If you've been using the Windows 8 Consumer Preview, no doubt you've toyed with the idea of using a Microsoft Account log-in -- most commonly a Hotmail or Windows Live email address. But have you stopped to consider what happens if your Hotmail account gets hijacked?
I'm not concerned about computers connected to the domain. I'm worried about the mobile folks, the ones who work off the grid. They face an interesting challenge in Windows 8.
Windows 8 stacks the deck, trying to convince people to log on with an email address. Microsoft has rebranded many old accounts -- Windows Live ID, Hotmail ID, Zune, and Xbox Live IDs -- into a shiny new "Microsoft Account." When you sign in to Windows 8 with your Microsoft Account, you can download apps from the Windows Store and get into your SkyDrive data with just a click. Microsoft also synchronizes many of your settings -- including legacy desktop and Metro appearances and other settings -- IE favorites and history, Web sign-ins, and so on.
If you log on to Windows 8 with a regular Local user ID and password, you're a second-class citizen. The Music app sniffs, "To get the most from this app, switch from your local account to a Microsoft account." You have to sign in to the Microsoft Store. SkyDrive asks for a sign-in -- photos, too. It's definitely to your advantage to set up a Microsoft Account and use your Hotmail or Live email address. (You can use any email address as a Microsoft Account, in fact, but the Windows 8 directions don't mention that option.)
Here's the problem.
I get complaints almost every day from people who have been locked out of their Hotmail accounts. Nine times out of 10 they've been careless with the password -- reusing their Hotmail password on other sites, for example, or typing it on a machine of dubious pedigree. Some scammer grabs the password, logs on to Hotmail, and commandeers the account. Within minutes, every address in the Hotmail contact list receives a message that says, "Help I've been mugged, send $500 via Western Union." Invariably the scammers change the password, so they can use the account while the owner's wondering why he or she can't get in.
