There are plenty of online services that use two-factor authentication to reduce the chances of someone hijacking your account after a data breach, but what about the operating system on your PC or phone? You'll get that safeguard if you use Windows 10, according to a Microsoft security brief. The new OS will optionally treat a device (including something nearby, like your phone) as one authentication factor when signing into a local or internet account, and a PIN code or biometric reader as the second. If hackers find your login data sitting on a server, they won't get to use it unless they also have your gear -- and in some cases, they may need a fake fingerprint as well.
Not that Microsoft is leaning solely on this to guard your digital goods. The new platform will store user access tokens in a secure "container" that can't be exposed, even if an intruder messes with the Windows kernel's code. It'll also keep your home and work data separate (like Android for Work or BlackBerry Balance), give you finer-grained control over virtual private networks and let companies prevent staff from installing anything but digitally signed apps. This doesn't mean that you can stop worrying about control of your info as soon as you install Windows 10, but it could reduce the chances of a full-fledged security disaster.