30 Days with Surface Pro 3: Day 3
You might have noticed that the series isn’t called “30 Days with Windows 8.1”. The focus of today’s post, however, is Windows 8.1 because—just as it was when I reviewed the original Surface Pro—how you choose to log in to the Windows 8.1 operating system affects your Surface Pro 3 experience as well.
Local vs. Microsoft Account
When you create a new user account in Windows 8.1 you can choose to set it up as a Local account, or using a Microsoft account profile. Microsoft assumes—and strongly recommends—that you will use the Microsoft account.
A Local account stores your username and password only on the local PC. If you use a different Windows PC it will have no knowledge of the Local profile on your PC, and you won’t be able to log in. If you prefer a Local account you have to click “Sign in without a Microsoft account”, and click through a confirmation screen.
I agree with Microsoft, though. Much of the value of Windows 8.1—and in particular the value it brings to the Surface Pro 3—is a function of logging in using a Microsoft account. When you do so you gain integrated access to OneDrive cloud storage, and your desktop settings, apps, and other account features are synced online so you can log in to a similar experience from any Windows 8.1 system.
What’s more important from the perspective of the Surface Pro 3 is that the Microsoft account is required for many of the apps in the Windows Store—the apps you use from the Modern / Metro Start screen. Those apps aren’t absolutely necessary to use Windows 8.1, but they greatly enhance the operating system when it comes to using it as a tablet—as you will sometimes do with a Surface Pro 3.
Administrator vs. Standard
Conventional wisdom suggests that you use a Standard account for most of your activities. Administrator accounts have god-like privileges that enable them to do virtually anything on the machine, while Standard accounts have much more limited permissions that allow them to run the applications they need to run, but restrict them from making configuration changes to most aspects of the Windows system.
Most exploits and malware are only capable of accessing the system in the context of the logged in user. If you’re logged in as an Administrator, the exploit or malware will have carte blanche access to the system, but if you’re logged in as a Standard user the threat will be contained to some extent.
Even if you are logged in as an Administrator, UAC (User Acceptance Control) provides additional protection, and requests additional confirmation. If malware attempts to perform functions on the system, UAC notifications should alert you that something bizarre is going on.
One of the nice things about a Windows 8.1 tablet like a Surface Pro 3 over a device like the iPad is the ability to have separate, unique user accounts. When you create an account in Windows 8.1, there is a link at the bottom you can use to “Add a child’s account.”
When you click that link, you can add an account for a child—with or without an associated email address since some parents may not want their son or daughter to have an email address yet. A child’s account allows you to configure parental controls on the account to restrict the websites it has access to, monitor computer usage, and limit when the child is able to use the computer. You can view and configure the parental controls, and generate reports from Microsoft’s Family Safety website.
Windows 8.1 lets you use gestures on a picture—a unique pattern of swiping on the display—as a form of authentication. The picture password comes in handy with a Surface Pro 3 because it is much easier and more intuitive to log in by swiping a pattern on the display when using the device as a tablet.
At least that’s the theory. I found it difficult to repeat the pattern I created successfully. You have to repeat it in order to confirm the pattern as the picture password, and then you have to be able to repeat the pattern when you want to log in. My pattern just involved a small circle, a diagonal swipe, and a larger circle, but I got frustrated trying to log in with it and just typed the damn password the old-fashioned way.
When you use a picture password you still have to set a traditional password as well, though. Make sure you follow password security best practices and choose a strong password. Even if you don’t plan on using it, anyone can choose to bypass the picture password and login using the traditional password.
If you really want to lock a Windows 8.1 system like a Surface Pro 3 down, you can use Assigned Access. An Assigned Access account is only granted access to a single app. The designated app has to be a Windows 8 Store app—not a traditional Windows desktop application.
Assigned Access is good for businesses that want employees to use the Surface Pro 3 purely as a point-of-sale system, or for situations like a kiosk where you want users to be able to access the Web browser, but no other apps or settings on the device.
The bottom line for logging in to Windows 8.1 on a Surface Pro 3 is that you should choose a Microsoft account instead of a Local account, and it’s probably a good idea to use a Standard account for your day-to-day activities, and maintain a separate Administrator account you use only when you need to change system settings.