Happy Friday Microsoft has been making some strange decisions lately. First, they renamed "Microsoft Office 365" to "Microsoft 365 Copilot"—likely to shift focus away from the fact that they’re raising subscription prices for the first time in 13 years. Instead of keeping Copilot as an optional add-on, they’ve bundled it into the base plan, meaning everyone pays for it whether they want it or not. But I digress.
Now, they’ve made another major change—one that could have real security consequences.
The Change: Permanent Sign-In
Starting this month, Microsoft will keep you signed into your account indefinitely unless you manually log out or use private browsing.
At first glance, this sounds convenient. No more repeatedly entering your password every time you visit Outlook, OneDrive, or SharePoint. But here’s the problem: If a cybercriminal tricks you into sharing an authentication token, they could gain long-term access to your account—without ever needing your password again.
Why This Matters
Previously, when signing into a Microsoft account in a web browser, you’d see a "Stay signed in?" prompt. If you clicked Yes, you remained logged in. If you clicked No, your session would expire when you closed your browser.
Starting this month, this prompt is going away and you’ll stay signed in by default—unless you log out manually or use a private browsing window.
This change makes token theft a much bigger risk. If an attacker gets hold of your authentication token (which can happen through phishing, malware, or browser exploits), they could retain indefinite access to your email, OneDrive, SharePoint, and other Microsoft services—no password required.
The Takeaway
Here's what you need to do to protect yourself:
Use private browsing on shared or public devices. Incognito mode (Chrome), Private Browsing (Firefox, Safari), or InPrivate mode (Edge) ensures that your session doesn’t persist after you close the window.
Manually log out when finished. It’s an extra step, but it could prevent unauthorized access.
Check your account security regularly. If you forget to log out somewhere, go to the Microsoft account security page and select Sign out everywhere to revoke access from all sessions.
Cyber threats evolve, and convenience often comes at the expense of security. Be mindful of where you sign in, how long you stay logged in, and how your credentials are being used. Stay safe out there. -Attila PS. How Secure is Your Business? Find Out in Minutes. Cybersecurity isn't just about firewalls and software—your employees are your first and last line of defense. But how prepared are they to spot threats, follow best practices, and respond under pressure?
The Riskara 360 Employee Security Risk Assessment helps you uncover hidden vulnerabilities in your workforce by evaluating four key areas:
1. Awareness – Do your employees recognize cybersecurity risks and follow workplace security protocols?
Behaviors – Are security best practices part of their daily routine, or are they just checking boxes?
Habits – Which security actions have become second nature—and which still need reinforcement?
Resilience – How well does your team adapt and respond to cyber threats, social engineering, and security incidents? We're giving FREE ASSESSMENTS to the first 100 people to reply to this email and request a voucher code. It's as simple as that!
New Friday Funnies
Why do vampire's use Macs? Because they don't like Windows in their house. The opposite of Microsoft Office is... Macrohard Onfire
Comentários