account to sign into other Microsoft account-enabled websites.

Microsoft websites, services, and apps such as Bing, MSN and Xbox Live use Microsoft business relationship every bit a mean of identifying users. There are also several other companies that use it, such as the Hoyts website which is hosted by NineMSN.

Windows XP and later has an option to link a Windows user account with a Microsoft business relationship, thus automatically logging users in to their Microsoft business relationship whenever a service is accessed. Starting with Windows Server 2012, Windows allows users to directly authenticate into their PCs using their Microsoft account rather than a local or domain user.

Profile [edit]

A feature of the Microsoft account service is the profile manager, named Contour, which was formerly part of Windows Live. It displays information about the detail user, their contempo activities, and their relationship with other Windows Live users. Information technology also provides the ability to connect with others through Skype, and via social networks such every bit Facebook, MySpace and LinkedIn.

Users can share some of their personal information such as interests and hobbies, and social information such as their favorites quote, hometown, or places lived previously. Profile besides allows users to modify their privacy settings to decide what is shared.

Web hallmark [edit]

On August 15, 2007, Microsoft released the Windows Live ID Web Hallmark SDK, enabling web developers to integrate Windows Live ID into their websites running on a broad range of web server platforms - including ASP.NET (C#), Coffee, Perl, PHP, Python and Red.^[thirteen] ^[14]

Back up for OpenID [edit]

On October 27, 2008, Microsoft announced that information technology was publicly committed to supporting the OpenID framework, with Windows Live ID condign an OpenID provider.^[15] This would allow users to employ their Windows Alive ID to sign into any website that supports OpenID authentication. There had been no update on Microsoft'south planned implementation of OpenID since August 2009,^[16] all the same since November 2013 Microsoft have publicly participated in OpenID Connect interoperability testing.^[17] ^[18]

Login methods [edit]

In addition to using an account password, users tin can login to their Microsoft account by accepting a mobile notification sent to a mobile device with Microsoft Authenticator, a FIDO2 security token or past using Windows Hello.^[19] Users can too fix two-factor hallmark past getting a time-based, single-use code by text, phone call or using an authenticator app.

Features [edit]

Screenshot of Microsoft account overview page

Microsoft account is the website for users to manage their identity. Features of a Microsoft account include:

updating user's information such as first and concluding names, accost, etc. associated with the business relationship;
updating user settings, such as preferred language or preferences for email communications;
changing or resetting user passwords;
close the business relationship;
view billing details associated with the accounts.

Integrated with [edit]

The following is a listing of computer programs and spider web services that support using Microsoft Account as the credentials required for the hallmark process.

Windows 8 and later
Windows Server 2012 and after
Windows components
- Calendar
- Cortana
- Groove Music
- Feedback Hub
- Postal service
- Movies & TV
- Microsoft Store
- Outlook Express
- People
- Windows Messenger
Windows Telephone vii and later
- Windows Phone Store
Bing
Substitution Online
Commutation Online Protection
Microsoft Office
Function 365
Office Online
OneDrive (formerly SkyDrive)
Outlook.com (formerly Hotmail)
Skype
System Middle Advisor
Visual Studio
Microsoft Azure (formerly Windows Azure)
Windows Insider Program
Windows Live Messenger
Windows Flick Maker
Windows Photo Gallery
Xbox network

Security vulnerabilities [edit]

On June 17, 2007, Erik Duindam, a web developer in the Netherlands, reported a privacy and identity risk, saying a "disquisitional error was made past Microsoft programmers that allows everyone to create an ID for near any electronic mail address."^[twenty] A procedure was found to let users to register invalid or currently used due east-mail service addresses. Upon registration with a valid email accost, an electronic mail verification link was sent to the user. Before using it however, the user was immune to change the e-mail address to one that did not exist, or to an electronic mail address currently used past someone else. The verification link so acquired the Windows Live ID system to ostend the account every bit having a verified email address. That flaw was fixed two days afterward, on June 19, 2007.^[21]

On April xx, 2012, Microsoft stock-still a flaw in Hotmail'due south password reset system that immune anyone to reset the countersign of any Hotmail account. The visitor was notified of the flaw by researchers at Vulnerability Lab on the same day^[22] and responded with a fix inside hours — only not earlier widespread attacks as the exploitation technique spread quickly across the Internet.^[23] ^[24]

On Dec 3, 2015, a security researcher discovered a vulnerability in the Adobe Experience Manager (AEM) software used on signout.alive.com and reported it to the Microsoft Security Response Centre (MSRC). This vulnerability enabled full-authoritative access to the AEM Publish nodes' OSGi console and fabricated it possible to execute code inside of the JVM through the upload of a custom OSGi parcel. The vulnerability was confirmed to take been resolved on May three, 2016.^[25]

References [edit]

^ "Upcoming changes to Windows 10 Insider Preview builds [UPDATED six/22]". Windows Experience Blog. nineteen June 2015. Retrieved April 17, 2016.
^ Microsoft Passport: Streamlining Commerce and Communication on the Spider web
^ Cameron, Kim (May 2005). "The Laws of Identity". Microsoft . Retrieved 2018-07-09 .
^ Chaney, Michael (2000-01-27). "The Passport Payment". Retrieved 2007-xi-03 .
^ Richardson, Tim (2003-11-06). "Microsoft forgets to renew hotmail". The Annals . Retrieved 2007-11-03 .
^ Privacy terms revised for Microsoft Passport
^ http://www.epic.org/privacy/consumer/MS_complaint.pdf^{[ bare URL PDF ]}
^ EPIC: Microsoft Passport Investigation Docket, http://epic.org/privacy/consumer/microsoft/passport.html
^ Microsoft had pushed for non-Microsoft entities
^ Microsoft Passport Dumped Past Ebay
^ Windows 8 Consumer Preview - FAQ
^ "What is a Microsoft account?". Microsoft. Retrieved 2 August 2012. Microsoft account" is the new name for what used to exist called a "Windows Live ID.
^ LiveSide.internet: Windows Live ID Spider web Authentication Is Final Archived 2008-10-23 at the Wayback Automobile 2007-07-xvi
^ Alive ID Team weblog announcement: Windows Live ID Web Authentication SDK for Developers Is Released^{[ dead link ]} 2007-07-15
^ Windows Alive ID Becomes an OpenID Provider
^ Windows Live ID OpenID Status Update
^ "Microsoft publicly participates in OpenID Connect interoperability testing".
^ "Microsoft 365 documentation".
^ Warren, Tom (xx Nov 2018). "You tin now sign into a Microsoft Business relationship without a password using a security fundamental". The Verge. Phonation Media. Retrieved 27 Nov 2018.
^ "Windows Live ID security breached" on erikduindam.com
^ Microsoft Windows Live Flaw Opened Door to Scammers Archived 2008-05-18 at the Wayback Car
^ "Microsoft MSN Hotmail - Password Reset & Setup Vulnerability". Archived from the original on 2019-01-06. Retrieved 2012-04-28 .
^ Twitter / @msftsecresponse: On Fri nosotros addressed a reset function incident to aid protect Hotmail customers, no action needed
^ Bright, Peter (April 27, 2012). "Microsoft patches major Hotmail 0-twenty-four hours flaw later patently widespread exploitation". Ars Technica. Archived from the original on October 21, 2012. Retrieved October 21, 2012.
^ "Remote Lawmaking Execution (RCE) on Microsoft's 'signout.live.com'"

Farther reading [edit]

Creating a Microsoft account
Introduction to Windows Live ID whitepaper — Provides a brief overview of the Windows Live ID service in the context of Microsoft'due south overall identity strategy.
Understanding Windows Live Delegated Authentication whitepaper — Describes how a Spider web site can utilize the Windows Alive ID Delegated Authentication system to get permission to access users' information on Windows Alive services.
Windows Live ID Federation whitepaper — Describes the concept of identity federation and offers considerable detail near how the Windows Live ID service supports it.