Every person who uses your computer is called a user, and each user should have his or her own user account on the computer. Giving each person a user account is a lot like giving each person his or her own separate PC, but a lot cheaper. Each user can personalize the desktop and other settings. Each person can have his or her own separate collection of pictures, music, videos, and other files. Each user can also set up his or her own separate e-mail account.
User accounts allow parents to create and enforce parental controls in Windows 8.1. This is a great tool for parents who can’t always monitor when and how children use the computer. Parental controls allow you to control and monitor children’s computer use 24 hours a day, 365 days a year, even when you’re not around to do it yourself.
User accounts also add a level of security to your computer. Many security breaches occur not because of a problem with the computer or Windows, but because the user is in an account that grants malware (bad software) permission to do its evil deeds. Of course, people don’t realize that they’re granting permission because the program doesn’t ask for permission. It gets its permission automatically from the type of user account you’re currently logged into.
Creating and managing user accounts is easy. But before getting into the specifics of all that, let’s take a look at how you, as a user, experience user accounts.
4.1 Logging In and Out of User Accounts
When you start your computer, Windows 8.1 presents you with the Lock Screen. This screen shows a background picture and can run background apps such as a calendar app or mail app before you log in. To advance beyond the Lock Screen, click a mouse button, gesture down (press the down arrow on your keyboard), press the spacebar or press Enter. You’re shown the login screen. At this screen, the last user logged in at that computer will display. If you have multiple user accounts on your computer, you can choose to log in using the previous user account (if that’s you) or select a different user.To log in, enter the password for the chosen account and press Enter or click the arrow at the right end of the password text box. If you want to log in using a different login name, click the left arrow to see a list of all the users who have logged into this computer. Select the user you want to log in as, and then enter that user’s login credentials to start Windows 8.1.
For accounts that don’t have an associated password, simply click the name for that user, and Windows loads to the Windows 8.1 Start screen.
4.1.1 Where am I now?
To see the name of the user account you’re currently logged into, look at the top-right corner of the Windows 8.1 Start screen. In Figure 4.1, the user account name is Jeffrey, but it could be any username set up on your computer. If Windows 8.1 came pre-installed on your computer, it might be a generic name, such as Owner or User.4.1.2 Switching accounts
You have a few different ways to switch from the account you’re currently logged into to another account (assuming that you have more than one user account on your computer already).The quickest way is to display the Start screen and then click your account name at the top of the screen. Figure 4.2 shows an example of a list of users. You can use the following methods to change users:
• Click Sign Out. This option logs you out of Windows and sends you to the Windows startup screen. Press Enter, slide the screen up, or roll the mouse button down to display the sign on screen. Select a username by clicking the back arrow to display all users set up on this computer.
• Click a username. When you click your username at the Start screen, all user accounts for your computer appear. Click the name you want to switch to. Windows suspends the current user and displays the login screen for the selected name. Enter the password for that username to continue.
• Sleep: This option saves the system state to disk and powers down the computer, but the computer can be restored more quickly than shutting down and starting up.
• Hibernate: This option saves all active data to the hard drive and then shuts down all the electronics that are no longer needed. The state is similar to sleep because very little power is used; however, it takes longer to start back up because the active data needs to be loaded back into RAM from the hard drive.
• Shut Down: This option closes all open programs and shuts down the computer. Press the power button to restart the computer and show the login screen. The Power Options\System Settings applet allows you to decide what the power button does when you press it. You may need to change your computers BIOS configuration as well.
• Restart: This option closes all programs, shuts down the computer, and then restarts the computer to the login screen.
4.2 Sign-in Options
Windows 8.1 provides you with four sign-in options, available from a new link in the Account area in PC Settings. To access the options, click the Settings Charm button and then click the Change PC Settings link at the bottom of the page.The four options are:
The Sign-in Options page is shown in Figure 4.4.• Password: This link takes you to the page where you can create and manage your passwords (see the next section).
• Picture password: This link takes you to the page where you can create and manage a picture password (see Picture Passwords later in this chapter).
• PIN: Clicking this link prompts you for your password, after which you can enter and confirm a number to log on with.
• Password policy: This link toggles the option to force Windows 8.1 to request a password when the PC wakes up.
4.3 Creating Strong Passwords
We talk about techniques for creating, managing, and password-protecting user accounts, but before we get into the details, it might be worthwhile to talk about passwords in general. Not just passwords for user accounts, but for all types of accounts you create, including online accounts.A password that’s easily guessed is a weak password. A strong password is one that’s not easily guessed and is immune to password-guessing attacks. The two most common forms of password-guessing attacks are the dictionary attack and the brute-force attack. Both types of attacks rely on special programs that are specifically designed to try to crack people’s passwords and gain unauthorized entry to their user accounts.
The dictionary attack tries many thousands of passwords from a dictionary of English terms and commonly used passwords. The brute-force attack tries thousands of combinations of characters until it finds the right combination of characters needed to get into the account.
Admittedly, both types of attacks are rare in a home PC environment. They’re also easily frustrated by common techniques such as forcing a person to wait several minutes before trying again after three failed password attempts. Nonetheless, the general guidelines used to protect top-secret data from password-guessing attacks can be applied to any password you create. A strong password is one that meets at least some of the following criteria:
• It is at least eight characters long.Again, we realize that few people need Fort Knox–style security on their personal PCs. You don’t want to come up with a password that’s difficult to remember and a pain to type. But any steps you take to make the password less easy to guess are well worth the effort. Some websites offer password checkers, programs that analyze a password and tell you how strong it is. See www.microsoft.com/security/pc-security/passwordchecker.aspx for an example. Or go to any search engine, such as www.google.com, and search for “password checker.”
• It does not contain your real name, user account name, pet name, significant date (such as birthday), or any name that’s easily guessed by other family members or co-workers.
• It does not contain a word that can be found in a dictionary.
• It contains some combination of uppercase letters, lowercase letters, numeric digits, and symbols (such as !, &, ?, @, and #).
4.3.1 Remembering passwords
The most common problem with passwords is forgetting them after the fact. When you set up a password for a website, you can usually be reminded what the password is just by clicking an “I forgot my password” link at the sign-in page. But there is no such link for passwords that protect your Windows user accounts. Therefore, it’s extremely important that you not forget your Windows passwords!Before you password-protect a user account, take the time to come up with a password that you (or the user) can remember. Make sure you use exactly the same uppercase and lowercase letters that you’ll be typing. Windows passwords are always case sensitive, which means uppercase and lowercase letters count!
For example, say you jot down your password as Tee4me!0 (where that last character is a zero). But later you type it in as tee4Me!o (with the last character being the letter o). Still later, you forget the password and dig out the sheet of paper. The tee4me!o you wrote down won’t work, because the password is actually Tee4Me!0.
4.3.2 Devising a password hint
With Windows passwords, you can specify a password hint to help you remember a forgotten password. But still, it’s tricky. Anyone who uses your computer can see the password hint. So, the hint shouldn’t be so obvious that it tells a potential intruder what the password is. By the same token, the hint might trigger your basic memory of the password. But perhaps not the exact uppercase and lowercase letters you used.Writing down your passwords isn’t a good idea, because other people may be able to access them. But if you need to keep track of multiple passwords, consider using a password-protected Excel spreadsheet to store all your passwords. Then, you only need to remember one — the password for the Excel file. There are also password-keeper applications available that achieve the same result.
Okay, that’s enough general advice about passwords. Next, you need to find out about types of user accounts.
4.4 Picture Passwords
Picture passwords were introduced in Windows 8, and Windows 8.1 extends this new way to log into your computer. Picture passwords are designed to be used with touchscreen PCs and tablets so you don’t have to type in characters. Instead you choose a picture, draw a combination of three gestures on the picture that become your “password,” and then save those combinations with that picture. You use those gestures to gain access to your computer, much like what happens when you type in a password on your keyboard.4.4.1 Creating a picture password
You set up a picture password through the Accounts area in PC Settings. Click on the Sign-in options link and then click Add to display the Create a Picture Password dialog box (shown in Figure 4.5). Type your user password and click OK to verify your password. You’re now ready to select a picture and set up gestures to create the picture password.Click Choose Picture and select a picture you want to use. Click Open to see the picture. Figure 4.6 shows an example of a picture that can be used for setting a picture password.
It’s time to draw the gestures to create the combination you want to use for the password. You can draw any combination of these three gestures: taps, circles, and straight lines. Figure 4.7 shows the screen for setting up your gestures. You’ll want to remember the following when you set up the gestures:• Position of the gesturesFor example, on a picture of the flag of the United States, the following are suggested gestures:
• Size of the gestures
• Direction of the gestures
• Order in which you make the gestures
• Draw a circle around three stars on the flag
• Tap the lowest white strip
• Draw a straight line from the top-right corner of the blue border down to the bottom of the lower red stripe
As you draw each gesture, Windows does two things. First, it shows each gesture using a white outline arrow for straight lines, a white circle outline for circles, and a white dot for taps. Second, it shows the sequence of each gesture as 1, 2, or 3.If you make a mistake, click Start Over and restart the gestures.
After you complete the gestures once, you must confirm them before they’re saved. Simply repeat your three gestures. If you forget one, click Start Over and redraw the gestures — and be sure to remember your gestures this time!
When you successfully redraw the gestures in their correct order, click the Finish button. You’re returned to the Users screen of PC Settings.
4.4.2 Testing your picture password
After you create a picture password, it’s a good idea to test it soon to commit the gestures to memory. To do this, return to the Windows Start screen and sign out. Sign back into your account, this time using the gestures on the picture that displays. After you draw the correct gestures of your picture password, you’re presented with the Windows Start screen.4.5 Types of User Accounts
Windows 8.1 offers five basic types of user accounts: the built-in Administrator account, user accounts with administrative privileges, standard accounts, the Guest account, and the new Child account, which is set up in the Family Safety features of Windows 8.1. They vary in how much privilege they grant to the person using the account.
4.5.1 Microsoft accounts
With Microsoft accounts, you have the greatest flexibility for taking advantage of many of the newest Windows 8.1 features. To set up a Microsoft account, you must use a valid e-mail address. You can use an existing account, such as one you use at your office or a third-party account such as Gmail, Yahoo! Mail, or something similar. If you don’t have one, you can set up an e-mail account during the Windows 8.1 user account setup.A Microsoft account provides the following features:
• Allows you to log in to a computer on which you haven’t previously set up a user account. (Conversely, with local accounts, you must set up a local account on each computer on which you want to log in.)
• Provides access to Microsoft services like Xbox Live, Windows Phone accounts, and SkyDrive.
• Enables you to download apps from the Windows Store.
• Syncs settings across multiple computers. For example, if you work on two or more computers, logging in with the same Microsoft account on each one will enable you to keep your favorites, history, sign-in info, and languages synced between the two computers.
• Enables you to access your files and photos from multiple computers.
4.5.2 Local accounts
Local accounts are used when you do not need to keep computers synced. When you use local accounts, you set up accounts for each user that will be using a computer. If you need to set up one account that can be used on multiple Windows 8.1 computers, you must set up Microsoft accounts.Local accounts are also limiting in that you cannot use them to access the Windows Store to download apps, or services like SkyDrive. Again, to access Windows Store apps, you must set up and use a Microsoft account.
4.5.3 The built-in administrator account
A single user account named Administrator is built into Windows 8.1. This is not the same as an administrative account you create yourself or see on the login screen. This account is hidden from normal view. It doesn’t show up on the usual login screen.The built-in Administrator account has unlimited computer privileges. So, while you’re logged in to that account, you can do anything and everything you want with the computer. Any programs you run while you are in that account can also do anything they want. That makes the account risky from a security standpoint, and very unwise to use unless absolutely necessary.
In high-security settings, a new computer is usually configured by a certified network or security administrator who logs in to the Administrator account to set up the computer for other users. There, the administrator configures accounts on the principle of least privilege, where each account is given only as much privilege as necessary to perform a specific job.
When the administrator is finished, he or she typically renames the built-in Administrator account and password-protects it to keep everyone else out. The account is always hidden from view, except from other administrators who know how to find it. All this is standard operating procedure in secure computing environments, although hardly the norm in home computing.
In Windows 8.1, you really don’t need to find, log in to, and use the built-in Administrator account unless you’re an advanced user with a specific need, in which case you can get to it through Safe Mode. As a regular home user, you can do everything you need to do from a regular user account that has administrative privileges.
4.5.4 Administrative user accounts
Most of the time when you hear reference to an Administrator account in Windows 8.1, that reference is to a regular user account that has administrative privileges. This is an account that has virtually all the power and privilege of the built-in Administrator account. But it also has a lot of security built in to help thwart security threats that might otherwise abuse that account’s privileges and do harm to your computer.Ideally, you want to create one user account with administrative privileges on your computer. If you intend to implement parental controls, you’ll need to password-protect that account to keep children from disabling or changing parental controls.
4.5.5 Standard accounts
A standard user account is the kind of account everyone should use for day-to-day computer use. It has enough privilege to do day-to-day tasks such as run programs, work with documents, use e-mail, and browse the web. It doesn’t have enough privilege to make changes to the system that would affect other people’s user accounts. It doesn’t have enough privilege to allow children to override parental controls. And most important, it doesn’t have enough privilege to let malware such as viruses and worms make harmful changes to your system.If you use a standard account all the time, and use a built-in administrative account only when absolutely necessary, you’ll go a long way toward keeping your computer safe from Internet security threats.
4.5.6 Guest account
The optional Guest account exists to allow people who don’t regularly use your computer to use it temporarily. Basically, it lets them check their e-mail, browse the web, and maybe play some games. It definitely won’t let them make changes to your user account or anyone else’s. Its limited privileges also help protect your system from any malicious software they might pick up while online.4.6 Creating and Managing User Accounts
The best way to handle user accounts is for one person to play the role of administrator, even if that person isn’t a professional. In a home environment, it would most likely be a parent who needs to define parental controls. It’s best to log into a user account that already has administrative privileges to get started. If you have only one user account, or you’re taken straight to the desktop at startup, then that account probably has administrative privileges.
As with most configuration tasks, you create and manage user accounts through the Control Panel. There are several pages you can use, and several ways to get to them. As always, there is no right way or wrong way. No good way or bad way. You just use whatever is easiest and most convenient for you at the moment. Here are a couple of ways to navigate to options for managing the user account you’re logged into at the moment:• Display the Charms Bar, click Search, select Settings from the drop-down link, type user in the search box, and click Change User Account Control settings.
• Display the Charms Bar, click Search, click Settings, type user in the search box, and click Make Changes to Accounts.
A Control Panel applet appears that lets you make changes to an account as shown in Figure 4.8.To create a new user account from this applet, click Add a New User in PC Settings. If you’re in a standard account on a computer that already has a password-protected administrative account, you’ll have to enter the password for the Administrator account. Or, if the administrative account doesn’t have a password, press Enter to leave the password box empty. You end up in the Manage Accounts page. (You can also get to accounts management options from the Accounts page in PC settings.) There, you see an icon for every user account on your system. You can also see each account’s type. Figure 4.9 shows an example with three administrative accounts and one standard account (the Guest account icon also appears, but it’s disabled on this computer).
4.6.1 Creating a Microsoft user account
Creating a new Microsoft user account is easy. You should have one standard account for your day-to-day computing, plus one standard account for every other person who will use your computer. Microsoft accounts require passwords, so you must set up a password when you create a new Microsoft account.Keep in mind that each user account has its own collection of files, Xbox Live, SkyDrive, Windows Phone information, apps, and various other settings and services from Microsoft.
To create a new Microsoft user account, display the Charms Bar, click Settings, click Change PC Settings, click Accounts, and then click Other Accounts. The Manage Other Accounts page is shown in Figure 4.10.Click Add an Account and you arrive at the sign-in option screen shown in Figure 4.11. Enter an e-mail address for the user account. If you don’t have an e-mail address, see the next section.
After you type an e-mail address, click to complete the account creation process. You can repeat the process to create as many user accounts as you wish.
4.6.2 Creating a new e-mail address for a new user account
If you don’t have an e-mail address, you can set one up as you create a new Microsoft user account. To do this, click the Manage Other Accounts link on the Accounts page, and then click the Sign Up for a New Email Address link (see Figure 4.12 for this link). The Create a Microsoft Account page appears, as shown in Figure 4.12.
Windows 8.1 enables you to set up a new outlook.com, hotmail.com, or live.com e-mail address. Enter an e-mail address and then select one of the options from the drop-down list. Enter a new password (re-enter the password), your first and last names, your country, and your ZIP code. Click Next to show the general and security information pages, as shown in Figure 4.13. Here you can enter mobile phone information, an alternate e-mail address, and a secret question/response in case you need to recover your password. You must provide at least two of the three verification methods to continue.Enter your birth date, gender, and a list of characters and/or words to ensure that a human is filling out the Microsoft account page. Click Next to display the Communication preferences page, as show in Figure 4.14, and then click Finish to complete the new Microsoft account setup procedure. After some final communications options, you’re returned to the previous Manage Accounts page or the Users Settings page, where you see that the new user account has been added to the system.
4.6.3 Creating a local account
If you don’t want to set up a Microsoft account to sign in to Windows, you can set up a local account. To set up a local account, click Other Accounts from the Accounts page (refer to Figure 4.10), and then click Add an Account on the Manage Other Accounts page and then click the Sign In without a Microsoft Account link at the bottom of the page. The Add a User page appears.Click Local Account to display the Add a User page. Enter a username, type a new password, re-type the password, and enter a password hint, such as a word or phrase that will help jog your memory in case you forget your password later. With a local account, you aren’t required to enter a password, but we recommend that you do. Click Next to create the user and then click Finish to return to the Manage Other Accounts page.
4.6.4 Changing user accounts
When you create a user account, you’re just giving it a name and choosing a type. After you’ve created a user account, you can change it to better suit your needs. Use the Accounts applet page shown in Figure 4.8 or the Accounts screen shown in Figure 4.10 to make changes to accounts.
4.6.5 Changing a user account type
You can change an Administrator account to a standard account, or vice versa, from the main Accounts page. For example, if you’ve been using an administrative account for your day-to-day computing since buying your computer, you might want to change it to a standard account for the added security that a standard account provides. At least one user account must have administrative privileges, so you can make this change only if you have at least one other user account on the system that has administrative privileges.To change an account’s type, click the account’s icon or name on the Accounts page. First, you’re taken to the Change an Account page. As you can see in Figure 4.15, that page lets you change the account in a number of ways, or even remove the account.
Click the Change the Account Type link to change the account from an administrative account to a standard account or child account, or vice versa. To change the account type, click OK after making the selection.
4.6.6 Password-protecting an account
You have the option to set up local accounts without password protection (Microsoft accounts require passwords). If you share your computer with other people, chances are, you’ll want to keep some people out of the Administrator account. Likewise, you’ll want to keep some users from having administrative privileges. This is especially important with parental controls. If the administrative account isn’t password-protected, it won’t take long for the kids to figure out how to bypass any controls you impose.
To password-protect a user account, go to the main page for the user account. For instance, if you’re on the Accounts page, click the user account you want to password-protect and then click Sign-in Options. You’re taken to the page that lets you change the password. Or you can open the Create Password applet like the one in Figure 4.16. If you’ve been using the account for a while without a password, heed the warnings. If it’s a brand-new account, you don’t have anything to worry about.To password-protect the account, type your password in the New Password text box. Then press Tab or click the Confirm New Password text box and type the same password again. You won’t see the characters you type, just a placeholder for each character.
If you see a message indicating that your passwords don’t match, you’ll have to retype both passwords. Make sure you type the password exactly the same in both boxes. Then click the Create Password button. You’ll be taken back to the main page for the user account when you’ve successfully entered the password in both boxes and provided a password hint.
You can repeat the process to password-protect as many accounts as you wish. If you’re creating user accounts for people other than yourself, set a default password for the account and then let them manage their own passwords. In our opinion, every account should have a password.
4.6.7 Changing the account picture
Every user account has an associated picture. The picture is like an icon, giving you a quick visual reference without having to read the name. The picture you choose can be any one of several built-in pictures, or it can be a picture of your own choosing.If you decide to use your own picture, try to avoid using one that comes straight from a digital camera. The file size on such pictures is really too large for a user account picture.
Your best bet would be to crop out a section from a photo, and size it to about 100 x 100 pixels. The picture you choose must be a JPEG, BMP, GIF, or PNG file type.
To change the picture for a user account, use the new Windows 8.1 User Settings by displaying the Windows Charm and clicking Settings. Next, click Change PC Settings to display the PC Settings page, which is shown in Figure 4.17.
Click Accounts and then click Your Account. Figure 4.18 shows the Account Picture, which is the current picture of the selected user (or the default image if you didn’t select one). Click Browse and then select the area on your computer to locate a new picture. For example, click This PC, and then Pictures to display your Pictures folder. Click the picture you want to use and then click Choose Image as shown in Figure 4.19.You also can use an attached webcam to snap a picture or a five-second video to use as an account picture. To do this, you must have a webcam connected to your computer. On the same page, under Create a Picture, click Camera to start your camera (of course, this won’t work if you don’t have a camera or webcam working on your computer):
The picture or video you selected replaces the original picture.• To snap a still picture, click the screen. Use the cropping and resizing tools to select the portion of the picture to use. Click OK to save that picture as your new account picture.
• To take a five-second video, click Video Mode and click the screen to start the video. Click the screen again to stop the video and to review the video. Click Retake if you aren’t satisfied with the video. Click OK when you want to keep the video and to set it as your account picture.
4.6.8 Enabling or disabling the Guest account
The Guest account is for anybody who might need to use your computer on a temporary basis. For example, with a home computer, you might set up a Guest account for houseguests so that they can check their e-mail, browse the web, and such. The Guest account has very limited privileges, so you don’t have to worry about guests messing things up while using your computer.The Guest account is turned off by default. You can keep it that way until you actually need it. To activate the Guest account, go to the Manage Accounts Control Panel page and click the Guest Acount icon. Then choose Turn On. Likewise, should you ever need to disable the Guest account, click its icon on the Manage Accounts page and then click Turn Off the Guest Account.
4.6.9 Navigating through user account pages
In Windows 8.1, user account management involves using two environments, including the Control Panel and PC Settings page. You can use the Control Panel to complete almost all user account tasks described earlier, even those that use the new PC Settings page. When you get to a task, it’s largely just a matter of choosing options and reading text that’s right on the screen. Windows provides links to advance to configuration screens. Some links are blue text (standard web hypertext color), while others use new Windows 8.1 buttons to display new settings or options for a task. You can use Back and Forward buttons to get around from page to page. You can click the Manage Another Account link on the User Accounts page as shown in Figure 4.20.4.6.10 Cracking into standard user accounts
If a local standard user forgets his or her password, you can use an account that has administrative privileges to reset the standard user’s password. If you’re an administrator and you just want to see what a standard user is up to, you can use this same technique to change the password and get full access to its folders.
1. Log in to a user account that has administrative privileges.The local standard user account will now have a new password. Be sure to share this password with the user so he or she can sign into Windows.
2. Go to the Manage Accounts page (press Windows Key+X and choose Control Panel, click User Accounts, and click Manage Another Account).
3. Click the password-protected account for which the user has forgotten the password.
4. Click the Change the password link.
5. Enter a new password, and then enter it again to confirm it.
6. Type a password hint.
7. Click Change Password to save the new password.
Комментариев нет:
Отправить комментарий