Surely us HN readers have the knowledge to definitively state this as fact.

But having only one secure login helps keep things simple(r), Microsoft can help keep associated devices secure and bad guys out, 2FA gets easier, and there is an easy way out in case of forgotten passwords and the like. For most people I guess that's pretty convenient and helpful.

Besides, I don't think there's need for a term like computing-using public – let's talk about the general public. There won't be a lot of people in the general public who aren't either using a computing device like a phone or somehow affected by others using computing devices to store photos and phone numbers and the like.

The general public is in dire need of very secure systems that can be used with a minimum of specialist knowledge, attention and maintenance effort, strongly resist being used insecurely, and that still look good and are reasonably fun to use and still allow for activities like software development to happen. That's immensely difficult and I'm not aware of any good definitive solution to this.

This isn't just a question of being nice to grandma either, this is more about not leaving whole first-world economies vulnerable to highly sophisticated attacks with huge blast radii. We haven't seen much in the way of those, but who knows what we might have seen if platform security of the big targets hadn't kept up as well as it did?

This whole complex is something a lot of people deep in the tech bubble seem to not really get: There are millions of power users, true, but there are billions of people who just want to pay their bills in an app or play a game or message their friends. The latter cohort is not intrinsically motivated to become IT pros at all (more like scared of the complexity and very disinterested), and they're not getting paid to secure their home computer, so some buy anti-virus and that's it. People don't want insecure computers, but the learning curve, time and effort required, the extremely dry subject matter, the unclear benefits, the overall scariness, that just doesn't happen at scale. Humans are amazing at conserving energy, and this checks a lot of conserve-this-energy boxes.

iPhones are relatively hard to get into an insecure state; it's possibly, but the options to do so are limited and most aren't frictionless. I don't doubt most Windows home installs so far have been running with a passwordless admin account, with pretty much no restrictions on what to run and install, and many many footguns have been discharged as a consequence.

The saving grace, so far, has been that most of those billions who have started using privately-owned computers in earnest in the last decade or so have been using mobile platforms, which have been pretty well-secured from the get-go; but to keep their non-phone offers relevant to this huge market, Microsoft and Apple will have to pivot their general computing devices towards that audience a lot more. That involves making them much more secure by default and much more resilient security-wise to being configured and used "wrong". That may be bad news to professionals and enthusiasts, but so far Apple seems to keep macOS enthusiast-friendly enough by making dangerous choices scary and adding friction, and Microsoft still has other licenses than Home that I believe are more enthusiast/pro-friendly.

But seen in that light, requiring a Microsoft login makes a lot of sense, at least to me. Whether that's the main decision driver within MS, or the opportunity to gather even more data and engineer more stickiness and lock-in, I could only guess. They're surely not sad about another step towards a Microsoft Panopticon you can't get out of, but it's not like the security side is bogus, or not a big deal.