that this is your account, you’re prompted to choose the photo you’ll use. Obviously, you can use any photo of your choosing.
Once you’ve selected the picture and the wizard has verified this selection, you’ll be prompted to set up your gestures, as shown in Figure 12-5. Here, you choose the three gestures you want to use—again, any combination of three circles, lines, and/or taps—as your sign-in.
Figure 12-5: Creating a picture password
The wizard will make you repeat the gestures to ensure that you’ve got the sequence memorized correctly, and then you’re good to go. You can later change the picture password or remove it.
With the understanding that common sense is a key aspect of anyone’s personal security regimen—and, on the flip side, that human error is almost certainly the number one factor behind most security mishaps—we feel compelled to remind readers that picture password, like any other authentication scheme, is only as secure as you make it. So use some common sense when creating a picture password, keeping the following tips in mind:
• Complexity: It’s not hard to guess that a picture password that uses a person’s headshot as the picture most likely involves poking both eyes and making a smile across the lips. Be more creative than that and use a photo that is more complex, with less obvious points of interest.
• Use different gestures: Three identical straight lines do not secure apicture password make. Consider mixing it up, using a combination of taps, straight/curved lines (in both directions), and circles that move in both directions (clockwise and counter-clockwise).
• Physically shield the screen: You wouldn’t let strangers watch you enter your bank card’s PIN at a cash machine. Don’t let onlookers see your picture password … no matter how cute you think it is.
• Clean the screen: Today’s touch-screen devices leave indelible smudges each time you tap or gesture. So be sure to keep your screen clean, reducing the chance that someone could tilt the device in the light and quickly guess which gestures you use to sign in.
You’re not locked into using this or any other sign-in type. You could have a password, a picture password, and a PIN all configured for the same account and then choose which to use at sign-in time.
• Create (or change) a PIN: If you’ve ever used a smartphone, you know that four-digit PINs, or personal identification numbers, are the norms for securely signing in on such devices. This sign-in option allows you to use the same convenient sign-in type on your Windows PC or device, and while it’s particularly nice for touch-screen devices, we’ve both switched to using this sign-in type on our traditional desktop PCs, too, since it’s so fast. Setting up a PIN is very straightforward, and each digit must be a number.
Oddly enough, you can use the picture password and PIN sign-in types even with a domain account. However, some corporations have very strict password policies, so as is the case with other options in this chapter, you may not be able to use these features with a work-based domain account.
• Add a user: If you select the Add a user link under Other users, you’ll be presented with the new full-screen interface shown in Figure 12-6. It’s set up for a Microsoft account by default, but you can click the link titled Sign in without a Microsoft account to configure a traditional local user account instead.
Figure 12-6: Add a user, Metro-styled
So, yes, you can mix and match Microsoft and local accounts (and even domain accounts) on a single PC, though our general rule about using Microsoft accounts exclusively when possible still applies for your own PCs.
PC Settings is cute and everything, but if you want to dive into the nitty-gritty of user account management, you’ll need to visit the old-school Control Panel interface instead. And yes, you still want to know about this interface even if you’re not particularly interested in advanced features. And that’s because there are certain things related to account management that you can only do from Control Panel.
For example, the very first account you create with Windows 8 is always an administrator-class account, and that’s true whether that account is a Microsoft account, as recommended, or a traditional local account. But when you create other accounts, as explained earlier, those accounts are not administrator-type accounts. And the Metro-style PC Settings interface doesn’t offer any way to change them.
But Control Panel does. In fact, Control Panel provides so much additional functionality with regards to user accounts that it seems a shame to ignore it.
Of course, you need to find it first. The easiest way is via Start Search: Display the Start screen, type user, select the Settings filter in the right pane, and then choose User Accounts in the results list. This displays the old-school User Accounts control panel, as shown in Figure 12-7.
Figure 12-7: User Accounts control panel
Here are some of the user account–related tasks you can only complete using Control Panel:
If you have only configured one user account, you cannot, however, change it from an administrator-type account to a standard user account. You must always have one administrator configured on the PC.
• Change an account type: As noted previously, the first account you configure on your PC—whether it’s a Microsoft account or a local user account—is an administrator-type account. But what about subsequent accounts? As it turns out, all subsequent account additions—be they Microsoft or local accounts—are created as standard users, not administrators. This may be desirable, but if you’d like to change an account from one type to the other, you can do so.
To change an account’s type, click the link Manage another account in the User Accounts control panel. This will change the display to resemble Figure 12-8, where you can choose an account to change.
Figure 12-8: The Manage Accounts interface lets you configure user accounts.
When working with a local account, you can also use this screen to change the account name, create or change the password, set up parental controls, or delete the account.
Select the account you wish to modify to display a screen like that in Figure 12-9. Here, you can see a secondary Microsoft account that was automatically configured as a standard account type when it was added to the system.
Figure 12-9: If it doesn’t say Administrator above “Password protected,” it’s not an administrator.
When working with a Microsoft account, you can also use this screen to set up parental controls or delete the account (from the PC).
