Microsoft had stated that they are "focused on engineering improvements that will further strengthen security," and evidence has begun to take root with a collection of new security features that will be added to existing and new Microsoft accounts. The new features will be rolling out over the next few days and include a new Recent Activity tab, Recovery Codes, and increased security notifications.
The new Recent Activity tab can be found under your Microsoft Account settings. The new section will show you every instance of your recent activity regarding your accounts. Your Microsoft account crosses a variety of spectrums including your Windows PC, Windows Phone, Outlook.com, SkyDrive, Xbox, and more. When a user signs into your account information will be logged, including the IP address of the sign in, the user's device platform, the user's web browser, and an approximation of their location.
If you notice a sign in that wasn't you, you can now press the "This wasn't me" button, which will be used to increase your account's security.
New recovery codes are also available for users who already have (or are thinking about) enabling two-step verification on their account. Two-step verification uses two barriers to protect your account from unwanted logins; they usually include a password and a generated code from an authentication app. The new recovery codes will allow users to save a code as a "spare key" in a situation where their app may not get single or be available.
Lastly, Microsoft will be adding new security notification options to your account in which you can choose to receive an alert when someone "attempts to take over your account". Users can now add their phone numbers and alternative email address as a point of contact.
Many of the new additions to security have come from Microsoft listening to user feedback, so as they are saying, "keep the feedback coming - it really helps!".
Will you be taking advantage of any of the new security features for your account?
Source: Microsoft
Reader comments
Microsoft introduces new security features for user accounts
I use two-factor authentication on all my accounts. This is a nice addition to securing your account.
Two step auth adds a few seconds to the log in process but it's totally worth it.
Agreed.
What dosto said.
It'd be nice if they would allow finer control over application passwords, like Google does. If I deactivate a device, my only option is to remove all application passwords, meaning I have to re-generate them for all devices that still need them.
This. It's quite possibly the stupidest thing I've seen in years. I mean, I like how they keep adding more features, but how do you roll out something so user-unfriendly and then not get back to finishing that feature so it doesn't suck? I swear everyone at Microsoft must be poster children for ADD. Removing one device from my account means (currently) regenerating 5 app passwords and reconfiguring those devices. :(
Using two step login already so these are welcomed additions
Really want to add two-step authentication but afraid it will break something. Did the transition go fine for everyone else?
Just remember to generate and save app password to use with Windows Phone and Xbox 360, and you're good.
I've only had to use an app password twice. A lot of services and devices support two step.
Been using for a long time, love the new options
Microsoft accounts are all over the place. Now you cannot remove a single trusted device, you have to remove them all. That is a pain.
Try and find your bitlocker recovery key, that is not stored in an easy to find location. Microsoft accounts need an overhaul from top to bottom.
I stored my BitLocker key in a doc in my SkyDrive, so it's on my phone in an emergency.
It would be nice if bitlocker keys were stored in the accounts page. I will have to save the link and try and find them again. I will store them in sky wallet.
Not secure!
Why? Everything I have is locked by at least 3 passwords and encrypted. There's paranoia and security, and I opt for the latter.
It is easy. https://skydrive.live.com/recoverykey
Only easy if you know the url, no link to those keys from accounts page or or any other page. Or SkyDrive page.
The PGP addon should be implemented universally whenever an account is created along with PFS If MS wants to create a spy free zone it's the only way
I wonder if this will help keep that terrorist we call Big Brother from snooping?
When has more security ever been a bad thing?
More security huh. I got an email from MS stating that I had cancelled my Xbox Live. I renewed it back in Feb so what the hell is going on???
Was it really from MS?
done i just added two step authentication to my account =)
Sorry, Microsoft, this is bogus. While two-factor-authentication surely raises the bar for attacks by individuals, the real threat to personal data is the government.
Micrsosoft made sure that the NSA hat access to all Outlook.com-data before any encryption took place:
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
It's a matter of trust, and I do not trust Microsoft.
They are by no means better that Google or any other company.
The email looks official and now on the phone to them. They confirmed that it was cancelled yesterday. Crazy renewed back in March