HomeWinBuzzer NewsMicrosoft to Keep Accounts Logged In Starting February, Raising Security Concerns

Microsoft to Keep Accounts Logged In Starting February, Raising Security Concerns

Microsoft has overhauled its sign-in behavior to keep users logged in automatically, leaving public device users with added responsibility for security.

-

Microsoft will automatically keep users signed into their accounts starting February 2025, according to a recently updated support document.

The change eliminates the current prompt asking users whether they want to remain logged in after signing in. Instead, accounts accessed through browsers will now remain signed in indefinitely unless users log out manually or enable private browsing.

The company explained in its official documentation: “Starting in February 2025, you will stay signed in automatically unless you sign out or use private browsing.”

While the update aims to streamline access for users, it has raised concerns about potential security vulnerabilities, particularly for individuals using shared or public devices.

Related: Microsoft to Enforce Passkey Support in Authenticator by January 2025

Security Implications for Public and Shared Devices

The new policy shifts more responsibility to users, particularly those logging in from shared or public computers. Previously, accounts would log out automatically after a period of inactivity unless the user explicitly chose to remain signed in.

This safeguard is now removed, meaning any user who forgets to log out could leave their account exposed.

Microsoft recommends private browsing as a solution for accessing accounts on public computers. Private browsing, a feature available in most modern web browsers, ensures that login credentials and session data are not saved once the browser is closed.

Related: Windows 11 Expands Passkey Options with New Third-Party Support

However, this approach requires users to adopt new habits, which might not be intuitive for everyone.

For users who accidentally remain logged in, Microsoft has provided a remote sign-out feature available in its Advanced Security Options dashboard.

This tool allows users to log out of all active sessions remotely, across browsers, apps, and devices—excluding Xbox consoles. However, Microsoft warns that “sign out may take up to 24 hours” to complete, potentially leaving a window of vulnerability.

Notifications and Awareness

Microsoft has started notifying users of the upcoming change through in-app banners. For instance, Outlook on the web now displays a message stating: “Your sign-in experience is changing. You’ll stay signed in unless you use private browsing or explicitly sign out.”

While this notification highlights the key aspects of the update, its placement and subtle wording may not effectively alert less attentive users to the risks.

The update reflects a broader shift toward prioritizing convenience, but some critics argue that Microsoft has not done enough to ensure that users fully understand the implications of the change. Security experts have emphasized the importance of education and clear communication when introducing policies that could impact user safety.

This policy change aligns Microsoft with competitors like Google, which already keeps users signed in by default. Both companies have framed persistent sign-ins as a user-friendly feature, designed to reduce friction for those accessing their accounts on personal or trusted devices.

Related: How to Sign out of One Specific Google Account

However, the approach has sparked criticism in the past, with some arguing that convenience often comes at the expense of security.

Microsoft’s decision also highlights a broader trend in the tech industry, where companies increasingly shift security responsibilities to users. By offering tools like private browsing and remote sign-out as optional safeguards, Microsoft places the onus on users to proactively protect their accounts.

This strategy may appeal to advanced users but could leave less tech-savvy individuals vulnerable to mistakes.

Enhanced Security Options: Passkeys

To help mitigate potential risks, Microsoft encourages users to enable passkeys as an alternative authentication method. Passkeys, introduced in 2024, allow users to log in without traditional passwords. Instead, they rely on biometric authentication—such as facial recognition or fingerprint scans—or physical security keys.

Passkeys are designed to be both secure and user-friendly, eliminating common vulnerabilities associated with passwords, like phishing and brute-force attacks. Microsoft’s support page provides a step-by-step guide to setting up passkeys, making it an accessible option for users seeking additional protection.

The introduction of passkeys aligns with industry efforts to transition away from passwords altogether, as part of a broader push toward modern authentication methods. While the feature offers robust protection for personal devices, it may not fully address the risks associated with public or shared computers, where passkeys cannot replace the need for manual sign-outs.

Practical Advice for Users

For users concerned about the new auto sign-in policy, Microsoft recommends a combination of tools and practices to maintain account security. Private browsing is a straightforward way to prevent credentials from being stored on shared devices, while remote sign-out provides a safety net for those who forget to log out.

In addition, enabling passkeys adds an extra layer of protection, ensuring that accounts remain secure even if login credentials are compromised. Microsoft also advises users to regularly review their account activity and settings via the Advanced Security Options dashboard.

By adopting these measures, users can better navigate the trade-offs between convenience and security under the new policy.

Markus Kasanmascheff
Markus Kasanmascheff
Markus has been covering the tech industry for more than 15 years. He is holding a Master´s degree in International Economics and is the founder and managing editor of Winbuzzer.com.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x