Put this all together and you see a version of Windows that is safe and reliable and easily and quickly made right should something go wrong. This alone is an amazing achievement. That it is but a small part of the list in improvements in Windows 8 suggests that this is a mighty new OS release indeed.

Everyone who uses Windows knows that you typically sign in, or “log in” as we used to say, to the PC using an account with which unique settings, documents and files, and even applications are associated. The types of accounts we’ve used in Windows have certainly evolved over the years, but for the most part, there have been two basic kinds of sign-ins: domain accounts, which are used exclusively by corporations, and local accounts, which are specific only to the PC on which they are used; home users and most individuals have always used this latter account type.

In Windows 8, Microsoft is introducing a new type of sign-in that is tied to a Microsoft account, or what used to be called a Windows Live ID. (With Windows 8, Microsoft is eliminating Windows Live as a brand, but is continuing its most popular products and services, often with new names.) As you’ll discover, this new account type is really just a formalization of a capability that debuted in Windows 7, but it takes on new prominence in Windows 8 thanks to this system’s pervasive PC-to-PC sync capabilities.

Windows 8 also provides interesting new choices for signing in, augmenting the long-lived password system with some new choices that may make more sense on today’s modern Windows devices and PCs. As always, securing your PC against electronic and human attack is job one for Windows 8, and in this version of Windows, you have more tools than ever to help ensure that your PC and its valuable data are safe.

But it all begins with your user account. So let’s look at that first.

Once relegated only to the corporate market, where they have always made sense because of their security and permissions boundaries, user accounts are central to today’s PC experience—so central, in fact, that you establish your user account when you first install Windows or set up your new PC.

Of course, user accounts aren’t generally as restrictive at home as they are at work. It’s your PC, after all, and most people rightly feel that they should be able to do anything they want on their PC. So that first user account you create, during Windows Setup, is automatically an administrator-class account, providing the permissions and access control that one would expect.

These local user accounts, or what we used to call workgroup accounts, work well enough for what they are. And they allow for some niceties, even at home. You can create multiple accounts on a single PC, giving users their own sign-in identity, along with its associated custom settings (desktop wallpapers and so on) and Windows and application configurations.

But local user accounts are starting to show the strain of time, and as our PC usage changes, so do the needs we place on them. For example, most people don’t bother to protect their own user accounts with a password, which can have huge ramifications in the event of a stolen PC. Local accounts are literally local to that one PC and thus hard, if not impossible, to replicate across machines; if you have more than one PC, as so many of us do now, making each one look and work the same is tedious. Local accounts make home network sharing difficult, too, which is why Microsoft created the homegroup sharing technique for Windows 7.

What’s interesting is that Microsoft basically solved these issues over a decade ago when they instituted the Active Directory domain services scheme in Windows Server. This system, which is used by corporations around the world, provides a more centralized approach to user accounts (and other things). So instead of signing in to a single PC and locking all of your personalized settings to that one machine, you sign in, instead, to the domain. And if you need to access a different machine, your customized experience can travel with you, so to speak, from PC to PC. With this scheme, the settings you typically think of being associated with an account are no longer locked into a single PC.

Active Directory is powerful and interesting, but it’s also far too complex for a home network and of course requires expensive and complex servers in addition to the PCs that people actually use each day. So this system isn’t well-suited for regular users at home.

So for Windows 8, Microsoft has created a new type of user account, based on your Microsoft account (previously called Windows Live ID) that provides many of the niceties of Active Directory but with none of the complexity. In fact, for most people, signing in to a Windows 8 PC with a Microsoft account is just as easy as doing so with a traditional local account. But there are numerous advantages to doing so.

So let’s examine them as part of a wider discussion about the types of accounts you can use with Windows 8.

Windows 8 lets you sign in using three different types of accounts: domain, local, and Microsoft.

Domain accounts are used by corporations that utilize an Active Directory infrastructure running on top of Windows Server. The account is centrally managed by your employer, as are whatever permissions and capabilities you may be able to enjoy.

You connect Windows 8 to a domain as you did with previous Windows versions, using the advanced system control panel. Once the domain is configured, you reboot the PC and then sign in with your domain account’s username and password. In use, Windows 8 works almost identically to a local user account, but you lose some of the integration pieces that are special to Microsoft account sign-ins. As we’ll see in just a bit, there is a simple way to mitigate that issue.

In Windows XP, Vista, and 7, most home users signed in to their PC using a local account, or an account that is, literally, local to that one PC. Local accounts are typically one of two account types, administrator or standard. An administrator essentially has complete control of the system and can make any configuration changes they want. A standard user can use most application software and many Windows services, but is prevented from accessing features that could harm the system. For example, standard users cannot install most applications, change the system time, or access certain Control Panel applets.