Microsoft's Expanded Account Security Options Keep Users in the Know

Following the introduction of two-factor authentication, Microsoft now offers its Web and cloud-services account holders more security management options.


Microsoft accounts will be tougher to hack, courtesy of new security features that the software giant is currently rolling out.

On Dec. 9, Eric Doerr, group program manager of Microsoft Account, announced the arrival of new capabilities "that give you more visibility and control of your Microsoft account." The move follows the earlier "release of two-step verification to the more than 700 million people around the world who use a Microsoft account," he said in a statement.

Two-step verification systems strengthen password access systems with a secondary means of authentication, typically provided by an authenticator app or Short Message Service (SMS) communication, for example. Since hackers are unlikely to be in possession of both an account holder's password and smartphone, log-in attempts fail.

According to Doerr, many Microsoft account holders have embraced the security-enhancing feature. "In the eight months since we released this feature, we've seen impressive adoption," reported Doerr. And the numbers are growing. "Every day, thousands more users enable this extra protection for their account," he added.

Now Microsoft is offering new ways to keep an eye on user accounts, which can be used to access a wide variety of online services, including, Xbox Live and SkyDrive.

A new Recent Activity view allows users to monitor their own accounts by providing a list of sign-ins and other account-related activities, complete with location information. "You know best what's been happening with your account—so the more we give you tools to understand what's happening, the better we can work together to protect your account," said Doerr. Recent Activity also displays what type of device accessed (or attempted to access) an account and shows its whereabouts at the time on a Bing map.

If suspicious activity is spotted, users can click the "This wasn't me" button to initiate steps to protect their accounts and help Microsoft tune its security mechanisms.

Should circumstances prevent legitimate users from logging into their accounts, new recovery code capabilities make it easier to gain access. Recovery codes act as "a spare key to your house," said Doerr, before warning users to "store it in a safe place." Only one recovery code can remain active at a given time. A new request for a code invalidates the previous one.

Finally, Microsoft has enabled more security notification options. Users can now opt to send security notifications to select email addresses and/or phones. "Again, this is all about giving you greater visibility and control of your account so that we can work together to help keep your information safe," stated Doerr.

Microsoft joins other major cloud services providers in helping its users combat account hijacking. Google first added two-factor authentication for paid Google Apps accounts in 2010 and has since made the feature available to all users. Cloud-storage provider Dropbox added two-step authentication in the wake of some high-profile security breaches last year.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...