When we say the word “lockdown” most us start feeling a bit anxious. With the COVID lockdowns happening worldwide it’s the buzz word of the season. Similarly locking down our Microsoft account has its value just like the COVID lockdown. But without any of restrictions of movements, thankfully. Well not of the physical kind anyway.

In other words, our Microsoft Accounts are valuable and therefore we need lock them down for their own protection.

We may start off getting our Microsoft accounts for free which is great value. But they are even more valuable especially if you use that account for crucial email and cloud storage. So, we need to lockdown our Microsoft accounts to begin a foundational protocol in our security, to protect our account from intruders.

Let’s consider our most valuable online account. Does it deserve our protection?

Of course, firstly, we use our MS account to sign into a Windows PC and that account is connected to our email address. Secondly, when we start using our MS account for OneDrive storage and Office 365 documents, we start to realise their value.

We want to help you protect your valuable account from those nasty online attackers. So, we’re doing that by giving you 7 steps to lock that account down!! Keep in mind these steps are for consumer Microsoft accounts used with Home and Personal editions of Office 365, Microsoft 365, and OneDrive. Business and Enterprise Microsoft 365 accounts are managed by a completely differently set of tools. They are managed by domain administrators through Azure Active Directory.

Anyway, to make it a little easier to consider between convenience and security the 7 steps are in 3 groups. So, you get to decide between more convenience or more security.

BASELINE Security

As the title suggest this is a base level of security, perfect for ordinary PC users. A baseline lockdown. A good option for those who don’t use their Microsoft email address as a username for signing into other sites.  Firstly, at minimum a strong password should be created, a unique one that’s not used by any other account.

Secondly, turn on two-step verification or multi-factor authentication as it’s also known, to protect yourself from phishing and other forms of password theft. It activates when you sign into a new device or performs a high- risk activity. This is usually set up as a unique code an sent by SMS text message to your mobile phone, email address or an alternative email address.

BETTER Security

If you want a bit better security even though you know baseline is adequate there’s a couple of extra steps you can do.

Firstly, on your iPhone or Android device install the Microsoft Authenticator app setting it up as a sign-in and verification option. You can then remove the SMS text message option with Microsoft.

The benefit of using this “better security” is that a would-be attacker won’t be able to intercept text messages or spoof your phone number.

MAXIMUM Security

For that extreme lockdown security, add at least one physical hardware key along with the Microsoft Authenticator app and, optionally, remove email addresses as a backup verification factor. While not fool proof, it will build wall and place security dogs around the parameters. Putting off the even the most determined would-be attacker.

The downside is that it adds a bit of some friction to the sign-in process. It also adds an extra investment in hardware but it’s by far the most effective way to secure your Microsoft account.

Step 1: Create a New, Strong Password

You need to create a strong, unique password, something not guessable.

So how do you choose a strong password you ask?

  • Avoid patterns or repetitions of letters and numbers.
  • Avoid easy words
  • Avoid selecting passwords where the keys are next to each other.
  • Add a capital letter, symbols, and numbers in unexpected places.
  • Do not use personal information as a password, such as birthdates or names. 

However, the surest way to nail a strong password is to use your password manager’s tools to generate a brand-new password. If you don’t have a password manager and would like to. You can try using 1Password Strong Password Generator or LastPass Password Generator Tool.

Afterall generating a new password ensures your account credentials are not shared with any other account. So, each of your online accounts has it’s own key. Secondly, we want to avoid reusing old passwords that could potentially be part of a breach.

Do you feel the urge to change your password? You can do it now!

Just go to the Microsoft Account Security Basics page at https://account.microsoft.com/security/. Sign in, if necessary, then click Change Password

Follow the instructions to save the new password using your password manager. If you like write it down but remember to store the piece of paper in a secure location. For example, a lockable filing cabinet or a safe.

Step 2: Print out a recovery code

The next step is to print out a recovery code. Say you forget your password and you’re unable to sign in, having this code will ensure you’re not locked out permanently.

To get your recovery code simply

  1. Find the Advanced Security Options section on the Microsoft Account Security Basics page and click Get Started.

Or you can bookmark this address https://account.live.com/proofs/Manage/additional

Either way it takes you to the not-so-basic Microsoft Account Security page.

2. Scroll to the bottom of the page and look for the Recovery Code section. Click Generate A New Code to display a dialog box like the one shown here

if you lose access to your account, you’ll need your recovery code. Print out a recovery code and store it in a safe place

3. Click “Print” and file your recovery code in a lockable filing cabinet or safe.

Keep in mind, generating a new code means the old one is invalid.

Step 3: Turn on Two- Step Verification

Wait! Stay on the Microsoft Account Security page we haven’t finished just yet. We need to activate our Two-Step Verification. So, scroll up to the Two-Step Verification and make sure to turn this option on.

Once you turn on, the setup is easy. It just confirms you are able to receive verification messages. If you’re using a modern smartphone with an up-to-date version of iOS or Android, you can safely ignore the prompts to create an app password for the mail client on those phones.

Step 4: Add a secure email address as a form of Verification

The more layers of verification the more security protection you have. Therefore, even Microsoft suggest at minimum two forms of verification in addition to your strong password. In other words, if you need to reset your password, if Two-Step Verification is active, you need to complete these verifications processes to gain access to your account. If unsuccessful you can be permanently locked out.  So, the information you give is important.

A Gmail account can be used if your security needs are minimal. But a verification code is better sent to a business email address that paid for account rather than free like Gmail.

  1. Go to the advanced Microsoft Account Security page and click Add A New Way To Sign In Or Verify.
  2. Choose the Email A Code option, enter your email address, and then enter the code you receive to confirm that verification option.
Use this dialog box to add secure verification options to your account.

Step 5: Set up the Microsoft Authenticator app

In popular demand, are smartphone apps that can generate a One-time Password Algorithm (TOTP) codes for multi-factor authentication. These are ideal form of security for any service that supports them.  For more information click on “Protect yourself: How to choose the right two-factor authenticator app.”

For instance, it’s recommended to use a Microsoft Authenticator for use with your Microsoft account. Even if you use another authenticator for all other services. By using the Microsoft Authenticator any sign-in attempt that requires verification, sends a push notification to your smartphone. Approve the request, and you’re finished. Easy! Subsequently you can have a password- less sign-in as well as verification and that a bonus. Easier!

If you like to set up Microsoft Authenticator with a Microsoft account,

  1. go to the advanced Microsoft Account Security page and
  2. click Add A New Way to Sign in Or Verify.
  3. Choose the Use an App option and then, after installing the Microsoft Authenticator app,
  4. sign in using your account credentials.

Step 6: Remove SMS Text Messages as a form of verification

Certainly, by now you have ample ways to authenticate yourself and verify your ID.  In other words, it’s time to remove the SMS text messages.

Afterall the SMS text messages are known as the weakest link from security perspective. And the reality is that a hacker can hijack your mobile account. It happened to Matthew Miller a few years ago a ZDNet employee. It’s a real nightmare to deal with. For more details and security advice –   “Protect your online identity now: Fight hackers with these 5 security safeguards.”

Most importantly before taking this step ensure you have at least two forms of verification.

Ideally, a secure email and the Microsoft Authenticator app.  And ensure you have saved a recovery code for the account, just encase. Lastly, from the advanced Microsoft Account Security page, expand the Text A Code section. Click on Remove

Step 7: Use a Hardware Security Key for Authentication

The next step and most advanced step, needs an extra bit of hardware. That fulfills the need to insert a device into a USB port or make a connection via Bluetooth or NFC adds the highest level of security.

For more information on how this works see “YubiKey hands-on: Hardware-based 2FA is more secure, but watch out for these gotchas.”

To configure a hardware key, go to the advanced Microsoft Account Security page and click Add A New Way To Sign In Or Verify. Choose the Use A Security Key option and then follow the prompts.

You will be required to enter the PIN for your hardware key, then touch to activate it. When complete, you’ve got a powerful way to sign into any service powered by your Microsoft account without having to fuss with passwords.


Using a hardware key, sign in, with just a PIN. 

But for most people having this level of protection is just not needed. In saying that you may want to consider it if your OneDrive account includes documents such as tax returns and bank statements. You’ll definitely want to lock it down!!!

Hopefully, any anxiety about locking up you Microsoft account has now disappeared. And we’ve been able to the explain through our Step by Step process an easy way to lockdown your account to suit you. We need to remember our Microsoft are valuable and therefore we need lock them down for their own protection. Now go lockdown your account.