Local or Microsoft account – Which is best for you?

Local or Microsoft account – Which is best for you?

Not sure which type of Windows user account you should be using?

Will Stapley explains the pros and cons of each option

It’s easy to assume your Windows account simply lets you sign in and out of Windows. However, the type of account you choose can have a significant effect on how Windows behaves. Here, we explain the differences between a Microsoft and local account, so you can decide which one is best for you.

Types of account

In Windows 7 and earlier, a local account (sometimes referred to as an offline account) was the only user account available. It is intended to be used on a single computer, which stores your account username, password and other details on its hard drive.

In contrast, a Microsoft account is stored online and can be used across multiple PCs. You’ll still be able to sign in if your computer is offline, so you won’t be locked out of Windows if your home network goes down or you’re working on your laptop while out and about.

Microsoft still gives you the option of setting up a local account, but it’s hidden away

Microsoft is keen to move users away from using a local account, begrudgingly providing the option when you install Windows (look for the ‘Offline account’ option squirrelled away in the bottom corner of the sign-in window – see screenshot below left). And if you do opt for it, Microsoft will hit you with all the benefits you’ve decided to forego with your choice. There are, without doubt, advantages to using a Microsoft account, but there are also drawbacks, as we will explain.

If you’re not sure which type of account you’re currently using, click Start, then the cog icon to open Settings and select Accounts. In the ‘Your info’ section, you’ll see your user account name. Below this, you’ll either see ‘Local account’ or, if you’re using a Microsoft account, the email address linked to your account.

Signing in & syncing

A Microsoft account makes it much easier to use the company’s other services within Windows. For example, as soon as you sign into your Microsoft account, you’ll also be signed into other services such as OneDrive, Skype and the Microsoft Store. With a local account, you will need to sign into these services individually.

A Microsoft account also syncs your Windows settings (such as your desktop’s theme, ‘ease of access’ settings and Wi-Fi passwords) across all the machines you sign into. This is handy if you tend to use more than one computer or if you’re setting up a new one.

Additionally, you’ll be able to share your Windows Timeline (accessed by clicking the film-strip icon to the right of the Start button) with your other computers. This shows a record of which programs you’ve used and websites you’ve visited over the past few days. By default, it will only show websites viewed using Microsoft’s Edge browser, but the new Web Activities extension for Chrome (www.snipca.com/31360) also lets you sync your Chrome browsing history within your timeline.

This is great if you regularly use more than one computer and want everything synced, but it also lets anyone who logs in using your account see your emails, browsing history, synced files and more.

Security

A Microsoft account stores your password (albeit an encrypted version of it) online. And while Microsoft has a pretty decent security record, so did many companies who have since been the victim of online security breaches. However, even were a hacker to get hold of your Microsoft account password, they couldn’t gain access to your home PC – unless they’d stolen that too. They would, however, have access to files you’d uploaded to OneDrive.

On the face of it, then, a local account may seem less risky, but it too contains security haws. As we explain in Issue 533

Set up security questions for your local account in case you need to reset your password

Keep this option unticked unless

you’re happy for your Windows usage data being sent to Microsoft (page 60), a relatively simple Command Prompt hack can let you (or anyone else) reset your local account password. Microsoft may have quietly fixed this vulnerability with the Windows 10 May Update. When we tried the hack on a preview release, it no longer worked. Whether the fix makes the full update (due end of May) remains to be seen.

While we’re pleased to see the hack may have been addressed, it did represent a way of accessing your local account if you’d forgotten your password. Because Microsoft doesn’t store local account passwords, it can’t reset them for you should yours slip your mind. A Microsoft account, on the other hand, lets you reset your password using the email address registered to your account.

If you decide to use a local account, we recommend you set up security questions – answer these correctly and you’ll be able to reset your password. To set these up, go to Settings, Accounts, ‘Sign-in options’, then scroll down on the right to the Password section and click ‘Update your security questions’ (see screenshot above left).

You can make a Microsoft account more secure by setting up two-factor authentication (2FA). This means that whenever someone tries to sign into your account from a new location, a code will be sent to your phone that needs to be entered to gain access. To set this up, go to the Microsoft account security website (https://account.microsoft.com/security) and sign in (if you’re not already). At the bottom, click the ‘more security options’ link, then ‘Set up two-step verification’ and follow the onscreen instructions.

Using a Microsoft account has other security benefits, including the ability to track your laptop should it be lost or stolen – see our Cover Feature on page 50 for more on tracking your devices. If you run Windows 10 Pro, a Microsoft account will let you use its BitLocker drive- encryption tool and store a copy of the recovery key (required if you need to access the contents of the drive after removing it from your computer) on Microsoft’s servers as a backup.

Privacy

When Microsoft accounts were first introduced in Windows 8, many users had concerns about privacy – specifically over the amount of data Microsoft would collect. In recent years, Microsoft has added settings to let you control how much you share, but it’s still easy to share more than you intend. To stop sharing info about which programs you’ve opened and websites you’ve visited, for example, go to Settings, Privacy, ‘Activity history’ and make sure the ‘Send my activity history to Microsoft’ is unticked (see screenshot).

Using a local account helps prevent this type of data being sent to Microsoft. However, if you want to download an app from the Microsoft Store, for example, you’ll need to sign in with a Microsoft Account – in which case, we recommend you changing the ‘Activity history’ setting as described above.

Our verdict

There’s no doubt a Microsoft account makes Windows easier to use. You don’t need to constantly sign into Microsoft services each time you want to use them and all your settings are synced across all your computers. And as long as you set up two-factor authentication, it’s secure and it provides a hassle-free way to reset your password should you forget it.

Throw in those extra benefits, such as the ability to track your laptop should it go missing, and it’s fair to say we go for a Microsoft account over an old-style local account every time.

That said, if you’ve no interest in using other Microsoft services (or prefer to sign into them individually) and would prefer not to store personal details online or share information with Microsoft, a local account will provide you with everything you need.

Make the switch

Changing from a local account to a Microsoft one (or vice versa) is easy and you can do it as often as you like – and it won’t affect any of your personal files.

Switch to a local account

Go to Settings, Accounts, then make sure the ‘Your info’ section on the left is selected. Click the ‘Sign in with a local account instead’ link on the right. You’ll be prompted to enter your current Microsoft account password, then choose a username and new password. Click ‘Sign out and finish’ to continue (doing this will sign you out of all Microsoft services).

Switch to a Microsoft account

Go to Settings, Accounts, then the ‘Your info’ section, and click the ‘Sign in with a Microsoft account instead’ link (see screenshot). You now need to enter your Microsoft account username and password. If you don’t already have an account, click ‘Create one’, then follow the instructions. Otherwise, enter your current local account password, then click Next. You’ll then be prompted to set up a PIN. This PIN is only stored on your PC and saves you from having to type your full Microsoft account password each time you want to log into Windows. At this point, we also recommend you set up two-factor authentication (see above).

We will be happy to hear your thoughts

      Leave a reply