I’m confident that everyone reading this has received spam from a friend’s Hotmail account and then got the apologetic “sorry my account was hacked” email. Or worst, had it happen to them.

If you thought compromising Windows Live ID’s was attractive before, now that it will get you to a person’s SkyDrive, browsing history, Wi-Fi and browser stored passwords, etc, it just got a whole lot more attractive to hackers to phish for.  I predict a substantial increase in Windows Live ID phishing.

Now Microsoft has made some efforts to increase security around your Live ID.  Someone logging in from an un-trusted machine (as defined by you) does have some extra hoops to jump.  What gets synchronized and how it is protected is described in the following blog post by the Windows 8 engineering team. http://blogs.msdn.com/b/b8/archive/2011/09/26/signing-in-to-windows-8-with-a-windows-live-id.aspx 

What business needs to do

If you’re a corporation and your enterprise is allowing Windows 8 based devices to attach, even the odd one, I suggest you look at creating both a policy and some user education.  Yes, all of these settings can be controlled by Group Policy, you’ll find them in the GPO Editor under Computer Configuration -> Administrative Templates -> Windows Components -> Settings Sync.

I’m sure I’ll get some of you commenting “this is not new, Dropbox and similar services have existed for a long time”.  I’ll argue that any of these services require a fair bit of user intention and knowledge.  A user needs to want a file sharing and synchronization solution, then they need to sign up and install it.  With Windows Live and SkyDrive it just happens as they log on to their PC for the first time.  With Office 2013 integration to SkyDrive, users will instinctively start saving corporate date off into their personal SkyDrive.

At this point, Microsoft is not providing functionality for corporations to manage user SkyDrives.  There is no functionality similar to the “Dropbox for Teams” service.  SkyDrive Pro does provide corporate administration functionality with the Office365 offering, but runs alongside SkyDrive and is synchronization of Sharepoint libraries, not a similar service to SkyDrive at all. 

Make decisions on security

As a user, take a few extra moments to review your security settings for your Windows Live ID.  You can do this at https://account.live.com/ – make sure your primary mobile and trusted computer list is correct.  If you ever find yourself logging in with your Live id from any dodgy machines such as an Internet café, take advantage of Microsoft’s “Sign in with a single-use code”.  They’ll SMS your mobile with a one-time password.  Be extra vigilant of signing in to a phishing site.

As a business, you’ll need to immediately give some thought to whether you’re OK with things like Wi-Fi passwords, browser saved passwords, company documents and the like being saved to the Microsoft online services.  If you’re OK with it, help your users do it securely.  If you want to disable it, hurry up and set those group policy items.

 

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Previous articleTechnology and your business
Next articleApp answers ‘is this a rash?’ with dermatologist expertise
Brian Bourne
Brian Bourne started his career back in 1992 working on large, complex infrastructure for one of the big Canadian banks. Today he provides leadership to 3 separate companies, a professional services firm, CMS Consulting Inc., a managed services firm, Infrastructure Guardian Inc., and what has become the largest security event in Canada, the Security Education Conference in Toronto (SecTor), operated by Black Arts Illuminated Inc. Brian is also the co-founder and sits on the current executive of TASK, a Toronto based security user group with over 3100 members. When he’s not working or triathlon training, he’s spending time with his amazingly supportive wife and kids or wrenching in the garage.