In Windows 8.1, some Windows Store apps will get extra privileges for sharing information and you'll be able to use biometrics to pay for Store apps (and more).
Since Windows Vista, Microsoft has been working on ways to protect your PC from the software you install on it. This is because the more secure Windows itself gets, the more hackers turn to attacking software such as Acrobat Reader and Flash as well as distributing malware.
"30-40% of binaries found on the internet are malware or have malware in them," Windows architect Chris Jackson claimed in his presentation at TechEd. As a result, commonly attacked software and browsers run at low integrity levels that limit their access to the system.
Windows 8 Store apps take that even further; each app runs in its own container, and when an app saves files into the document library, that app isn't actually writing those files itself. It hands them over to a 'run-time broker' on the system that has more privileges to do the writing. As Jackson put it, "we don't jailbreak your app - but we can find a friend to do things for you."
This model doesn't make it easy for two related apps to share information directly. So Windows 8.1 will add 'child' app containers with a new capability called Child Domain Access that enables relationships between apps.
That doesn't open up the sandbox completely, though. Jackson emphasised this is only intended for "a few very specific scenarios", and suggested that Microsoft Office and Adobe's apps for Windows 8 might use it to pass things between two apps.
Businesses may also get more options for side-loading apps without using the Windows Store, Jackson said, although nothing has been decided. "I know there is a focus on understanding the scenarios that are not yet met and building solutions for them, but whether those will mirror existing solutions or be completely different - that is still under planning right now."
They'll definitely be able to manage Windows 8.1 devices (and Windows RT devices) with the same Simple Certificate Enrolment Protocol (SCEP) used by Apple for mobile device management, though.
Microsoft also showed more details of how fingerprint security will work in Windows 8.1 and clarified earlier comments. A presenter speaking too fast had made the separate examples of a Surface or a keyboard coming with fingerprint login sound like a specific Surface keyboard product, Microsoft's senior product manager Chris Hallum told us.
And while an app can use fingerprints to encrypt files you ask it to handle, you can't just pick files in Explorer and use your fingerprint to encrypt those unless the Explorer team adds that feature specifically.
Hallum is hoping OEMs will use the new touch fingerprint sensors in PCs and tablets this year. Principle security program manager Nelly Porter explained the advantages. "We investigated every single biometric trait: face recognition, voice recognition, typing patterns, everything. You want to protect from intruders so the false acceptance rate must be low. You want to allow legitimate users to log in so the false rejection rates must be low. We realised that to make authentication work the only solid technology on the market today is fingerprints."
And the new touch readers are easier to use than picky swipe sensors where "you need to swipe your finger - not too fast, now too slow, not to the left, not to the right". With new devices such as the prototype she showed from Fingerprints Systems (other suppliers are coming and the sensors will shrink in size and be fitted into a tablet or keyboard), you press your finger on the sensor and Windows 8.1 automatically logs into your account.
When you want to buy something, you can use your fingerprint to authorise it - in the Windows Store or inside an app. And if a child is using their own account, you can use your fingerprint to authorise a purchase without them needing to log out.
Porter has other ideas for fingerprint protection. You could lock your banking apps or your more personal photos so they don't show up when you pass someone your tablet to show off your snaps. It could work on phones too. After all, Windows Phone uses the Windows kernel now and can run Windows hardware drivers, so encryption would be easy to add to the system (although Porter wouldn't comment on any phone plans).
Fingerprints aren't ideal for everyone - musicians, mechanical workers and others who don't have readable prints might struggle. But given how easily passwords can be cracked, phished and forgotten, if they work for you fingerprints are both more secure and more convenient.