A Microsoft account or MSA (previously known as Microsoft Passport,Microsoft Passport: Streamlining Commerce and Communication on the Web
/ref> .NET Passport, and Windows Live ID) is a

single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...

Microsoft user account for

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...

customers to

log in In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system A computer is a machine that can be programmed to carry out sequences of arithmetic o ...

to Microsoft services (like

Outlook.com Outlook.com is a webmail service that is part of the Microsoft 365 product family. It offers mail, calendaring, contacts, and tasks services. Founded in 1996 by Sabeer Bhatia and Jack Smith as Hotmail, it was acquired by Microsoft in 1997 ...

), devices running on one of Microsoft's current

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

s (e.g.

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...

computers and tablets,

Windows Phone Windows Phone (WP) is a discontinued family of mobile operating systems developed by Microsoft for smartphones as the replacement successor to Windows Mobile and Zune. Windows Phone featured a new user interface derived from the Metro design lan ...

s, and

Xbox Xbox is a video gaming brand created and owned by Microsoft. The brand consists of five video game consoles, as well as applications (games), streaming services, an online service by the name of Xbox network, and the development arm by the ...

consoles), and Microsoft

application software Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a ...

(including

Visual Studio Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to develop computer programs including web site, websites, web apps, web services and mobile apps. Visual Studio uses Microsoft software development platfor ...

History

Microsoft Passport, the predecessor to Windows Live ID, was originally positioned as a

service for all web commerce. Microsoft Passport received much criticism. A prominent critic was Kim Cameron, the author of ''The Laws of Identity,'' who questioned Microsoft Passport in its violations of those laws. He then joined Microsoft in 1999 after his company was acquired and was its Chief Architect of Access and Identity until his 2019 retirement, helping to address those violations in the design of the Windows Live ID identity meta-system. As a consequence, Windows Live ID is not positioned as the single sign-on service for all web commerce, but as one choice of many among identity systems. In December 1999, Microsoft neglected to pay their annual $35 "passport.com" domain registration fee to

Network Solutions Network Solutions, LLC is an American-based technology company and a subsidiary of Web.com, the 4th largest .com domain name registrar with over 6.7 million registrations as of August 2018. In addition to being a domain name registrar, Network S ...

. The oversight made Hotmail, which used the site for authentication, unavailable on December 24. A

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, whi ...

consultant, Michael Chaney, paid it the next day (

Christmas Christmas is an annual festival commemorating the birth of Jesus Christ, observed primarily on December 25 as a religious and cultural celebration among billions of people around the world. A feast central to the Christian liturgical year ...

), hoping it would solve this issue with the downed site. The payment resulted in the site being available the next morning. In Autumn 2003, a similar

good Samaritan In most contexts, the concept of good denotes the conduct that should be preferred when posed with a choice between possible actions. Good is generally considered to be the opposite of evil and is of interest in the study of ethics, morality, ph ...

helped Microsoft when they missed payment on the "hotmail.co.uk" address, although no downtime resulted. In 2001, the

Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ...

's staff attorney Deborah Pierce criticized Microsoft Passport as a potential threat to privacy after it was revealed that Microsoft would have full access to and usage of customer information. The privacy terms were quickly updated by Microsoft to allay customers' fears. In July and August 2001, the

Electronic Privacy Information Center Electronic Privacy Information Center (EPIC) is an independent nonprofit research center in Washington, D.C. EPIC's mission is to focus public attention on emerging privacy and related human rights issues. EPIC works to protect privacy, freed ...

and a coalition of fourteen leading consumer groups filed complaints with the Federal Trade Commission (FTC) alleging that the Microsoft Passport system violated Section 5 of the Federal Trade Commission Act (FTCA), which prohibits unfair or deceptive practices in trade. Microsoft had pushed for non-Microsoft entities to create an Internet-wide unified-login system. Examples of sites that used Microsoft Passport were

eBay eBay Inc. ( ) is an American multinational e-commerce company based in San Jose, California, that facilitates consumer-to-consumer and business-to-consumer sales through its website. eBay was founded by Pierre Omidyar in 1995 and became ...

and Monster.com, but in 2004 those agreements were cancelled. In August 2009, Expedia sent notice out stating they no longer support Microsoft Passport / Windows Live ID. In 2012, Windows Live ID was renamed Microsoft account.

Overview

Microsoft account allows users to sign into websites that support this service using a single set of credentials. Users' credentials are not checked by Microsoft account-enabled websites, but by a Microsoft account authentication server. A new user signing into a Microsoft account-enabled website is first redirected to the nearest authentication server, which asks for username and password over an

SSL SSL may refer to: Entertainment * RoboCup Small Size League, robotics football competition * ''Sesame Street Live'', a touring version of the children's television show * StarCraft II StarLeague, a Korean league in the video game Natural language ...

connection. The user may select to have their computer remember their login: a newly signed-in user has an encrypted time-limited cookie stored on their computer and receives a

triple DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standa ...

encrypted ID-tag that previously has been agreed upon between the authentication server and the Microsoft account-enabled website. This ID-tag is then sent to the website, upon which the website plants another encrypted HTTP cookie in the user's computer, also time-limited. As long as these cookies are valid, the user is not required to supply a username and password. If the user actively logs out of their Microsoft account, these cookies will be removed. Microsoft account offers a user two different methods for creating an account: #Use an existing e-mail address: Users are able to use their own valid e-mail address to sign up for a Microsoft account. The service turns the requesting user's e-mail address into a Microsoft account. Users may also choose a password of their own choice. #Sign up for a Microsoft e-mail address: Users can also sign up for an e-mail account with Microsoft's webmail services designated domains (i.e. @hotmail.com or @outlook.com that can be used as a Microsoft account to sign into other Microsoft account-enabled websites. The e-mail domains @live.com, @msn.com and @passport.com are discontinued. Microsoft websites, services, and apps such as

Bing Bing most often refers to: * Bing Crosby (1903–1977), American singer * Microsoft Bing, a web search engine Bing may also refer to: Food and drink * Bing (bread), a Chinese flatbread * Bing (soft drink), a UK brand * Bing cherry, a varie ...

MSN MSN (meaning Microsoft Network) is a web portal and related collection of Internet services and apps for Windows and mobile devices, provided by Microsoft and launched on August 24, 1995, alongside the release of Windows 95. The Microsoft Net ...

and

Xbox Live The Xbox network, formerly and still sometimes branded as Xbox Live, is an online multiplayer gaming and digital media delivery service created and operated by Microsoft. It was first made available to the Xbox system on November 15, 2002. A ...

use Microsoft account as a mean of identifying users. There are also several other companies that use it, such as the

Hoyts The Hoyts Group of companies in Australia and New Zealand includes Hoyts Cinemas and Val Morgan. Hoyts operates more than 450 cinema screens and 55,000 seats, making it Australia's second largest movie exhibitor after Event Hospita ...

website which is hosted by

NineMSN Nine.com.au (formerly Ninemsn) is an Australian news and current events website, owned by ASX-listed company, Nine Entertainment Co. It was originally established as a 50:50 joint venture between Microsoft and PBL Media (now Nine Entertainmen ...

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was release to manufacturing, released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Wind ...

and later has an option to link a Windows user account with a Microsoft account, thus automatically logging users in to their Microsoft account whenever a service is accessed. Starting with

Windows Server 2012 Windows Server 2012, codenamed "Windows Server 8", is the sixth version of the Windows Server operating system by Microsoft, as part of the Windows NT family of operating systems. It is the server version of Windows based on Windows 8 and succe ...

, Windows allows users to directly authenticate into their PCs using their Microsoft account rather than a local or domain user.

Profile

A feature of the Microsoft account service is the profile manager, named Profile, which was formerly part of

Windows Live Windows Live is a discontinued brand name for a set of web services and software products developed by Microsoft as part of its software-as-a-service platform. Chief components under the brand name included web services (all of which were expose ...

. It displays information about the particular user, their recent activities, and their relationship with other Windows Live users. It also provides the ability to connect with others through

Skype Skype () is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for VoIP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, debi ...

, and via social networks such as

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dust ...

, MySpace and

LinkedIn LinkedIn () is an American business and employment-oriented online service that operates via websites and mobile apps. Launched on May 5, 2003, the platform is primarily used for professional networking and career development, and allows job se ...

. Users can share some of their personal information such as interests and hobbies, and social information such as their favorites quote, hometown, or places lived previously. Profile also allows users to modify their privacy settings to decide what is shared.

Web authentication

On August 15, 2007, Microsoft released the Windows Live ID Web Authentication SDK, enabling web developers to integrate Windows Live ID into their websites running on a broad range of web server platforms - including ASP.NET ( C#),

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...

Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offic ...

, PHP, Python and

Ruby A ruby is a pinkish red to blood-red colored gemstone, a variety of the mineral corundum ( aluminium oxide). Ruby is one of the most popular traditional jewelry gems and is very durable. Other varieties of gem-quality corundum are called ...

Support for OpenID

On October 27, 2008, Microsoft announced that it was publicly committed to supporting the OpenID framework, with Windows Live ID becoming an OpenID provider. This would allow users to use their Windows Live ID to sign into any website that supports OpenID authentication. There had been no update on Microsoft's planned implementation of OpenID since August 2009, however since November 2013 Microsoft have publicly participated in OpenID Connect interoperability testing.

Login methods

In addition to using an account password, users can login to their Microsoft account by accepting a mobile notification sent to a mobile device with

Microsoft Authenticator Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...

, a FIDO2

security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens inc ...

or by using Windows Hello. Users can also set up

two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...

by getting a time-based, single-use code by text, phone call or using an

authenticator app An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. I ...

Features

Microsoft account is the website for users to manage their identity. Features of a Microsoft account include: * updating user's information such as first and last names, address, etc. associated with the account; * updating user settings, such as preferred language or preferences for email communications; * changing or resetting user passwords; * close the account; * view billing details associated with the accounts.

Integrated with

The following is a list of computer programs and web services that support using Microsoft Account as the credentials required for the authentication process. *

Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on August 1, 2012; it was subsequently made available for download via MSDN and TechNet on August 15, 2012, and later to ...

and later *

and later * Windows components **

Calendar A calendar is a system of organizing days. This is done by giving names to periods of time, typically days, weeks, months and years. A date is the designation of a single and specific day within such a system. A calendar is also a phy ...

** Cortana **

Groove Music Groove Music (formerly Xbox Music or Zune Music Pass) is a discontinued audio player software application included with Windows 8, Windows 8.1 and Windows 10. The app is also associated with a now-discontinued music streaming service, Groov ...

Feedback Hub Feedback Hub is a universal app produced by Microsoft. It is designed to allow users—and in particular, Windows Insider users—to provide feedback, feature suggestions, and bug reports for the operating system. It is available in the Microsoft ...

Mail The mail or post is a system for physically transporting postcards, letters, and parcels. A postal service can be private or public, though many governments place restrictions on private systems. Since the mid-19th century, national postal sys ...

** Movies & TV **

Microsoft Store Microsoft Store (formerly known as Windows Store) is a digital distribution platform operated by Microsoft. It started as an app store for Windows 8 and Windows Server 2012 as the primary means of distributing Universal Windows Platform app ...

Outlook Express Outlook Express, formerly known as Microsoft Internet Mail and News, is a discontinued email and news client included with Internet Explorer versions 3.0 through to 6.0. As such, it was bundled with several versions of Microsoft Windows, from ...

People A person ( : people) is a being that has certain capacities or attributes such as reason, morality, consciousness or self-consciousness, and being a part of a culturally established form of social relations such as kinship, ownership of prope ...

** Windows Messenger *

Windows Phone 7 Windows Phone 7 is the first release of the Windows Phone mobile client operating system, released worldwide on October 21, 2010, and in the United States on November 8, 2010. It runs on the Windows CE 6.0 kernel. It received multiple large upda ...

and later ** Windows Phone Store *

Exchange Online Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related ...

Exchange Online Protection Exchange Online Protection (EOP, formerly Forefront Online Protection for Exchange or FOPE) is a hosted e-mail security service, owned by Microsoft, that filters spam and removes computer viruses from e-mail messages. The service does not require ...

Microsoft Office Microsoft Office, or simply Office, is the former name of a family of client software, server software, and services developed by Microsoft. It was first announced by Bill Gates on August 1, 1988, at COMDEX in Las Vegas. Initially a marketin ...

Office 365 Microsoft 365 is a product family of productivity software, collaboration and cloud-based services owned by Microsoft. It encompasses online services such as Outlook.com, OneDrive, Microsoft Teams, programs formerly marketed under the name ...

Office Online Microsoft Office, or simply Office, is the former name of a family of client software, server software, and services developed by Microsoft. It was first announced by Bill Gates on August 1, 1988, at COMDEX in Las Vegas. Initially a marketin ...

OneDrive Microsoft OneDrive (formerly SkyDrive) is a file hosting service operated by Microsoft. First launched in August 2007, it enables registered users to share and synchronize their files. OneDrive also works as the storage backend of the web vers ...

(formerly SkyDrive) *

(formerly Hotmail) *

System Center Advisor Microsoft System Center Advisor (SCA; formerly Codename Atlanta), is a commercial software as a service offering from Microsoft Corporation that helps change or assess the configuration of Microsoft Servers software over the Internet. It is part o ...

Microsoft Azure Microsoft Azure, often referred to as Azure ( , ), is a cloud computing platform operated by Microsoft for application management via around the world-distributed data centers. Microsoft Azure has multiple capabilities such as software as a ...

(formerly Windows Azure) * Windows Insider Program *

Windows Live Messenger MSN Messenger (also known colloquially simply as "Messenger"), later rebranded as Windows Live Messenger, was a cross-platform instant-messaging client developed by Microsoft. It connected to the Microsoft Messenger service and, in later versio ...

Windows Movie Maker Windows Movie Maker (known as Windows Live Movie Maker for the 2009 and 2011 releases) is a discontinued video editing software program by Microsoft. It was first included in Windows Me on September 14, 2000 and in Windows XP on October 25, 2001 ...

Windows Photo Gallery Windows Photo Gallery (formerly known as Windows Live Photo Gallery) is a discontinued image organizer, photo editor and photo sharing program. It is a part of Microsoft's Windows Essentials software suite. The product has been unavailable f ...

* Xbox network

Security vulnerabilities

On June 17, 2007, Erik Duindam, a web developer in the Netherlands, reported a privacy and identity risk, saying a "critical error was made by Microsoft programmers that allows everyone to create an ID for virtually any e-mail address." A procedure was found to allow users to register invalid or currently used e-mail addresses. Upon registration with a valid e-mail address, an e-mail verification link was sent to the user. Before using it however, the user was allowed to change the e-mail address to one that did not exist, or to an e-mail address currently used by someone else. The verification link then caused the Windows Live ID system to confirm the account as having a verified email address. That flaw was fixed two days later, on June 19, 2007. On April 20, 2012, Microsoft fixed a flaw in Hotmail's password reset system that allowed anyone to reset the password of any Hotmail account. The company was notified of the flaw by researchers at Vulnerability Lab on the same day and responded with a fix within hours — but not before widespread attacks as the exploitation technique spread quickly across the Internet. On December 3, 2015, a security researcher discovered a vulnerability in the

Adobe Experience Manager Adobe Experience Cloud (AEC), formerly Adobe Marketing Cloud (AMC), is a collection of integrated online marketing and web analytics products by Adobe Inc. History Adobe Experience Cloud includes a set of analytics, social, advertising, medi ...

(AEM) software used on signout.live.com and reported it to the Microsoft Security Response Center (MSRC). This vulnerability enabled full-administrative access to the AEM Publish nodes'

OSGi OSGi is an open specification and open source project under the Eclipse Foundation. It is a continuation of the work done by the OSGi Alliance (formerly known as the Open Services Gateway initiative), which was an open standards organization fo ...

console and made it possible to execute code inside of the

JVM A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The JVM is detailed by a specification that formally describes ...

through the upload of a custom OSGi bundle. The vulnerability was confirmed to have been resolved on May 3, 2016."Remote Code Execution (RCE) on Microsoft's 'signout.live.com'"
/ref>

References

External links

* {{Microsoft Office ID Federated identity Companies' terms of service Microsoft