Podcast Summary: Hands-On Windows 174 – 2026 Security Checkup
Host: Paul Thurrott
Date: January 29, 2026
Podcast: All TWiT.tv Shows (Audio), Episode: Hands-On Windows 174
Theme: A practical, high-level security review for Windows 11 users in 2026, covering account security, password management, device settings, and backup best practices in the new year.
Main Theme & Episode Purpose
Paul Thurrott opens this episode with a timely reminder: it's never too late for a security checkup on your digital life, especially as the year begins. The focus is on reviewing and enhancing the security of your Microsoft account, Windows 11 PCs, and other major online accounts. Paul emphasizes practical advice over theoretical discussion, helping listeners apply strong, actionable security measures.
Key Discussion Points & Insights
1. Securing Your Microsoft Account
- Access Security Settings: Go to the Microsoft account website and navigate to the security section.
- "Go into the security section. You'll have to log, you'll have to re-authenticate." (01:02)
- Authentication Options:
- Use multiple methods (email, phone, authenticator apps, passkeys).
- Have at least two recovery email addresses not associated with the main account.
- Phone numbers are important for account recovery, but don’t use SMS for 2FA due to interception risks.
- "I like having a number associated with the account, but I don't actually ever use it for this purpose because this can be intercepted fairly easily." (02:40)
- Authenticator Apps:
- Recommended for secure verification; apps like Microsoft Authenticator, Google Authenticator, or Proton Pass can be used.
- Two options: sign-in notification or time-based one-time codes.
- "The most modern one is passkey... a modern replacement for a password that is phishing resistant." (03:56)
- Passkeys:
- Highlighted as the best current option – phishing resistant, more secure, and now portable via password managers.
2. Managing Other Online Accounts
- Password Managers:
- Use a cross-platform, third-party password (identity) manager, not those built-in with browsers or operating system vendors.
- "Ideally this would be a third party password manager, meaning not one that is associated with a platform maker... The bigger goal sort of is that it should be portable." (05:41)
- Paul personally uses Proton Pass, but 1Password, Bitwarden, and Dashlane are also recommended.
- Disable browser-native password saving features to avoid conflicts and possible leaks.
- "You don't want these two things fighting each other." (07:01)
- Password Cleanup:
- Delete all stored passwords from browsers after switching to a dedicated manager for better control.
3. Windows 11 Security Best Practices
- Sign-In Approach:
- Use a Microsoft account (personal, work, or school) instead of a local account for better integration, 2FA/MFA, recovery, and automatic settings backup.
- "Strongly feel that you should sign in with a Microsoft account or a Microsoft work or school account if that's what you have to do. And not a local account." (08:05)
- PIN & Multifactor Security:
- Set unique PINs for each device; leverage Windows Hello features (facial, fingerprint, PIN).
- "You're supposed to have a different code... for every computer or device that you use." (09:15)
- Disk Encryption:
- Automatic if using a Microsoft account; BitLocker keys are safely backed up to OneDrive.
- "The recovery key for this is backed up automatically to OneDrive. So you can get to it from any device." (10:08)
- Automatic if using a Microsoft account; BitLocker keys are safely backed up to OneDrive.
- Windows Security App:
- Regularly check for issues/alerts; enable security features that are off by default.
- Look for yellow exclamation marks and address as needed.
- "If we run this app, sometimes you'll see some of these things will have a yellow bang, like an exclamation point. That means something needs to be looked at." (11:06)
- Extra Security Measures:
- Enable ransomware protection and smart app control.
- Watch for upcoming admin protection features once released.
- "Controlled folder access... if you're saving [documents] in OneDrive, that's great. Smart app control... uses heuristics... to determine if an unknown app might or might not be malicious." (12:15)
- Windows Sandbox for App Testing:
- Use Windows Sandbox for safely testing unknown software in a disposable virtual environment.
- "A virtualized copy... So it spins up really quick... if it works that way, you can just install it on the computer." (15:17)
- Use Windows Sandbox for safely testing unknown software in a disposable virtual environment.
- Recovery & Backup:
- Familiarize yourself with Windows recovery features (reset, Quick Machine Recovery).
- "Quick Machine Recovery is a fairly new feature that's kind of a good one." (17:10)
- Always have a Windows install USB key handy.
4. Cloud Sync and Data Backup
- Syncing files to the cloud—OneDrive, Synology Drive, Google Drive, Dropbox—is critical for recoverability.
- "If I lose this computer tomorrow, I open another laptop, I can get right to everything." (18:40)
- Purpose: avoid single-point-of-failure with local files; ensures easy access and restoration.
Notable Quotes and Memorable Moments
- On setting up multifactor authentication:
- "You're going to use multiple things, right? You're not just going to have the email address and the password... The goal here is to have multiple ways that you can prove who you are." – Paul Thurrott (02:22)
- On browser password storage:
- "Delete all of the passwords you have... Don't have them in multiple places." – Paul Thurrott (07:45)
- On why use a Microsoft account:
- "These online accounts are protected with two fa, mfa... They can be recovered if they're hacked. They back up certain settings to the cloud automatically." (08:32)
- On cloud backup anxiety relief:
- "Just working through OneDrive or any cloud service right, will kind of help relieve that anxiety that could occur when something goes wrong with hardware, as it often does." (19:23)
- On what’s coming:
- "Next, at least two or three episodes, we're going to dive deeper on some of the stuff, starting with passkeys... We'll look at authenticator apps and we'll look at other aspects of security over time." (20:06)
Timestamps for Important Segments
- 00:00–04:51 — Microsoft Account Security checkup: authentication methods, recovery, passkeys.
- 05:23–08:05 — Password manager recommendations, avoiding browser-native storage, password cleanup.
- 08:05–14:00 — Windows 11 sign-in, backup, PIN, disk encryption, and built-in security checks.
- 14:00–17:10 — Advanced protections: Ransomware, Smart App Control, Sandbox.
- 17:10–19:23 — Device recovery, backup strategies, and cloud syncing essentials.
- 19:55–end — Looking ahead: Focus on passkeys and deeper dives in future episodes.
Tone & Style
Paul is practical, conversational, and gently firm with security best practices. He encourages listeners to be proactive ("now's the right time of year to look at this stuff again"), and though apologetic for this episode's high-level nature, promises deeper, hands-on coverage in coming weeks.
This summary covers all key advice and recommendations provided in the episode, making it actionable and useful for anyone updating their device security in 2026.