Force refresh Microsoft Account Password in Windows 10

Force refresh Microsoft Account Password in Windows 10

Windows 10 allows you to sign-in using your Microsoft Account Password which can be great, especially if you use a lot of Microsoft’s products (think OneDrive, Azure, Visual Studio, and other developer tools). Less passwords to remember means that you can have stronger passwords overall (less things to remember makes remembering things easier, but that will be another post in the future).

The problem arises when you change your Microsoft Account Password on another device, or via the web (using the account manager pages); windows doesn’t refresh it’s cache unless you change the password locally. Nor does it seem to refresh on restart/etc. So you end up having to use the old password and the new password for what is basically the same account (very annoying if you use password managers).

How to refresh your Microsoft Account Password

The quick and easy way to refresh your Microsoft Account Password is:

  1. Log in as any user on the machine (even the one you want to refresh)
  2. Search for command prompt (cmd)
  3. Right click and “Open file Location”, this will open an explorer window and show you the shortcut to Command Prompt.
  4. Right click on the Command Prompt shortcut whilst holding down the ALT key, and pick “Run as a different user”.
  5. Enter the Microsoft Account (full email address) and new password that you wish to re-fresh.
  6. Done!

runas The use of the “Run as a different user” option appears to force windows to check with the Microsoft Account servers when you enter the password; this then refreshes the local password cache.

Read more

Password Management

Password Management

In the years since I first sat in front of a computer the importance of a strong secure password has gone from a minor annoyance to a mission critical requirement. Now in the age of data breaches and the internet of things, the need for good password management is something that should be taught in school!

Back to School

Cast your mind back to the early 90s; bleach blonde hair, a new friends episode every Thursday and big grey computers that only the nerds played with. The first computer I remember using was a simple grey box in a corner on the top floor of my primary school; there was no login screen, but considering it was only used to run educational programs and was completely air gaped it didn’t really need any security. The early internet as we know it had only just started to exist; Sir Tim Berners-Lee had published WorldWideWeb (his first web browser) just a year or two before!

Soon came email accounts, forums, online banking and everything else. Passwords were just that, words used to pass through security. People generally had one and used it for everything, you felt oddly superior if it was a geeky word or a password you stole from a hacking movie (hack the gibson anyone?).

In the early 2000s what we now call data breaches started, old systems easily hacked by more modern systems. Everything was networked but not everyone knew how to do it securely. Hackers took swathes of user accounts with un-encrypted (or poorly hashed) passwords and shared them online; the size of these breaches grew and grew.

I could write a history of data breaches and bore you all half to death, I doubt anyone would read much further. If you do want a nice long list of breaches take a look at this Wikipedia article.

What I will write about is the importance of good password, personal security and password hygiene.

Passwords are like pants

There is a poster on the wall of my office that reads “Passwords are like underpants. Change them often, keep them private and never share them with anyone”; some bright spark has even added a note that says “password sniffing is a thing too”! It may sound like a joke but the poster isn’t wrong; changing your passwords once in a while is a simple way to protect yourself against the hacks (although it is not enough, something I will cover shortly).

You could come up with the most secure looking password in the world, and even remember it: [email protected]}A4n2d. No one is going to remember that when they see you typing it in; and the chance of someone guessing it is slim to none. Sorted? I think not; it only takes one badly designed website (and trust me there are many) to leak its database with a plain text password field and you are done for. As soon as you find out you can change your password and re-learn it (and update it’s use everywhere); but finding out is the hard part.

Now is the moment to mention a fantastic service provided by Troy Hunt called HaveIBeenPwned? You can use his website to search for your email address (or username) in a large number of data breaches so see if your passwords have been “pwned” (released to the public). There is even a notification service that will inform you if you appear in a future breach (a sensible precaution to take).

How can I protect myself?

The crazy strong password from earlier would be nearly impossible to remember and as we have seen doesn’t offer us much in the way of security. The solution is to use a different crazy password for each and every website; but how on earth would you remember them all? After all some of us have 100+ accounts to remember!

In comes a password manager; a simple application that keeps track of your credentials for you good ones even have password generators inside which will take care of creating your complex password. There are many people that would tell you a password manager is a bad idea (I used to be one of them); after all putting all your passwords (or eggs) in one basket and letting someone else hold on it it seems crazy. Our friend Troy Hunt has written a great article on why password managers do not have to be perfect so I wont go into to much detail on the subject. Suffice to say a well controlled password manager will deal with 99.99% of your password problems; if you use a different password on each website then a breach will only affect that site!

But which password manager?

Personally I use a system called KeePass; it is open source (so multiple people have verified it is safe and not evil) and free to use. The one requirement I had for a password manager was that it be under my control; I was not interested in giving my passwords to some service which could be breached. KeePass creates an encrypted container which is secured using two of the best methods available (AES and TwoFish); as long as you have the container and know the passphrase (just one to remember now!) you can access all your passwords. There are options to use further keys such as an external token or even GPS coordinates (not really that useful!). I store my container in a place I can access it from anywhere (a secure place); that way I can use an app on my phone, desktop, chrome book, work laptop etc to get a hold of my passwords when ever I need them.

So should you use a password manager? If you feel secure in using one (and can cope with the change it entails) then yes, the more random and complex all your passwords are the better chance you have of surviving online.

I highly recommend that you read a few articles on subject of passwords and their management:

Read more

Are you Melodious?

Are you Melodious?

Welcome to melodious code; you made it, I’m slightly surprised.

Melodious Code isn’t much of a site yet; it will hopefully become an interesting little blog about being a developer and all that it entails (stories from the workplace, coder gripes, random posts on code related subjects, etc). Or it might not; it really depends on the coder’s ability to focus beyond his current projects!

Thanks for visiting and come back soon, there might even be something interesting to read!

Bored? Want more? Try visiting someone who actually writes some decent content!

  • Troy Hunt –
  • Brent Ozar –
  • Scott Hanselman –

Read more