What are your most valuable online accounts and the ones most worth protecting? If you have a personal Microsoft account, it’s probably one of the accounts you’re most wary of. This allows you to use that account and its associated email address to sign in to one or more Windows PCs, and to create and store documents using Office apps in Microsoft 365 or Microsoft’s OneDrive cloud storage service. This is especially true if you do.
In this post, we will show you 7 steps you can take to safely lock your account from online attacks. The goal is to prevent unauthorized persons from stealing account credentials and using them to access personal information.
As always, we need to balance convenience and security, so we’ve divided the steps into three groups based on how strictly you want to lock down your Microsoft account.
Related article: 6 simple cybersecurity rules to follow
Here are some important notes. This article describes the free consumer Microsoft account used with Microsoft 365 Family and Personal editions and the personal OneDrive service. These accounts are typically associated with email addresses using the @outlook.com domain, but older accounts may also use @hotmail.com, @live.com, or @msn.com.Security settings for business and enterprise Microsoft 365 accounts; They use the OneDrive for Business cloud service and are managed by domain administrators through Azure Active Directory using a completely different set of tools.
How much security do I need?
Base line: The baseline level of security (steps 1-3) is perfectly acceptable for most casual users of Microsoft services, especially those who do not use their Microsoft email address as the primary factor for signing in to other sites. . These options can be very helpful if you’re helping a friend or relative who isn’t technically savvy and is intimidated by passwords.
The first step is to create a strong password for your Microsoft account that isn’t used on any other account. Next, enable two-step verification (Microsoft’s term for multi-factor authentication) to protect yourself from phishing and other forms of password theft. If you enable this feature, you will be required to provide additional proof of identity the first time you sign in to a new device or perform high-risk activities such as changing your password or adding a credit card to your account. . Additional verification typically consists of a code sent to a trusted device in an SMS text message or to a registered alternate account in an email message.
Finally, save a recovery code that allows you to access your account if you forget your password and cannot access other authentication methods.
Better: While these basic precautions are sufficient, taking the actions described in steps 4 and 5 can significantly increase your security.
SEE ALSO: User forgetfulness puts biometrics ahead of passwords
First, install the Microsoft Authenticator app on your smartphone ( iPhone and android device) and make it available as a sign-in and verification option. Next, add your secure email address as a backup element to verify your identity.
maximum: The last two steps provide the highest level of security. Add at least one physical hardware key with the Microsoft Authenticator app and remove SMS text messages as a backup verification factor. This configuration still allows you to use your mobile phone as an authentication factor, but it prevents would-be attackers from gaining access to your account by intercepting your text messages or hijacking your mobile phone account.
This configuration presents a major hurdle for even the most determined attacker. Although it does require an additional investment in hardware and the sign-in process is a little more involved, it is the most effective way to protect your Microsoft account.
Here’s how to lock down your Microsoft account
The best way to ensure you meet this requirement is to use the tools in your password manager to generate a completely new, random password or passphrase. (If you don’t have a password manager, try online options like: 1Password Strong Password Generator or Bitwarden password generator. )
Generating a new password prevents your account credentials from being shared with other accounts. It also ensures that a password breach does not include old passwords that you may have accidentally reused.
Also: The best password managers to save you the hassle of logging in
To change your password, visit the Microsoft account security basics page at: https://account.microsoft.com/security/. Sign in if necessary and click Change Password. (But don’t check the box that says you have to change your password every 72 days. That will certainly be frustrating, and it won’t make your account much safer.)
Follow the instructions to save your new password using a password manager. If you need a physical backup, feel free to write it down. However, keep your documents in a secure location, such as a locked file drawer or safe.