Since Windows 8, you can log in to your computer with a Microsoft account, which comes with plenty of user advantages. You can use your Microsoft account to create a backup of all of your important data, buy apps from the Windows Store, and keep all of your devices in sync. This is why you should make sure you’re the only one who can access your account. If you want to improve your account security, take a look at the tips below.
1. Set a Strong, Unique Password
Microsoft accounts aren’t necessarily new. Many old types of accounts have been rebranded as Microsoft accounts. Whether it’s an old Hotmail account, a Windows Live ID, .NET Passport, Zune, Xbox Live, or any other old type of account run by Microsoft, it’s now a Microsoft account.
Because of this, there’s a good chance many Windows users are logging in with old accounts. Some Windows users may be logging into their Windows 8 systems with Hotmail accounts they created back in 1999. The truth is, a lot has changed when it comes to password security and your old password might be an easy target for hackers.
So, you should consider modern password practices and set a strong password for your Microsoft account. Also, you should be using a unique password for your Microsoft account.
Don’t re-use passwords, as a password leak at one site will make your account’s password worthless. If you need help managing passwords, you may want to use a password manager.
You can modify your Microsoft account’s password and other security information by logging into the Microsoft account.
2. Don’t Share Your Password
You might get an email informing you that your Microsoft account has been compromised. While this may sound alarming, it might be a hacker posing as a Microsoft representative, trying to get access to your account.
Don’t reply to the email and don’t click any links. Instead, log in to your Microsoft account and if something is off regarding your account activity, sign out from all devices and change your password.
Keep in mind that Microsoft will not ask you about your account credentials. This way, you can protect yourself against phishing scams.
3. Enable Two-Step Verification
Microsoft allows you to enable two-step verification, also known as two-factor authentication, to help secure your account. When someone attempts to log in with your username and password, they’ll need an additional verification code.
For example, a code sent to you via an SMS message or generated via an app on your phone. To set this up, visit the Microsoft account dashboard and click the Security info tab.
From here, you can enable two-step verification and set up alternate ways Microsoft can contact you, such as phone numbers and alternate email addresses. You can use several methods for two-step authentication, such as an SMS message or an authenticator app.
If you have an iPhone or Android phone, you can even use the Google Authenticator app to generate verification codes for your Microsoft account.
This page also contains the other options you’d expect for managing two-factor authentication, such as per-app passwords for apps that don’t support two-factor authentications, recovery codes you can use to regain access to your account, and a list of trusted devices that don’t need verification codes.
4. Enter Recovery Information
From the same Security info page, you also have the ability to provide phone numbers and email addresses where Microsoft can reach you. Whether you want to use two-step verification, you should ensure that this information is correct.
If you ever lose your password and can’t log in, you’ll be able to regain access to your account, if you have access to a phone number or email address specified here.
For this reason, it’s important to enter your data correctly, so you can regain access to your account. It’s also important to make sure no one else can gain access to your account — ensure the information is up to date and remove any email addresses or phone numbers you no longer have access to from here.
5. Get a Recovery Code
If you get locked out of your Microsoft account, using a code might be faster than using the email that you’ve provided for recovery. Especially, if it’s an older email, and you have trouble remembering the password.
To keep this from happening, go to your account security settings and generate a recovery code. Make sure you don’t share it with anyone or store it in an unsafe place.
6. Have Security Notifications Delivered to Your Phone
Microsoft can send security notifications to your phone for important security events, such as when someone tries to gain access to your account. By default, these are emailed to your primary email address. However, you can also have them sent via SMS to your phone, so you can get them immediately.
To set this up, visit the Notifications > Security page on the Microsoft account dashboard site. If you don’t see a phone number you can use, you’ll have to enter it elsewhere on the dashboard first.
7. Monitor Recent Activity
The Sign-in activity page on your account dashboard lists where you’ve used your account, where you’ve logged in from, and other things that have happened. You’ll likely see that you’ve successfully logged in from your home location recently.
If you see that someone successfully logged in from elsewhere, or that there are attempts to log in with incorrect passwords from a foreign location, you may have a problem. You can inform Microsoft that a login attempt is not you via a link from this page.
Note that the times displayed here depend on the time zone you enter on your Personal info page.
8. Keep Your Microsoft Account Safe
Even if you don’t keep sensitive information on your computer, you should take the time and improve your Microsoft account security. Hopefully, these tips will help you do it. Also, make sure to regularly check if the information you’ve provided for account recovery is still accurate. This way, you can still access your account if something goes wrong.
If you want to improve your computer’s overall protection against hackers, there are some quick ways to do so.
At Trinity Worldwide Technologies, we offer cybersecurity training services which invites users to sit through various vignettes on security. This service uses short video tutorials and has a question and answer segment to test employee knowledge on the given topic. Our training is delivered via email, and tracked and reported so we can monitor employee participation. Give us a call at 732.780.8615 or email us at [email protected] if you would like more information on these services.
Razvan Mihaila, “5 Security Tips to Consider When Using a Microsoft Account”. makeuseof.com, Nov. 18, 2022