MicrosoftIn the first place - your very introduction of the feature of auto sign-in using same credentials is a security risk to users and your own corporation - an idea I again find inexplicable that someone within the ranks of Microsoft would be suggesting as a feature for your product.
Because wasn't the standard security advice given to us all along to log out asap once we finish using so we don't forget and end up having someone gain access?
That was the norm for years. And suddenly you introduce this feature - or rather Google starts it first and you catch on eventually - and all this while, that old standard reminder of logging out after use still gets trotted out as security reminder whenever it fits the occasion but conveniently omitting the fact your business practices and new feature ideas are all completely at odds with it.
You introduce a feature that was never needed by users, and then introduce authentication cookies as a fix and added security bla bla and continue to introduce fixes and make users aware of problems in security from the last unnecessary feature idea and all of these are things you don't explain properly to users what it authenticates, why you continue to introduce features that basically let you identify the computer per user identity - when the question I really want to ask is:
1. Was that auto sign-on for features across platforms even a worthwhile business idea for Microsoft if it has to involve this many security fixes and patches and now a new split process for Europe just to fulfil some new Digital Law which Europe strangely also doesn't explain exactly why they are so concerned about this feature. We own the computer, we bought it and we are signing in - why do they feel they had the need to interfere in this entire process by stepping out to say they are concerned as a regulatory authority. Are we not using the computer ourselves of our own volition? Do users not understand the risks of e-theft or hacking - we have known this was a risk all along pre or post internet. Why are we being infanticized like this by regulatory authorities that frankly have no business interfering.
2. Wouldn't it be easier to just remove the auto-sign synced feature - cuz it sounds to me it was just a bad business idea in the first place. Convenience that requires the effort of just keying in my username and password everytime I want to use something - is not something that is worth any security risk for me in my opinion - so this whole idea from the get-go was just a stupid one - one that leads to security risks, wasted business processes internally to fix it again and again and now involving Microsoft in having to tangle and comply with some murky European law.
I'm sure some users find it useful - but again, I'm also your user - I don't think convenience that was really unnecessary because keying in credentials per each use is a logical step, albeit tiring for some but logical - it isn't a waste. So how can any form of risk be worth a feature that purports to skip such a simple 10 second step. I don't understand at all.
We are told to remember our own passwords and to make complicated ones - all of Tech's advancement on authentication, 2FA - all supposedly to increase security for us as users to avoid our accounts getting hacked apparently still boil down to me having to remember my own password and to make increasingly difficult ones.
Where is the business worth and value to Microsoft on this idea? I want to know because I am beginning to suspect shenanigans and business sabotage internally in your company - which will affect me as your end user because it compromises my individual security.
You list out the steps in your advice as if logical and matter-of-fact. What difference are your steps compared to me a user who never had auto-sign as a feature and now travelling to Europe and signing in afresh as I am required to, so long as I shut the browser or am inactive after a while - just like before?
There is no difference - except for all the windows and options you mention which are completely redundant because they basically leave me in the exact same position I would have been without the auto-sign feature at all, per the old days and the wasted time I spend reading this - familiarizing myself with it to see if there's anything important for me as a user - not to mention the wasted company resources and salaries you pay for your staff to be working on this.
Where is the business worth to Microsoft in introducing these sort of feature in your products. You are an OS software provider in the first place - why do you keep doing things that compromise your own business security and ongoing viability? Why does Windows 10 have suggestions on the right column of its Settings on simple things like how to change your taskbar appearance with Get Help from the Web to know how to change this and that? Things you had on previous Windows explained simply in a few lines within the console directly.
Why are you redirecting me to the internet for a Settings option tweak on your own product? And none of the links direct me to even a Microsoft website but a search result - okay - so that link is redundant then - cuz I can google myself separately? You are basically telling me I should be asking random interneters and checking out random tech forums run by unknown individuals on how to tweak your Settings? That they would know better than you?
Even blogs like this run by Microsoft that discusses security problems and fixes - I'm not a fan of it. Because I own the product - the security risk not only involves Microsoft but me - shouldn't Microsoft just be quietly fixing it and giving it to me in an update automatically via my computer instead of publicizing and openly discussing this as if this is a topic suitable for open chatter over a social dinner discussion? What am I missing here?
Isn't the computer I bought that comes with your OS installed supposed to be a complete product? With all necessary instructions an end-user would be interested in knowing contained therein so I won't be stuck, unable to progress just cuz I have no internet access to check or get help from the Web? Isn't your OS and MS Office meant to work just as well for people who only have a computer and no internet access - as it did before?
You used to have MS Win and MS Office pre-installed, together with the CD given to us - which makes sense to us end-consumers because nobody likes having to hunt down pirated copies online for Office whenever we reformat or something breaks and we never had to unless we just wanted a newer version and if it didn't work out, we still had our CD to reinstall - because we bought a complete product, manual included.
If you're worried about getting accused by disingenuous parties of anti-competitive implications ala Netscape - then let the end-users decide. Computers that come preinstalled with everything cost a bit more - if we don't want Office included, it's a bit cheaper. So there's a price to pay and consumers who buy want it - those who don't, get the one without.
Why wasn't the solution for this originally - to include a legal requirement that computer sellers must give a disclaimer and warning notice to every customer that there are other alternatives out in the market that might be cheaper and just as useful as windows & office - that would have solved a lot of problems wouldn't it? Why didn't those businesses who felt Microsoft was violating anti-trust principles as the market dominant just go round to those same computer manufacturers and make a deal with them to offer their software either as primary OS installed or maybe as a secondary CD - try this out - they could have done that.
None of this makes sense - increasingly so.
