If you use Outlook.com (formerly Hotmail) for email, it’s vital that you secure it properly. After all, your email is a gateway to nearly everything you do online.
But there’s another reason that your Outlook account is so important. Windows allows you to sign into your PC with a Microsoft account. If you use this feature and someone steals your account password, both your computer and email will be at risk.
Don’t let that happen! We’ll share some great security tips to lock down your Microsoft Outlook account.
1. Set a Strong Password for Outlook
The first tip is one of the most important: make sure your account password is strong. Using a weak password, such as one that’s short, obvious, or something you use on other sites, is a bad idea.
If you haven’t updated your password in a while, it’s a good idea to change it now. Head to login.live.com and sign in if you aren’t already. Next, click your profile picture at the top-right corner of the page and choose My Microsoft account to access your account settings.
On the resulting page, click the Change password link at the top of your list, to the right of your name. If you don’t see it, click Security at the top of the screen, followed by Change my password.
Here, confirm your current password, then enter a new one twice. If you like, you can also check the Make me change my password every 72 days box. This isn’t necessary if you use a strong password (we recommend you start using a password manager if you’re not already), but it’s not a bad idea to keep it fresh either.
2. Enable Two-Factor Authentication
In addition to your password, 2FA requires something you have (usually a code from an app or text message) to log in. With this enabled, your password alone isn’t enough to log into your Microsoft account. That protects you in case your password leaks or is stolen.
To get started with 2FA on your Microsoft account, visit your Microsoft account page and select the Security tab along the top of the page. On the resulting Security basics screen, click Get started in the Advanced security options box.
Scroll down to the Additional security section and you’ll see a Two-step verification item. Click Turn on under this to get started with the process; it will walk you through getting codes via a text message, authenticator app, or other means.
We recommend using an authentication app, particularly Authy, for the best mix of security and convenience. Microsoft also offers passwordless logins, if that sounds appealing.
This might sound obvious, but it’s worth mentioning. Sharing email accounts is an easy way to open yourself up to account breaches. Every additional person who uses your email account is another attack surface that could fall for a phishing scheme, disable important account security settings, or make other mistakes.
4. Use an Alternate Method to Log Into Windows
If you use a Microsoft account to sign into Windows, then your Outlook email password is the same as your PC login password. While this seems convenient, it poses a risk in two ways.
First, the more secure your password is, the less convenient it is to type it out. Thus, you might be tempted to shorten your email password to make signing into your PC faster. Second, if someone stole your PC password through a keylogger or some other method, they’d also have your email password.
A good solution to both of these issues is using an alternate method of locking your PC. Through Windows Hello, Windows offers various login options. These include a PIN and picture lock on all machines, as well as fingerprint and face locks on compatible devices.
To enable an alternate method on Windows 10, visit Settings > Accounts > Sign-in options. Take a look at what’s available, then click Add under the method you want to enable.
A Windows PIN provides a good balance of protection and ease. Since a PIN is local to your device, someone who stole it can’t log in to your Outlook email.
5. Review Account Activity Regularly
Like most online accounts, you can review the history on your Outlook account whenever you like. This lets you confirm that the only activity taking place is your own.
To check it, visit your Microsoft account and click Security along the top again. This time, select View my activity under Sign-in activity. Here, take a look through your recent sign-ins, and see if anything looks fishy.
You can expand each entry to see what platform and browser it was from, along with whether the sign-in was a success or not. If something doesn’t look right, click the field to let Microsoft know and take steps to resolve the matter.
6. Check Trusted Devices Registered to Your Account
You can sign into your Microsoft account on all kinds of devices. Thus, it’s smart to occasionally review where you’re currently logged in. This lets you check to confirm that sure your account isn’t tied to any old phones or PCs.
You can view devices associated with your account by clicking All devices under the Devices box on your main Microsoft account page. Have a look to make sure that every PC, phone, Xbox, and more are yours. Choose Remove device if you don’t recognize one, or no longer use it.
In addition, if you’ve ever had 2FA enabled for your account, it’s worth clearing out your list of app passwords. On your account page, head back to Security and choose Get started under Advanced security options.
Under App passwords, click Remove existing app passwords and then Remove. This will sign you out of any older devices that don’t support 2FA, like the Xbox 360 or mail apps on older phones.
Finally, if you want to cut off account access everywhere, select Sign me out under the heading of the same name. This will sign you out of your Microsoft account on every device except for Xbox consoles.
This might all sound a bit overkill, but reducing the potential attack surface for your account is wise. The more platforms and devices you’re signed in on, the more places your account could be attacked.
Email phishing attempts to steal sensitive information from you by masquerading as a legitimate entity. If you’re not careful, this could lead you to hand over your Outlook account credentials by mistake.
The best way to stay safe is by never clicking links in emails. If you think something requires your attention, always visit the website directly. Don’t trust messages claiming that you need to verify your Outlook password to upgrade your mailbox size, as they’re all bogus.
Microsoft (and other legitimate companies) will never ask you for your password through email. Beware of SMS texts that claim your account will be deleted if you don’t act soon; they’re all trying to get you to give up your password.
8. Keep Your Account Recovery Information Current
If something bad happens, the quickest way to get back into your Outlook account is by using a recovery email address or phone number. If you don’t add these to your account before you get locked out, you’re going to have a much harder time unlocking it. You can add a new recovery address or check your existing ones by again visiting your Microsoft account.
To add another email address for security purposes, click the Security tab, followed by Get started under Advanced security options. You’ll see the list of your current security options; click one to see info about it, including whether it gets account alerts. Be sure to hit Remove on any you no longer use.
Then choose Add a new way to sign in or verify at the bottom of the list to set up a new recovery method. We recommend you have at least two alternate ways for Microsoft to contact you. This makes it much easier to get back in if you forget your password or your account is breached.
If you don’t have a backup email address, it’s worth creating a secondary account with another free email provider so you have this recovery option.
9. Password Protect Your PST File
We’ve focused on Outlook.com mail for the above advice, but if you use Outlook’s desktop version on your PC, there’s a special tip for you. As you might know, the desktop version of Outlook stores your email in a PST file. You can add a password to these files for a bit of extra protection if you like.
Microsoft advises that PST passwords don’t provide adequate protection against malicious attacks; they are “to help prevent unintentional intrusion by other people who share your computer.” Thus, a strong password on your PC account is the best line of defense for your local email. Also, this doesn’t work for Microsoft Exchange accounts (like those used with corporate email).
To password-protect a PST, open Outlook on the desktop and choose File > Account Settings > Account Settings. Switch to the Data Files tab and click the PST you want to protect (there may only be one). Hit the Settings button above, then click Change password. Add a password of 15 characters max, then click OK to set it.
10. Use Alias Accounts to Cover Your Real Address
Adding an alias to your email account lets you give out a different email address that still delivers mail to your main inbox. You can use these to easily identify which sources send spam to your inbox. From a security standpoint, they also obfuscate your real address.
To add an alias to your account, click Your Info at the top of the screen, then choose Edit account info in the Account info section. Here, choose Add email or Add phone number, or Remove any as needed.
When adding a new email alias, you can click Create a new email address and add it as an alias, which will make a new @outlook.com address. Or you can add an existing email address (from any provider) to your account instead.
Either way, you can use that address to sign into your Microsoft account. They all share a password, and you can send and receive email from any of them. Plus, if you click the Change sign-in preferences on the aliases page, you can prevent an alias from signing into your Microsoft account.
This lets you create an alias that can receive email, then prevent anyone from using that address to break into your account. So if you never give out your primary address, it has an additional level of obscurity.
Microsoft lets you add up to 10 aliases every calendar year. In addition, you can have no more than 10 aliases on your account at one time.
Protect Your Outlook and Microsoft Accounts
These tips will help you keep a tight handle on your Outlook account, which is doubly important if you use that account to sign into Windows 10. Using the tools Microsoft has provided is vital to keeping attackers out. With a bit of common sense and a strong password, you’ll have an ironclad Outlook account in no time.
Stegner, Ben. “10 Tricks to Keep Your Outlook Email and Microsoft Acounts Secure” makeuseof.com
Get advanced email protection from infected attachments, suspicious links, phishing attempts, and email-based malware. Our newest service will harden your email system and put your organization in the best position to prevent potential threats. For more information contact us at [email protected] or give us a call at 732.780.8615.