For my Friends and Family: You have no excuse not to secure your Microsoft Accounts with Multi-Factor Authentication
I am always begging my close friends and family, many who are not all that technical, to follow basic tenants for securing their digital worlds. From changing their passwords on a regular basis (even having them schedule it to coincide with Daylight Savings Time/Standard Time conversions a la “smoke detector battery changes) to keeping their operating systems and anti-virus software up to date, I warn them that risks are not just for enterprises and governments. In fact, in the past six months, the following has happened to me:
- A good friend of my mother (a female) begins sending me Webcam spam from her Skype account.
- An old high school friend (another female) begin sending out large organ pics (male) to everyone on their Facebook friends list.
- My sister got hit with some serious ransomware. All of her pictures are encrypted with a $500 dollar ransom. She’s still running Windows XP.
Given that my primary accounts for personal use involve Microsoft services and accounts – and I work for Microsoft, I feel compelled to evangelize the fact that all of your Microsoft online accounts (Hotmail, Live, Outlook.com, Office365) can be protected via multi-factor authentication.
What is Multifactor Authentication? It is simply a method of authentication that involves at least two disparate factors for authentication. In most cases, single factor authentication involves a simple password for verification of identity. This is the oldest and one of the most archaic and insecure methods of verifying identity. When you enable multifactor authentication, even after submitting a correct password, additional steps are taken to verify you are who you say you are. You may have to do this when you sign on to a web site from an unknown or previous unknown location. In some cases, you may have to answer additional security questions (not the best additional factor but indeed and additional factor) or enter a text code sent to your mobile phone (much more secure secondary factor.)
In the case of Microsoft account, the following FAQ answers your questions about the options available
https://windows.microsoft.com/en-us/windows/two-step-verification-faq
If you want to enable multifactor authentication, you can do so under your account profile here:
https://account.live.com/proofs/Manage
If you are accessing Hotmail, Live, Outlook.com from Outlook 2010, 2013, 2016, you will need to set up app passwords (app-specific passwords) after you enable two-step/multifactor authentication
https://windows.microsoft.com/en-us/windows/app-passwords-two-step-verification
An excellent post on Channel 9 along the same lines:
https://channel9.msdn.com/posts/Multi-Factor-Account-Setup
The Authenticator App for Windows Phone gives you codes to use:
https://www.microsoft.com/en-US/store/apps/Authenticator/9WZDNCRFJ3RJ
This blog post walks you through the process:
If you are using an Android phone, the Microsoft Account app will also allow for verification through a one-touch app.
https://play.google.com/store/apps/details?id=com.microsoft.msa.authenticator
FAQ on additional identity apps verification
https://windows.microsoft.com/en-US/Windows/identity-verification-apps-faq