When a user tries to sign into a website with support for Microsoft Account, the connection is first redirected to an
authentication server to prompt the user for a username and password. If the user can be authenticated, a time-limited
cookie is sent back to the
browser. This cookie includes a triple DES encrypted ID tag which allows to use services without entering the password again.