Local or Microsoft account: Which is best for you?
Not sure which type of Windows account you should be using? Here are the pros and cons of each
It's easy to assume your Windows account simply lets you sign in and out of Windows. However, the type of account you choose can have a significant effect on how Windows behaves. Here, we explain the differences between Microsoft and local accounts, so you can decide which is best for you.
Types of account
In Windows 7 and earlier, a local account (sometimes referred to as an offline account) was the only user account available. It is intended to be used on a single computer, which stores your account username, password and other details on its hard drive.
In contrast, a Microsoft account is stored online and can be used across multiple PCs. You'll still be able to sign if your computer's offline, so you won't be locked out of Windows if your home network goes down or you're working on your laptop while out and about.
Microsoft still gives you the option of setting up a local account, but it's hidden away
Microsoft is keen to move users away from using a local account, begrudgingly lets you set one up when installing Windows (look for the 'Offline account' option hidden in the bottom corner of the sign in window). And if you do opt for it, Microsoft will hit you with all the benefits you've decided to forego with your choice. There are, without doubt, advantages to using a Microsoft account, but there are also drawbacks, as we will explain.
If you're not sure which type of account you're currently using, click Start, then the cog icon to open Settings and select Accounts. In the 'Your info' section, you'll see your user account name. Below this, you'll either see 'Local account' or, if you're using a Microsoft account, the email address linked to your account.
Signing in & syncing
A Microsoft account makes it much easier to use the company's other services within Windows. For example, as soon as you sign into your Microsoft account, you'll also be signed into other services such as OneDrive, Skype and the Microsoft Store. With a local account, you'll need to sign into these services individually.
A Microsoft account also syncs your Windows settings (such as your desktop theme, ease of access settings and even your Wi-Fi passwords) across all the computers you sign into. This is handy if you tend to use more than one computer or if you're setting up a new one.
Additionally, you'll be able to share your Windows Timeline (accessed by clicking the film-strip icon to the right of the Start button) with your other computers. This shows a record of which programs you've used and websites you've visited over the past few days. By default, it will only show websites viewed using Microsoft's Edge browser, but the new Web Activities extension for Chrome also lets you sync your Chrome browsing history with your timeline.
This is great if you regularly use more than one computer and want everything synced, but it also lets anyone who logs in using your account see your emails, browsing history, synced files and more.
A Microsoft account stores your password (albeit an encrypted copy of it) online. And while Microsoft has a pretty decent security record, so did many companies who have since been the victim of online security breaches. However, even if a hacker were to get hold of your Microsoft password, they couldn't gain access to your home PC - unless they'd stolen that too. They would, however, have access to files that you had uploaded to OneDrive.
On the face of it, then, a local account may seem less risky, but it too contains security flaws. A relatively simple Command Prompt hack can let you (or anyone else) reset your local account password. Microsoft may have quietly fixed this vulnerability with the Windows 10 May update. When we tried the hack on a preview release, it no longer worked. Whether the fix makes the full update remains to be seen.
Set up security questions for your local account in case you need to reset your password
While we're pleased to see that the hack may have been addressed, it did represent a way of accessing your local account if you'd forgotten your password. Because Microsoft doesn't store local account passwords, it can't reset them for you should yours slip your mind. A Microsoft account, on the other hand, lets you reset your password using the email address registered to your account.
If you decide to use a local account, we recommend you set up security questions - answer these correctly and you'll be able to reset your password. To set these up, go to Settings, Accounts, 'Sign-in options', then scroll down on the right to the Password section and click 'Update your security questions'.
You can make a Microsoft account more secure by setting up two-factor authentication (2FA). This means that whenever someone tries to sign into your account from a new location, a code will be sent to your phone that needs to be entered to gain access. To set this up, go to the Microsoft account security website and sign in (if you're not already). At the bottom, click the 'more security options' link. From here, click 'Set up two-step verification' and follow the instructions.
Using a Microsoft account has other security benefits, including the ability to track your laptop should it be lost or stolen. If you run Windows 10 Pro, a Microsoft account will let you use its BitLocker drive encryption tool and store a copy of the recovery key (required if you need to access the contents of the drive after removing it from your computer) on Microsoft's servers as a backup.
When Microsoft accounts were first introduced with Windows 8, many users had concerns about privacy - specifically over the amount of data Microsoft would collect. In recent years, Microsoft has added settings to let you control how much you share, but it's still easy to share more than you intended to. To stop sharing info about which programs you've opened and the websites you've visited, for example, go to Settings, Privacy, 'Activity history' and make sure the 'Send my activity history to Microsoft' is unticked.
Keep this option unticked unless you're happy for your Windows usage data being sent to Microsoft
Using a local account helps prevent this type of data being sent to Microsoft. However, if you download an app from the Microsoft Store, for example, you'll need to sign-in with a Microsoft Account - in which case, we recommend you changing the 'Activity history' setting as above.
There's no doubt that a Microsoft account makes Windows easier to use. You don't need to constantly sign into Microsoft services each time you want to use them and all your settings are synced across all your computers. And as long as you set up two-factor authentication, it's secure and it provides a hassle-free way to reset your password should you forget it. Throw in those extra benefits, such as being able to track your laptop if you lose it, and it's fair to say we go for a Microsoft account over an old-style local account every time.
That said, if you've no interest in using other Microsoft services (or prefer to sign into them individually) and would prefer not to store personal details online or share information with Microsoft, a local account will provide you with everything you need.
How to switch between accounts
Changing from a local account to a Microsoft one (or vice versa) is easy and you can do it as often as you like - and it won't affect any of your personal files.
Switching to a local account
Go to Settings, Accounts, then make sure the 'Your info' section on the left is selected. Click the 'Sign in with a local account instead' link on the right. You'll be asked to enter your current Microsoft account password, then choose a username and password. Click 'Sign out and finish' to continue (doing this will sign you out from all Microsoft services).
Switch to Microsoft account
Go to Settings, Accounts, then the 'Your info' section, and click the 'Sign in with a Microsoft account instead' link. You now need to enter your Microsoft account username and password. If you don't already have an account, click 'Create one', then follow the instructions. Otherwise, enter your current local account password, then click Next. You'll then be prompted to set up a PIN. This PIN is only stored on your PC and saves you from having to type your full Microsoft account password each time you want to login to Windows. At this point, we also recommend you set up two-factor authentication (as above).
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Security best practices for PostgreSQL
Securing data with PostgreSQLDownload now
Transform your MSP business into a money-making machine
Benefits and challenges of a recurring revenue modelDownload now
The care and feeding of cloud
How to support cloud infrastructure post-migrationWatch now