B (4:51)

Big tax changes this year could mean a bigger refund. And Jackson Hewitt knows how to get you your biggest. You'll get $100 just to try us. That won't make you filthy rich, but definitely gas plus groceries. Rich. And since we know all the new tax codes, you could get thousands back which would make you low key loaded or at wealthy adjacent. Go with our trusted Pros and get $100 to switch. Rest easy. Jackson Hewitt's got your taxes guaranteed limited time offer for new clients. Participate in locations only. Details@jacksonhuett.com all right, so for other online.

A (5:23)

Accounts, meaning non Microsoft accounts, the goal is similar. But the overreaching advice, rather than the specifics of how you might secure each account is to use a single password manager, which is really an identity manager because it's not just about passwords. It will also manage passkeys and other things. You know, you could have your passport, your id, you know, whatever forms of documentation, whatever you want, you can store in these things. But in this case we'll just think of it as a password manager. Ideally this would be a third party password manager, meaning not one that is associated with a platform maker like Microsoft, Google or Apple, not one that's included inside of a web browser. But if you are going to use one of those things, the bigger goal sort of is that it should be portable. This meaning it should be available everywhere you are. So you have a phone, you have a computer, you might have a tablet, iPad or whatever. You want to be able to access that thing everywhere because it's going to do autofill on mobile and it's also going to do autofill on the web on a computer, whether it's Windows, Mac, Linux, whatever. I use Proton Pass, but 1Password bit, Warden, Dashlane, Proton Pass, etc. These are all, these are all good, third party's best. But you know, Chrome obviously is everywhere, edges everywhere. If you're an Apple guy, you might use Apple passwords. I don't recommend that here because you know, we're talking about Windows here and that's not really a seamless experience. So it's better to have something that just works everywhere. And of course third party password managers have additional features, etc. So in this case I guess I'll bring up Microsoft Edge. So what I've done here, actually I've disabled it because I've got all this different stuff going on here. But I'll go into Settings here and enable. Actually I want to go into extensions and enable this. So I use Proton Pass like I said. So I'll enable that. It's up here in the taskbar or the toolbar. When this is enabled, this is what will autofill passwords and passkeys and other things. Right? And so that's very useful. But the other thing you actually have to do is go into passwords in autofill or whatever the equivalent is in whatever browser it is you're using and turn off the native password features in the browser because you don't want these two things fighting each other. Right. So in this case you can see I've actually turned this off. So Microsoft Password Manager is disabled, leave it disabled and all the options related to it are disabled. Right. And so that will just hand off everything that I'm going to do to that other password manager in my case, Proton Pass. But whichever one. But the important part is to disable this. The other thing you have to do is, and this is, I did not do with Microsoft is delete all of the passwords you have. You can see I still have some in here. I didn't do this on purpose. I do a lot of testing of different things. So I have to actually have multiple versions of this. So this is not a full copy of my passwords, but I do have some here. There's to get rid of those things. So don't have them in multiple places. Okay. So Windows 11, we talked about this a lot. Strongly feel that you should sign in with a Microsoft account or a Microsoft work or school account if that's what you have to do. And not a local account. These online accounts are protected with two fa, mfa, whatever two step authentication. They can be recovered if they're hacked. They back up certain settings to the cloud automatically. They're protected by Windows. Hello. So anytime you sign into Windows with a password based account or an account with a password, you have to set up a pin. That's another small level of security. You're supposed to have a different code. It could be a 4 or 6, whatever alpha numeric code for every computer or device that you use. I suspect most people do not do that, but you should. And then you can use the facial recognition or fingerprint recognition. Right. When you sign in with a Microsoft account or a Microsoft work or school account, the disk is automatically encrypted. I'm actually in here already and I think I can show that pretty quickly. You can see it's just encrypted, it's automatic. The recovery key for this is backed up automatically to OneDrive. So you can get to it from any device. That's good. And then you get this passkey based, it's single sign on capability. I think of it as authentication pass through for apps and services you run in Windows. So when I run OneDrive or run Edge, the Microsoft Store, and so on. Whatever I've signed in with passes through to those apps automatically. If you are going to use a local account, we talked about this. We did an episode sometime in the past year. But just take the steps to secure this computer. Set up a password, then set up a pin, then set up other forms of Windows. Hello, Go and encrypt the disk. You'll have to back up that recovery key yourself. You'll need to add your Microsoft account in Settings or manually sign into apps and so forth. But I think for most people, it's easier just to. Just to sign up with a Microsoft account. I think this is the safest approach for most people. You need to look at the Windows security app from time to time. That's this thing here. In my case, it's looking good. There's a little green checkbox. Everything's fine. But if we run this app, sometimes you'll see some of these things will have a yellow bang, like an exclamation point. That means something needs to be looked at. Some security feature isn't enabled. Microsoft doesn't enable all security features in Windows by default because of privacy concerns. I don't see any actual privacy concerns here, but if there's any data being exchanged here in the context of a security feature, it's anonymized, et cetera. So whatever that might be, I would go with like app and browser control. One of these might be off, turn it on, you know, that kind of thing. A couple of things you should look at, and I think we discussed some of these fairly recently. Ransomware protection. You can turn on controlled folder access if you're using OneDrive. You get this automatically for your documents. If you're saving them there, that's great. Smart app control is actually changing this year, but the way that this works is you get a new computer, it's in evaluation mode. Generally speaking, in my experience, it's just turned off over time, in which case you could never turn it back on. You could just come in here and turn it on. And what this basically does is uses heuristics. They would probably call it AI today to determine if an unknown app might or might not be malicious, and if it is, it will try to block it. I have seen recently, however, this is actually starting to turn on for me on certain PCs. So that's interesting. And Microsoft announced they're going to let you toggle this thing on and off at any time. So that's fantastic. It'll be easier to use. And that's good. We also talked about a feature called Admin Protection or Administrative protection. And if you go in here, you can see it's not here. I believe this has actually been delayed. They've been testing it through the Insider program. It was supposed to ship in 25H2. It will be disabled by default whenever it does ship if you don't have it yet. It's an aggressive feature and it's actually kind of hard to use, so we'll see what happens here. But basically, when it comes to securing your computer in Windows 11 case anyway, it's mostly just about common sense, right? If you want to be super careful about things. There is a feature in Windows called Windows Sandbox. You'll find it here in this turn Windows feature on or off Control Panel. This is a virtualized copy of this version of the operating system. So it's actually sort of a mini copy of what you're running here. So it spins up really quick. You can install an app in it, make sure it's what you want, make sure it's not doing anything screwy, and if it works that way, you can just install it on the computer. I don't have Sandbox installed here. I just showed you how to get it. But the. The point of this is when you close this thing, it disappears. So whatever you did in there is gone forever. The other thing it helps to just pay a little bit attention to is the recovery features in Windows 11. So technically you can get to this from two different places, but it's really in System and then recovery. Here you can go through Windows Update advanced options. Down here you'll see recovery again, but it just goes to System Recovery, right? We've talked about a bunch of this stuff over time. Quick Machine Recovery is a fairly new feature that's kind of a good one. But if you're having problems with your PC, there's. You can get into the Windows Recovery environment, you can reset the computer if you want to blow the whole thing away. Quick Machine Recovery and also fix problems with Windows Updates are really neat ways to bring back a computer that might not be working as well as you want. And sure, I've given this advice too, but it helps to have Windows 11 install Meteor on hand. You can always download it from the web, but if something's going wrong and you want to get going again, it's nice if you can just plug that thing and go. So that stuff is on the disk. But if you can't get to it, it's helpful to have a USB key that can do that. And then the other thing is just to sync everything to the cloud. That doesn't actually have to mean OneDrive, although Microsoft would like it to mean OneDrive. I am on this computer actually using OneDrive, but I usually use Synology Drive. I've used Google Drive, obviously Dropbox and there are other solutions, but the idea here is that you don't have files all over your computer. So that if you can't get in for some reason, maybe the computer was stolen or something's wrong with it, you don't have files sitting on only that disk. So in my case, I have my own little folder structure here, but if you go into here, you can see where I have all my stuff. So the things that are over here in the navigation bar on the left are basically in this folder here. And so these things are synced to the cloud. If I lose this computer tomorrow, I open another laptop, I can get right to everything. And so just working through OneDrive or any cloud service. Right, will kind of help relieve that anxiety that could occur when something goes wrong with hardware, as it often does. Okay, so this was a high level overview that was by design. Sorry there wasn't a lot of hands on there. But next, at least two or three episodes, we're going to dive deeper on some of the stuff, starting with passkeys, which I think will be about two episodes long. We'll look at authenticator apps and we'll look at other aspects of security over time. But this is the right time of year, I think, to look at this stuff again. So hopefully, hopefully you found this useful and we'll have a new episode of Hands on Windows every Thursday. You can find out more@TWIT TV. HNW. Thank you so much for watching. Thank you especially to our Club Twit members. We do love you. If you're not a member, please consider it and you can find out more about that at TWIT TV Club twit. Thanks. I'll see you next week.