6 days ago
4
Those of you who use a Microsoft account to sign in to Microsoft websites should be aware of an upcoming change that could put your security at risk. In a recent update to a support page on using a Microsoft account, the company signaled a new sign-in process.
"The web browser sign-in experience is changing when you sign in to any product or service using your Microsoft account," Microsoft said on the page. "Starting February 2025, you will stay signed in automatically unless you sign out or use private browsing."
Also: Windows 11 24H2 bug list updated: One fixed, 12 to go
When you currently log in to a supported page with your Microsoft account, you're asked if you want to stay signed in. Answering yes means you don't have to sign in again the next time you open the same page. Answering no clears your login credentials, meaning you'll have to sign in manually the next time.
No longer given a choice
The change due in February means you will no longer be given a choice. If you don't want the browser to remember your login credentials, you'll have to manually log out or open the page in private browsing mode. Assuming you use a Microsoft account, this change will affect your Microsoft account page, Microsoft 365, Outlook, and a host of other Microsoft websites and apps.
On your own personal PC, you may want to stay logged in on a specific page to avoid the hassle of entering your credentials each time. But what about a public or shared computer or a laptop you carry and use outside your home or office?
Also: How to set up God Mode in Windows 11 - and the wonders you can do with it
In those cases, an automatic logout protects your security and privacy from anyone who gains access to your PC -- either maliciously or inadvertently. Plus, if you typically use an authenticator app or security key, staying logged in means you will no longer be asked for that second form of authentication.
Managing your own security
With Microsoft soon to make this change, you'll have to get used to managing your own security. To manually log out of a website signed in with your Microsoft account, look for an icon with your initials. Depending on the page, sometimes it's in the upper right; other times, it's in the lower left. Click that icon and then click "Sign out." You'll then want to close all open browser windows.
Opening a page in private browsing mode varies slightly based on the browser. In Chrome, click the three-dot icon in the upper right and select "New incognito window." In Edge, click the three-dot ellipsis icon and select "New InPrivate window." In Firefox, click the three-lined hamburger icon and select "New private window." And in Safari on an iPhone or iPad, tap the Tab icon and then select "Private."
Also: Microsoft is forcing Windows 11 24H2 update on all eligible PCs, but is it stable enough?
After logging into a site with your Microsoft account in private mode, your credentials are automatically removed after you exit the site.
Another secure option is to use a passkey, which Microsoft supports across its websites. To set this up, check out the directions in Microsoft's support page on signing in with a passkey.
English (US) ·