There’s important change in the way Microsoft handles browser logins to Microsoft accounts. If you’re using someone else’s computer or a public terminal, you need to know about this new security hole.
Whenever you’ve signed into a Microsoft account for a web site, you’ve almost certainly seen this box.
Stay signed in ?
Stay signed in so you don’t have to sign in again next time.
On a public computer (or borrowing someone’s machine) the right choice, until now, was NO. That kept your login active for that browser session only.
On a private computer that only you control, the choice was YES to save extra login requests.
Now that question has been dropped and system assumes ‘Yes’ – stay signed in. There’s no choice to keep your login isolated to that session.
That means your login is still ‘alive’ even if you close the browser window – not good.
NOTE: this only applies to browser logins. Sign-in for Microsoft 365/Office apps remains unchanged.
The change does apply to using the browser apps for Word, Excel, PowerPoint and Visio plus browser logins to Microsoft mailboxes (Microsoft 365, Outlook.com, Hotmail etc).
Microsoft made this change ‘on the sly’ with no announcement, let alone explanation. Worse, the new default is LESS secure and can leave the unwary majority vulnerable. The new login process matches what Google has done for years, but that’s no excuse to make things less secure.
Remember to log off
If you’re using a public computer or borrowing someone’s device to get your email or documents – it’s now VITAL that you logout when you’re finished.
Click on the account icon at top-right (with your initials or photo) before leaving that computer.
That was always the safer thing to do but now it’s important.
If you just walk away from the device or even just close the browser window, the login is still ‘alive’ and the details potentially available to others.
What else to do
Whenever you’re on a ‘foreign’ (for want of a better word) machine, always use the Private/Incognito browsing mode.
That keeps your login and other info isolated into that session. All modern browsers have some kind of private mode:
Edge
InPrivate mode
Shortcut: Ctrl + Shift + N
Chrome
Incognito mode
Shortcut: Ctrl + Shift + N
Firefox
Private Browsing
Shortcut: Ctrl + Shift + P
Safari
Private Browsing
Shortcut: Cmd + Shift + N (Mac)
Sign out everywhere
If you forget to logout from a public computer, it can be done remotely.
Go to your Microsoft account, then the Advanced Security page.
Scroll down to “Sign out everywhere”
This will sign out your account for all locations (web sites, apps etc), except Xbox.
BUT it’ll take up to 24 hours, so it’s not ideal for any urgent need like a stolen computer.
And you’ll then need to login again at the places you need.
