New security features added to Microsoft accounts

The following post is from Eric Doerr, Group Program Manager, Microsoft Account.


We’re excited to announce that over the next couple of days we’re rolling out a few new capabilities – based on your ongoing feedback – that give you more visibility and control of your Microsoft account.

Last April we announced the release of two-step verification to the more than 700 million people around the world who use a Microsoft account.

This is an important capability that allows any of our customers – whether they use a Windows PC or Windows Phone device, Outlook.com, SkyDrive, Xbox and more services – to add an additional layer of access control to their account. In the eight months since we released this feature, we’ve seen impressive adoption. Every day, thousands more users enable this extra protection for their account. We’re also delighted to see that customers who have turned on two-step verification are less likely to experience illegal activities with their accounts. If you have not yet activated two-step verification, we highly recommend you do.

The following is information on the new features coming to your Microsoft account.

Recent activity

Many of you have asked for more insight into recent sign-ins and other activity on your account. So we added a new view that allows you to see your sign-ins and other account activities.

We think about protecting accounts as a partnership between us and you – the more you help us (with accurate account info, and updated security info), the more we can help you keep your stuff safe. You know best what’s been happening with your account – so the more we give you tools to understand what’s happening, the better we can work together to protect your account. For example, a login from a new country might look suspicious to us, but you might know that you were simply on vacation or on a business trip.

Our goal with this new experience is to give you peace of mind when everything is going well, and give you actionable information if there’s questionable activity that concerns you. Here’s what the new view looks like:

Activity

As you can see from the example picture, this page displays different types of activity, including successful and unsuccessful sign-ins, the addition and deletion of security information and more. For each type of activity, we show you what kind of device and browser was used, and what location the request came from, including a handy map from our friends at Bing.

If you see something suspicious, there’s an easy “This wasn’t me” button that will help you take steps to protect your account. We can also use this information to help us fine tune our protection mechanisms. You can read more about the new recent activity page here.

Recovery codes

Some of you who have enabled two-step verification have shared that you worry what happens if you change or lose access to the security info provided as part of two-step verification (e.g., if you move, you might change both your phone and your email provider at the same time).

Because two-step verification setup requires two verified pieces of security information, like a phone number and email address, it will be a rare occasion when both options fail, but in the event they do, we’ve got you covered. We’ve added the ability to create a secure recovery code, which can be used to regain access to your account if you lose access to your other security information.

recovery code

Anybody can add a recovery code to their account (even if you don’t turn on two-step verification). Your recovery code is like a spare key to your house – so make sure you store it in a safe place. You can only request one recovery code at a time; requesting a new code cancels the old one.

More control of security notifications

We’ve also heard feedback that some of you would like to have more control over how you receive security notifications (e.g. unusual sign-in notifications). So we’ve added the ability for you to choose where we send notifications. Again, this is all about giving you greater visibility and control of your account so that we can work together to help keep your information safe.

Notifications

We hope you like the new additions. Keep the feedback coming – it really helps!

We also updated our guidance on the best things to do to help keep your account safe, found here. This is good common sense information, but worth a quick check to make sure you’re up to date.