Worries about tracking my Microsoft account on a Windows 8 device
Worries about tracking my Microsoft account on a Windows 8 device
If you log into your Microsoft account on a Windows 8.1 machine and hand it over with physical access to the hard drive, someone without your password could potentially take control of your software and data. They might be able to download files from OneDrive, upload content to your account, or alter the synced data.
They likely could only view what was stored on the drive then, but I’m not a hacker so if there were methods to reach your Microsoft account, I probably wouldn’t have any idea.
Before proceeding, consider setting up a regular user profile, logging out of your current session, and allowing someone else to manage it. You might also enable two-factor authentication for your Microsoft account. This ensures that any unauthorized login attempts will prompt a verification step, such as a text message or automated call, requiring you to enter a code for access.
Focus on the information that can be extracted from a compromised MS account on a compromised Windows system. The primary concern is likely a keylogger capturing keystrokes, but other data such as saved credentials, emails, or files might also be accessible. Assess potential harm beyond just login credentials.
When you disconnect your Microsoft account across all applications and switch to a local account (available via PC Settings), the associated credentials become inactive. This prevents other users from accessing data stored outside your system or altering your OneDrive. Nevertheless, the other person can still remove files from OneDrive and, upon logging back in, will detect the absence of those files and delete them.
To restrict local file access, utilize Windows encryption. Select a file, right-click, choose Properties, then go to the Advanced settings under General. Check the encryption option. Initially, Windows creates a certificate requiring you to back it up. This certificate is crucial for decrypting files and restoring access if needed.
For new systems or reinstalled Windows, double-click the certificate, enter your password, and proceed. A Pro version of Windows is necessary for encryption functionality.
Encryption alone cannot stop someone from deleting data entirely. To block deletion, maintain an account—especially an admin account. If the account is non-admin, encryption offers limited protection since an admin can still remove files. However, without encryption, your drive could be copied to another machine or computer, allowing unauthorized access.
If you disable permissions, others may alter file settings, which is why admin rights are essential. If the account lacks admin privileges, it cannot modify your data. But if you set strict restrictions, the user must use the correct credentials, and any changes require proper authorization.
Backups remain your best safeguard. Without them, even with encryption, data loss becomes a risk. For added security, consider using multiple accounts: one for daily access and another as an admin to manage settings. This approach minimizes risks while maintaining flexibility.