fbpx
Wikipedia

Microsoft account

January 01, 1970

"Microsoft Passport" redirects here. For Windows 10 security feature of the same name, see Windows 10 § System security.

A Microsoft account or MSA[1] (previously known as Microsoft Passport,[2] .NET Passport, and Windows Live ID) is a single sign-on personal user account for Microsoft customers to log in to consumer[3][4] Microsoft services (like Outlook.com), devices running on one of Microsoft's current operating systems (e.g. Microsoft Windows computers and tablets, Xbox consoles), and Microsoft application software (including Visual Studio).

Microsoft account logo

Overview edit

Microsoft account allows users to sign into websites that support this service using a single set of credentials - these usernames are in the same form as an email address. Microsoft account offers a user two different methods for creating an account:

  1. Use an existing e-mail address: Users are able to use their own valid e-mail address to sign up for a Microsoft account. The service turns the requesting user's e-mail address into a Microsoft account ID. Users may also choose a password of their own choice.
  2. Sign up for a Microsoft e-mail address: Users can also sign up for a free e-mail account through Outlook.com or MSN, with Microsoft's webmail services designated domains (i.e. @hotmail.com, @outlook.com, @msn.com[a]) that can be used as a Microsoft account to sign into other Microsoft account-enabled websites.

The domains @live.com and @passport.com, as well as other domains are no longer offered, but existing accounts are maintained.

Microsoft websites, services, and apps such as Bing, MSN and Xbox Live use Microsoft account as a means of identifying users. There are also several other companies that use it, such as the Hoyts website which is hosted by NineMSN.

Windows XP and later has an option to link a local Windows user account with a Microsoft account, thus automatically logging users in to their Microsoft account whenever a service is accessed. Starting with Windows 8 and Windows Server 2012, Windows allows users to directly authenticate into their PCs using their Microsoft account rather than a local or domain user.[5]

Login methods edit

In addition to using an account password, users can login to their Microsoft account by accepting a mobile notification sent to a mobile device with Microsoft Authenticator, a FIDO2 security token or by using Windows Hello.[6] Users can also set up two-factor authentication by getting a time-based, single-use code by text, phone call or using an authenticator app.

Technical details edit

Users' credentials are not checked by Microsoft account-enabled websites, but by a Microsoft account authentication server. A new user signing into a Microsoft account-enabled website is first redirected to the nearest authentication server, which asks for username and password over an SSL connection. The user may select to have their computer remember their login: a newly signed-in user has an encrypted time-limited cookie stored on their computer and receives a triple DES encrypted ID-tag that previously has been agreed upon between the authentication server and the Microsoft account-enabled website. This ID-tag is then sent to the website, upon which the website plants another encrypted HTTP cookie in the user's computer, also time-limited. As long as these cookies are valid, the user is not required to supply a username and password. If the user actively logs out of their Microsoft account, these cookies will be removed.

Relationship with work or school account edit

Microsoft also offer a work or school account which are set up by an administrator as part of an organization. These accounts are separate from Microsoft accounts (which is also called personal account) and cannot be merged, but may be used side-by-side by a user.[7][8] A work or school account uses the Azure Active Directory domain platform.[9]

History edit

Microsoft Passport, the predecessor to Windows Live ID, was originally positioned as a single sign-on service for all web commerce. Microsoft Passport received much criticism. A prominent critic was Kim Cameron, the author of The Laws of Identity,[10] who questioned Microsoft Passport in its violations of those laws. He then joined Microsoft in 1999 after his company was acquired and was its chief architect of access and identity until his 2019 retirement, helping to address those violations in the design of the Microsoft Account identity meta-system. As a consequence, Microsoft Accounts are not positioned as the single sign-on service for all web commerce, but as one choice of many among identity systems.

In December 1999, Microsoft neglected to pay their annual $35 "passport.com" domain registration fee to Network Solutions. The oversight made Hotmail, which used the site for authentication, unavailable on December 24. A Linux consultant, Michael Chaney, paid it the next day (Christmas), hoping it would solve this issue with the downed site. The payment resulted in the site being available the next morning.[11] In Autumn 2003, a similar good Samaritan helped Microsoft when they missed payment on the "hotmail.co.uk" address, although no downtime resulted.[12]

In 2001, the Electronic Frontier Foundation's staff attorney Deborah Pierce criticized Microsoft Passport as a potential threat to privacy after it was revealed that Microsoft would have full access to and usage of customer information.[13] The privacy terms were quickly updated by Microsoft to allay customers' fears.

In July and August 2001, the Electronic Privacy Information Center and a coalition of fourteen leading consumer groups filed complaints[14] with the Federal Trade Commission (FTC) alleging that the Microsoft Passport system violated Section 5 of the Federal Trade Commission Act (FTCA), which prohibits unfair or deceptive practices in trade.[15]

Microsoft had pushed for non-Microsoft entities to create an Internet-wide unified-login system.[16] Examples of sites that used Microsoft Passport were eBay and Monster.com, but in 2004 those agreements were canceled.[17] In August 2009, Expedia sent notice out stating they no longer support Microsoft Passport / Windows Live ID.

In 2012, Windows Live ID was renamed Microsoft account.[18][19]

Features edit

Microsoft account is the website for users to manage their identity. Features of a Microsoft account include:

  • updating user's information such as first and last names, address, etc. associated with the account;
  • updating user settings, such as preferred language or preferences for email communications;
  • changing or resetting user passwords;
  • close the account;
  • view billing details associated with the accounts.

Integrated with edit

The following is a list of computer programs and web services that support using Microsoft Account as the credentials required for the authentication process.

Web authentication edit

On August 15, 2007, Microsoft released the Windows Live ID Web Authentication SDK, enabling web developers to integrate Windows Live ID into their websites running on a broad range of web server platforms - including ASP.NET (C#), Java, Perl, PHP, Python and Ruby.[20][21]

Support for OpenID edit

On October 27, 2008, Microsoft announced that it was publicly committed to supporting the OpenID framework, with Windows Live ID becoming an OpenID provider.[22] This would allow users to use their Windows Live ID to sign into any website that supports OpenID authentication. There had been no update on Microsoft's planned implementation of OpenID since August 2009,[23] however since November 2013 Microsoft have publicly participated in OpenID Connect interoperability testing.[24][25]

Security vulnerabilities edit

On June 17, 2007, Erik Duindam, a web developer in the Netherlands, reported a privacy and identity risk, saying a "critical error was made by Microsoft programmers that allows everyone to create an ID for virtually any e-mail address."[26] A procedure was found to allow users to register invalid or currently used e-mail addresses. Upon registration with a valid e-mail address, an e-mail verification link was sent to the user. Before using it however, the user was allowed to change the e-mail address to one that did not exist, or to an e-mail address currently used by someone else. The verification link then caused the Windows Live ID system to confirm the account as having a verified email address. That flaw was fixed two days later, on June 19, 2007.[27]

On April 20, 2012, Microsoft fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account. The company was notified of the flaw by researchers at Vulnerability Lab on the same day[28] and responded with a fix within hours — but not before widespread attacks as the exploitation technique spread quickly across the Internet.[29][30]

On December 3, 2015, a security researcher discovered a vulnerability in the Adobe Experience Manager (AEM) software used on signout.live.com and reported it to the Microsoft Security Response Center (MSRC). This vulnerability enabled full-administrative access to the AEM Publish nodes' OSGi console and made it possible to execute code inside of the JVM through the upload of a custom OSGi bundle. The vulnerability was confirmed to have been resolved on May 3, 2016.[31]

See also edit

Other identity services

Identity management

References edit

  1. ^ "Upcoming changes to Windows 10 Insider Preview builds [UPDATED 6/22]". Windows Experience Blog. June 19, 2015. Retrieved April 17, 2016.
  2. ^ Microsoft Passport: Streamlining Commerce and Communication on the Web
  3. ^ "What's the difference between a personal Microsoft account and a work or school account?". TECHCOMMUNITY.MICROSOFT.COM. Retrieved October 4, 2023.
  4. ^ "What is my user ID and why do I need it for Office 365 for business? - Microsoft Support". support.microsoft.com. Retrieved October 4, 2023.
  5. ^ "Windows 8: The official review". PCWorld. Retrieved November 24, 2023.
  6. ^ Warren, Tom (November 20, 2018). "You can now sign into a Microsoft Account without a password using a security key". The Verge. Vox Media. Retrieved November 27, 2018.
  7. ^ "Why you need a Microsoft account, or work or school account with Microsoft 365 or Office - Microsoft Support". support.microsoft.com. Retrieved November 24, 2023.
  8. ^ "Which account do you want to use? - Microsoft Support". support.microsoft.com. Retrieved November 24, 2023.
  9. ^ "What's the difference between a personal Microsoft account and a work or school account?". TECHCOMMUNITY.MICROSOFT.COM. Retrieved November 24, 2023.
  10. ^ Cameron, Kim (May 2005). "The Laws of Identity". Microsoft. Retrieved July 9, 2018.
  11. ^ Chaney, Michael (January 27, 2000). "The Passport Payment". Retrieved November 3, 2007.
  12. ^ Richardson, Tim (November 6, 2003). "Microsoft forgets to renew hotmail". The Register. Retrieved November 3, 2007.
  13. ^ Privacy terms revised for Microsoft Passport
  14. ^ http://www.epic.org/privacy/consumer/MS_complaint.pdf [bare URL PDF]
  15. ^ EPIC: Microsoft Passport Investigation Docket, http://epic.org/privacy/consumer/microsoft/passport.html
  16. ^ Microsoft had pushed for non-Microsoft entities
  17. ^ Microsoft Passport Dumped By Ebay
  18. ^ Windows 8 Consumer Preview - FAQ
  19. ^ "What is a Microsoft account?". Microsoft. Retrieved August 2, 2012. Microsoft account" is the new name for what used to be called a "Windows Live ID.
  20. ^ LiveSide.net: Windows Live ID Web Authentication Is Final October 23, 2008, at the Wayback Machine July 16, 2007
  21. ^ Live ID Team blog announcement: Windows Live ID Web Authentication SDK for Developers Is Released [dead link] July 15, 2007
  22. ^ Windows Live ID Becomes an OpenID Provider
  23. ^ Windows Live ID OpenID Status Update
  24. ^ "Microsoft publicly participates in OpenID Connect interoperability testing".
  25. ^ "Microsoft 365 documentation".
  26. ^ "Windows Live ID security breached" on erikduindam.com
  27. ^ Microsoft Windows Live Flaw Opened Door to Scammers May 18, 2008, at the Wayback Machine
  28. ^ . Archived from the original on January 6, 2019. Retrieved April 28, 2012.
  29. ^ Twitter / @msftsecresponse: On Friday we addressed a reset function incident to help protect Hotmail customers, no action needed
  30. ^ Bright, Peter (April 27, 2012). "Microsoft patches major Hotmail 0-day flaw after apparently widespread exploitation". Ars Technica. from the original on October 6, 2012. Retrieved October 21, 2012.
  31. ^ "Remote Code Execution (RCE) on Microsoft's 'signout.live.com'"
  1. ^ @msn.com addresses are only offered to MSN Dial-up and MSN Premium customers

Further reading edit

  • Creating a Microsoft account
  • Introduction to Windows Live ID whitepaper — Provides a brief overview of the Windows Live ID service in the context of Microsoft's overall identity strategy.
  • Understanding Windows Live Delegated Authentication whitepaper — Describes how a Web site can use the Windows Live ID Delegated Authentication system to get permission to access users' information on Windows Live services.
  • Windows Live ID Federation whitepaper — Describes the concept of identity federation and offers considerable detail about how the Windows Live ID service supports it.

External links edit

  • Official website

January 01, 1970
microsoft, account, microsoft, passport, redirects, here, windows, security, feature, same, name, windows, system, security, previously, known, microsoft, passport, passport, windows, live, single, sign, personal, user, account, microsoft, customers, consumer,. Microsoft Passport redirects here For Windows 10 security feature of the same name see Windows 10 System security A Microsoft account or MSA 1 previously known as Microsoft Passport 2 NET Passport and Windows Live ID is a single sign on personal user account for Microsoft customers to log in to consumer 3 4 Microsoft services like Outlook com devices running on one of Microsoft s current operating systems e g Microsoft Windows computers and tablets Xbox consoles and Microsoft application software including Visual Studio Microsoft account logo Contents 1 Overview 1 1 Login methods 1 2 Technical details 1 3 Relationship with work or school account 2 History 3 Features 3 1 Integrated with 3 2 Web authentication 3 3 Support for OpenID 4 Security vulnerabilities 5 See also 6 References 7 Further reading 8 External linksOverview editMicrosoft account allows users to sign into websites that support this service using a single set of credentials these usernames are in the same form as an email address Microsoft account offers a user two different methods for creating an account Use an existing e mail address Users are able to use their own valid e mail address to sign up for a Microsoft account The service turns the requesting user s e mail address into a Microsoft account ID Users may also choose a password of their own choice Sign up for a Microsoft e mail address Users can also sign up for a free e mail account through Outlook com or MSN with Microsoft s webmail services designated domains i e hotmail com outlook com msn com a that can be used as a Microsoft account to sign into other Microsoft account enabled websites The domains live com and passport com as well as other domains are no longer offered but existing accounts are maintained Microsoft websites services and apps such as Bing MSN and Xbox Live use Microsoft account as a means of identifying users There are also several other companies that use it such as the Hoyts website which is hosted by NineMSN Windows XP and later has an option to link a local Windows user account with a Microsoft account thus automatically logging users in to their Microsoft account whenever a service is accessed Starting with Windows 8 and Windows Server 2012 Windows allows users to directly authenticate into their PCs using their Microsoft account rather than a local or domain user 5 Login methods edit In addition to using an account password users can login to their Microsoft account by accepting a mobile notification sent to a mobile device with Microsoft Authenticator a FIDO2 security token or by using Windows Hello 6 Users can also set up two factor authentication by getting a time based single use code by text phone call or using an authenticator app Technical details edit Users credentials are not checked by Microsoft account enabled websites but by a Microsoft account authentication server A new user signing into a Microsoft account enabled website is first redirected to the nearest authentication server which asks for username and password over an SSL connection The user may select to have their computer remember their login a newly signed in user has an encrypted time limited cookie stored on their computer and receives a triple DES encrypted ID tag that previously has been agreed upon between the authentication server and the Microsoft account enabled website This ID tag is then sent to the website upon which the website plants another encrypted HTTP cookie in the user s computer also time limited As long as these cookies are valid the user is not required to supply a username and password If the user actively logs out of their Microsoft account these cookies will be removed Relationship with work or school account edit Microsoft also offer a work or school account which are set up by an administrator as part of an organization These accounts are separate from Microsoft accounts which is also called personal account and cannot be merged but may be used side by side by a user 7 8 A work or school account uses the Azure Active Directory domain platform 9 History editMicrosoft Passport the predecessor to Windows Live ID was originally positioned as a single sign on service for all web commerce Microsoft Passport received much criticism A prominent critic was Kim Cameron the author of The Laws of Identity 10 who questioned Microsoft Passport in its violations of those laws He then joined Microsoft in 1999 after his company was acquired and was its chief architect of access and identity until his 2019 retirement helping to address those violations in the design of the Microsoft Account identity meta system As a consequence Microsoft Accounts are not positioned as the single sign on service for all web commerce but as one choice of many among identity systems In December 1999 Microsoft neglected to pay their annual 35 passport com domain registration fee to Network Solutions The oversight made Hotmail which used the site for authentication unavailable on December 24 A Linux consultant Michael Chaney paid it the next day Christmas hoping it would solve this issue with the downed site The payment resulted in the site being available the next morning 11 In Autumn 2003 a similar good Samaritan helped Microsoft when they missed payment on the hotmail co uk address although no downtime resulted 12 In 2001 the Electronic Frontier Foundation s staff attorney Deborah Pierce criticized Microsoft Passport as a potential threat to privacy after it was revealed that Microsoft would have full access to and usage of customer information 13 The privacy terms were quickly updated by Microsoft to allay customers fears In July and August 2001 the Electronic Privacy Information Center and a coalition of fourteen leading consumer groups filed complaints 14 with the Federal Trade Commission FTC alleging that the Microsoft Passport system violated Section 5 of the Federal Trade Commission Act FTCA which prohibits unfair or deceptive practices in trade 15 Microsoft had pushed for non Microsoft entities to create an Internet wide unified login system 16 Examples of sites that used Microsoft Passport were eBay and Monster com but in 2004 those agreements were canceled 17 In August 2009 Expedia sent notice out stating they no longer support Microsoft Passport Windows Live ID In 2012 Windows Live ID was renamed Microsoft account 18 19 Features editMicrosoft account is the website for users to manage their identity Features of a Microsoft account include updating user s information such as first and last names address etc associated with the account updating user settings such as preferred language or preferences for email communications changing or resetting user passwords close the account view billing details associated with the accounts Integrated with edit The following is a list of computer programs and web services that support using Microsoft Account as the credentials required for the authentication process Windows 8 and later Windows Server 2012 and later Windows components Calendar Cortana Groove Music Feedback Hub Mail Movies amp TV Microsoft Store Outlook Express People Windows Messenger Windows Phone 7 and later Windows Phone Store Bing Exchange Online Exchange Online Protection Microsoft Office Microsoft 365 formerly Office 365 Office Online OneDrive formerly SkyDrive Outlook com formerly Hotmail Skype System Center Advisor Visual Studio Microsoft Azure formerly Windows Azure Windows Insider Program Windows Live Messenger Windows Movie Maker Windows Photo Gallery Xbox Network Web authentication edit On August 15 2007 Microsoft released the Windows Live ID Web Authentication SDK enabling web developers to integrate Windows Live ID into their websites running on a broad range of web server platforms including ASP NET C Java Perl PHP Python and Ruby 20 21 Support for OpenID edit On October 27 2008 Microsoft announced that it was publicly committed to supporting the OpenID framework with Windows Live ID becoming an OpenID provider 22 This would allow users to use their Windows Live ID to sign into any website that supports OpenID authentication There had been no update on Microsoft s planned implementation of OpenID since August 2009 23 however since November 2013 Microsoft have publicly participated in OpenID Connect interoperability testing 24 25 Security vulnerabilities editOn June 17 2007 Erik Duindam a web developer in the Netherlands reported a privacy and identity risk saying a critical error was made by Microsoft programmers that allows everyone to create an ID for virtually any e mail address 26 A procedure was found to allow users to register invalid or currently used e mail addresses Upon registration with a valid e mail address an e mail verification link was sent to the user Before using it however the user was allowed to change the e mail address to one that did not exist or to an e mail address currently used by someone else The verification link then caused the Windows Live ID system to confirm the account as having a verified email address That flaw was fixed two days later on June 19 2007 27 On April 20 2012 Microsoft fixed a flaw in Hotmail s password reset system that allowed anyone to reset the password of any Hotmail account The company was notified of the flaw by researchers at Vulnerability Lab on the same day 28 and responded with a fix within hours but not before widespread attacks as the exploitation technique spread quickly across the Internet 29 30 On December 3 2015 a security researcher discovered a vulnerability in the Adobe Experience Manager AEM software used on signout live com and reported it to the Microsoft Security Response Center MSRC This vulnerability enabled full administrative access to the AEM Publish nodes OSGi console and made it possible to execute code inside of the JVM through the upload of a custom OSGi bundle The vulnerability was confirmed to have been resolved on May 3 2016 31 See also editIdentity management Identity management system List of single sign on implementations Other identity services Active Directory Federation Services OpenID Light weight Identity Yadis Windows CardSpace Identity management Liberty Alliance OASIS organization Windows HelloReferences edit Upcoming changes to Windows 10 Insider Preview builds UPDATED 6 22 Windows Experience Blog June 19 2015 Retrieved April 17 2016 Microsoft Passport Streamlining Commerce and Communication on the Web What s the difference between a personal Microsoft account and a work or school account TECHCOMMUNITY MICROSOFT COM Retrieved October 4 2023 What is my user ID and why do I need it for Office 365 for business Microsoft Support support microsoft com Retrieved October 4 2023 Windows 8 The official review PCWorld Retrieved November 24 2023 Warren Tom November 20 2018 You can now sign into a Microsoft Account without a password using a security key The Verge Vox Media Retrieved November 27 2018 Why you need a Microsoft account or work or school account with Microsoft 365 or Office Microsoft Support support microsoft com Retrieved November 24 2023 Which account do you want to use Microsoft Support support microsoft com Retrieved November 24 2023 What s the difference between a personal Microsoft account and a work or school account TECHCOMMUNITY MICROSOFT COM Retrieved November 24 2023 Cameron Kim May 2005 The Laws of Identity Microsoft Retrieved July 9 2018 Chaney Michael January 27 2000 The Passport Payment Retrieved November 3 2007 Richardson Tim November 6 2003 Microsoft forgets to renew hotmail The Register Retrieved November 3 2007 Privacy terms revised for Microsoft Passport http www epic org privacy consumer MS complaint pdf bare URL PDF EPIC Microsoft Passport Investigation Docket http epic org privacy consumer microsoft passport html Microsoft had pushed for non Microsoft entities Microsoft Passport Dumped By Ebay Windows 8 Consumer Preview FAQ What is a Microsoft account Microsoft Retrieved August 2 2012 Microsoft account is the new name for what used to be called a Windows Live ID LiveSide net Windows Live ID Web Authentication Is Final Archived October 23 2008 at the Wayback Machine July 16 2007 Live ID Team blog announcement Windows Live ID Web Authentication SDK for Developers Is Released dead link July 15 2007 Windows Live ID Becomes an OpenID Provider Windows Live ID OpenID Status Update Microsoft publicly participates in OpenID Connect interoperability testing Microsoft 365 documentation Windows Live ID security breached on erikduindam com Microsoft Windows Live Flaw Opened Door to Scammers Archived May 18 2008 at the Wayback Machine Microsoft MSN Hotmail Password Reset amp Setup Vulnerability Archived from the original on January 6 2019 Retrieved April 28 2012 Twitter msftsecresponse On Friday we addressed a reset function incident to help protect Hotmail customers no action needed Bright Peter April 27 2012 Microsoft patches major Hotmail 0 day flaw after apparently widespread exploitation Ars Technica Archived from the original on October 6 2012 Retrieved October 21 2012 Remote Code Execution RCE on Microsoft s signout live com msn com addresses are only offered to MSN Dial up and MSN Premium customersFurther reading editCreating a Microsoft account Introduction to Windows Live ID whitepaper Provides a brief overview of the Windows Live ID service in the context of Microsoft s overall identity strategy Understanding Windows Live Delegated Authentication whitepaper Describes how a Web site can use the Windows Live ID Delegated Authentication system to get permission to access users information on Windows Live services Windows Live ID Federation whitepaper Describes the concept of identity federation and offers considerable detail about how the Windows Live ID service supports it External links editOfficial website Retrieved from https en wikipedia org w index php title Microsoft account amp oldid 1222764738, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.