One question I get asked surprisingly often is which account users should choose as their primary Windows sign-in account? A Microsoft Account, or a local account? They both have their pros and cons, offering two different ways to manage user accounts on private computers.
In this post I will go through what each account type has to offer. I will also give my recommendation, to use something I call a “hybrid” user account, settting up a Windows 10 user profile taking the best parts of both Microsoft and local accounts. My pros and cons lists are far from complete, and based solely on my personal experience and opinions.
A Microsoft account (MSA) is a good choice if a user wants to use the same account on multiple devices. Setting up a preinstalled Windows 10 on a new device, after a clean install, or creating a new user on existing Windows installation, everything works from the moment the user signs into the desktop for the first time. OneDrive will be set up, theme, colors and settings will be synced as the user prefers. Signing into Bing once in Edge will sync Edge favorites, too.
1.) Sync! It really works, whatever Windows device you use.
2.) User is automatically signed into most Microsoft apps and services, at most requiring a simple click of a Sign in button.
3.) Added security with Two-Factor Authentication (2FA), using the account on a new device the credentials must be verified.
4.) MSA email is automatically set up in the Windows Mail app
1.) Users tend to be quite careless when setting up a new MSA. To create an MSA, user is required to add and verify phone number. Additional phone numbers and alternative security email addresses can be added by signing in to Additional Security Options, but unfortunately most users do not bother. If these security options are no longer valid when the user forgets the password, for instance because user has not added any additional security phone numbers or emails and the phone number used when registering account has been changed, the user is in real trouble.
When resetting a forgotten MSA password, verification is required. At this point, if user has not added additional numbers and emails and have a new phone number, no longer the one used when MSA was created, the user faces a 30 day waiting period and will be unable to use that MSA during that time. Only after this period, can the user reset the password. Password reset using tools like Locksmith in Microsoft DaRT10 recovery disk does not work with MSA.
An important thing regarding your account security and possible password security like it is, I fo sure hope that Microsoft would change the sign-up process, and clearly tell user how important it is that the security information is kept up to date.
2.) User profile name. For reasons unknown to me, Microsoft has chosen not to ask user how the profile should be named. Instead, a profile for Windows sign-in MSA will use an acronym maximum five characters long, based on first and last names in MSA address (typically first_name.last_name@email_provider.com), or five first characters of MSA address if only one word, not dot separated first and last names is used.
– If my Win10.guru partner Ed Tittel had a typical MSA, first and last name separated with a dot and both written in lower case, his profile folder would be named as edtit.
– MSA user Jo.Brainwaith@email_provider.com, first letter in first and last name in upper case would have a profile folder JoBra.
– Mrs. Betty Ivana Tchaikosky with MSA email b.i.tchaikovsky@email_provider.com would have her user profile named as bitch.
A local account is a good choice for anyone not using Outlook / Hotmail email, or for those, for lack of better word, idiots who do not want to use any passwords or other security measures.
Choosing local account is my strongly recommendated method to set up Windows, even when user really wants to use a Microsoft account; set up Windows first with a local account, then immediately after signing in to desktop first time, switch it to an MSA.
1.) Faster to set up. Bypass password selection when asked, then when on desktop, use Advanced User Control Panel (lusrmgr.msc) to set up a password, or switch immediately to MSA.
2.) User profile folder will be named exactly as you’d prefer. If user setups Windows with a local account Larry Laffer, user profile name would be Larry Laffer. If Larry Laffer now, immediately after signing in to desktop first time switches to MSA with email l.laffer@email_provider.com, user profile name would still be Larry Laffer, not llaff it had been if the user account was setup as MSA.
3.) Password reset and recovery will be easy and fast, DaRT10 Locksmith does it in seconds:
1.) No sync.
2.) No 2FA.
Why not best of both?
I always use something I call a hybrid user account. I setup Windows with a local account Kari, without setting up a password in OOBE. I use lusrmgr.msc as soon as I come to desktop to setup a strong password. I then open Microsoft Store app, and sign in to it with my MSA email. When asked if I want to use that account everywhere on my device, I’ll accept it by clicking Next:
Now I have a hybrid account. I am still signing in to Windows with a local account, but I am connected to all Microsoft apps and services with my MSA. The difference can be seen in Settings. When signing in to Windows with an MSA, Your info shows the option to switch to a local account instead:
But, when signing in with a local account, just connecting that local account to Microsoft apps and services with MSA, that option is different:
1.) All pros from both MSA and local account, including full sync between devices.
2.) Windows sign-in account and credentials completely separated from MSA credentials, account lockout virtually impossible.
I honestly do not know any cons.
That’s it this time!
Author: Kari Finn
A former Windows Insider MVP, Kari started in computing in the mid 80’s writing code for VAX / VMS systems. Since then, he’s worked in a variety of IT positions. He specializes in Windows image capture, customization, repair and deployment as well as Hyper-V virtualization. Kari is a proud Team Member at number #1 Windows site TenForums.com.