Figure 12-4: PC Settings provides a new user management interface.
These features, which vary somewhat depending on the type of account you use to sign in, can include:
• Switch to a local account/Switch to a Microsoft account: If you’re signed in with a Microsoft account, there is a Switch to a local account button that will let you do just that, albeit at the expense of losing all of the included functionality one gets with such an account type. If you are signed in with a local account, however, you will see a Switch to a Microsoft account button instead.
• Connect your Microsoft account/Disconnect your Microsoft account: Those who are signed in with a domain account (used only in corporations and other businesses) will see a button, Connect your Microsoft account, as described earlier in this chapter. If you’ve already connected your domain account to a Microsoft account, you will see a Disconnect your Microsoft account button instead.
• Change your password: Those with local or Microsoft account sign-ins can change their password at any time using this button. Domain users will not see this option; instead, you can type Ctrl + Alt + Del and choose the Change a password option from the full-screen menu that appears. However, your ability to actually change your password will be based on corporate policy. (And, in fact, many businesses may require you to change passwords on a regular schedule, whether you want to or not.)
• Create a picture password/Change a picture password: With the advent of touch-based Windows devices, including tablets and other touch screen devices, Windows 8 now offers two fun and efficient new ways to sign in to your computer: picture password and PIN (the latter of which is described next). Neither replaces your normal password. Instead, you can use either to implicitly sign in to the system using your actual password, but using a method that is simpler (and, in this case, a bit more fun) than a normal password. This is especially useful because tapping out a long password on a touch screen can be tedious.
A picture password is essentially a photo over which you trace any combination of three circles, lines, and/or taps, using the device’s touch screen. You might imagine a picture of a family member where you “poke” them in each eye and then draw a smile over their lips as an example of this type of sign-in (though not necessarily one you would want to choose to use, since such a combination of swipes is fairly obvious and could undermine the security of your PC).
Creating a picture password requires completing a short wizard. After providing your password to prove that this is your account, you’re prompted to choose the photo you’ll use. Obviously, you can use any photo of your choosing.
Once you’ve selected the picture and the wizard has verified this selection, you’ll be prompted to set up your gestures, as shown in Figure 12-5. Here, you choose the three gestures you want to use—again, any combination of three circles, lines, and/or taps—as your sign-in.
Figure 12-5: Creating a picture password
The wizard will make you repeat the gestures to ensure that you’ve got the sequence memorized correctly, and then you’re good to go. You can later change the picture password or remove it.
With the understanding that common sense is a key aspect of anyone’s personal security regimen—and, on the flip side, that human error is almost certainly the number one factor behind most security mishaps—we feel compelled to remind readers that picture password, like any other authentication scheme, is only as secure as you make it. So use some common sense when creating a picture password, keeping the following tips in mind:
• Complexity: It’s not hard to guess that a picture password that uses a person’s headshot as the picture most likely involves poking both eyes and making a smile across the lips. Be more creative than that and use a photo that is more complex, with less obvious points of interest.
• Use different gestures: Three identical straight lines do not secure apicture password make. Consider mixing it up, using a combination of taps, straight/curved lines (in both directions), and circles that move in both directions (clockwise and counter-clockwise).
• Physically shield the screen: You wouldn’t let strangers watch you enter your bank card’s PIN at a cash machine. Don’t let onlookers see your picture password … no matter how cute you think it is.
• Clean the screen: Today’s touch-screen devices leave indelible smudges each time you tap or gesture. So be sure to keep your screen clean, reducing the chance that someone could tilt the device in the light and quickly guess which gestures you use to sign in.
You’re not locked into using this or any other sign-in type. You could have a password, a picture password, and a PIN all configured for the same account and then choose which to use at sign-in time.
• Create (or change) a PIN: If you’ve ever used a smartphone, you know that four-digit PINs, or personal identification numbers, are the norms for securely signing in on such devices. This sign-in option allows you to use the same convenient sign-in type on your Windows PC or device, and while it’s particularly nice for touch-screen devices, we’ve both switched to using this sign-in type on our traditional desktop PCs, too, since it’s so fast. Setting up a PIN is very straightforward, and each digit must be a number.
Oddly enough, you can use the picture password and PIN sign-in types even with a domain account. However, some corporations have very strict password policies, so as is the case with other options in this chapter, you may not be able to use these features with a work-based domain account.
• Add a user: If you select the Add a user link under Other users, you’ll be presented with the new full-screen interface shown in Figure 12-6. It’s set up for a Microsoft account by default, but you can click the link titled Sign in without a Microsoft account to configure a traditional local user account instead.
Figure 12-6: Add a user, Metro-styled
So, yes, you can mix and match Microsoft and local accounts (and even domain accounts) on a single PC, though our general rule about using Microsoft accounts exclusively when possible still applies for your own PCs.
PC Settings is cute and everything, but if you want to dive into the nitty-gritty of user account management, you’ll need to visit the old-school Control Panel interface instead. And yes, you still want to know about this interface even if you’re not particularly interested in advanced features. And that’s because there are certain things related to account management that you can only do from Control Panel.
For example, the very first account you create with Windows 8 is always an administrator-class account, and that’s true whether that account is a Microsoft account, as recommended, or a traditional local account. But when you create other accounts, as explained earlier, those accounts are not administrator-type accounts. And the Metro-style PC Settings interface doesn’t offer any way to change them.
But Control Panel does. In fact, Control Panel provides so much additional functionality with regards to user accounts that it seems a shame to ignore it.