How to lock down your Microsoft account and keep it safe from outside attackers
How to lock down your Microsoft account and keep it safe from outside attackers
When we say the word “lockdown” most us start feeling a bit anxious. With the COVID lockdowns happening worldwide it’s the buzz word of the season. Similarly locking down our Microsoft account has its value just like the COVID lockdown. But without any of restrictions of movements, thankfully. Well not of the physical kind anyway.
In other words, our Microsoft Accounts are valuable and therefore we need lock them down for their own protection.
We may start off getting our Microsoft accounts for free which is great value. But they are even more valuable especially if you use that account for crucial email and cloud storage. So, we need to lockdown our Microsoft accounts to begin a foundational protocol in our security, to protect our account from intruders.
Let’s consider our most valuable online account. Does it deserve our protection?
Of course, firstly, we use our MS account to sign into a Windows PC and that account is connected to our email address. Secondly, when we start using our MS account for OneDrive storage and Office 365 documents, we start to realise their value.
We want to help you protect your valuable account from those nasty online attackers. So, we’re doing that by giving you 7 steps to lock that account down!! Keep in mind these steps are for consumer Microsoft accounts used with Home and Personal editions of Office 365, Microsoft 365, and OneDrive. Business and Enterprise Microsoft 365 accounts are managed by a completely differently set of tools. They are managed by domain administrators through Azure Active Directory.
Anyway, to make it a little easier to consider between convenience and security the 7 steps are in 3 groups. So, you get to decide between more convenience or more security.
As the title suggest this is a base level of security, perfect for ordinary PC users. A baseline lockdown. A good option for those who don’t use their Microsoft email address as a username for signing into other sites. Firstly, at minimum a strong password should be created, a unique one that’s not used by any other account.
Secondly, turn on two-step verification or multi-factor authentication as it’s also known, to protect yourself from phishing and other forms of password theft. It activates when you sign into a new device or performs a high- risk activity. This is usually set up as a unique code an sent by SMS text message to your mobile phone, email address or an alternative email address.
If you want a bit better security even though you know baseline is adequate there’s a couple of extra steps you can do.
Firstly, on your iPhone or Android device install the Microsoft Authenticator app setting it up as a sign-in and verification option. You can then remove the SMS text message option with Microsoft.
The benefit of using this “better security” is that a would-be attacker won’t be able to intercept text messages or spoof your phone number.
For that extreme lockdown security, add at least one physical hardware key along with the Microsoft Authenticator app and, optionally, remove email addresses as a backup verification factor. While not fool proof, it will build wall and place security dogs around the parameters. Putting off the even the most determined would-be attacker.
The downside is that it adds a bit of some friction to the sign-in process. It also adds an extra investment in hardware but it’s by far the most effective way to secure your Microsoft account.
Step 1: Create a New, Strong Password
You need to create a strong, unique password, something not guessable.
So how do you choose a strong password you ask?
Avoid patterns or repetitions of letters and numbers.
Avoid easy words
Avoid selecting passwords where the keys are next to each other.
Add a capital letter, symbols, and numbers in unexpected places.
Do not use personal information as a password, such as birthdates or names.
Afterall generating a new password ensures your account credentials are not shared with any other account. So, each of your online accounts has it’s own key. Secondly, we want to avoid reusing old passwords that could potentially be part of a breach.
Do you feel the urge to change your password? You can do it now!
Follow the instructions to save the new password using your password manager. If you like write it down but remember to store the piece of paper in a secure location. For example, a lockable filing cabinet or a safe.
Step 2: Print out a recovery code
The next step is to print out a recovery code. Say you forget your password and you’re unable to sign in, having this code will ensure you’re not locked out permanently.
To get your recovery code simply
Find the Advanced Security Options section on the Microsoft Account Security Basics page and click Get Started.
Either way it takes you to the not-so-basic Microsoft Account Security page.
2. Scroll to the bottom of the page and look for the Recovery Code section. Click Generate A New Code to display a dialog box like the one shown here
3. Click “Print” and file your recovery code in a lockable filing cabinet or safe.
Keep in mind, generating a new code means the old one is invalid.
Step 3: Turn on Two- Step Verification
Wait! Stay on the Microsoft Account Security page we haven’t finished just yet. We need to activate our Two-Step Verification. So, scroll up to the Two-Step Verification and make sure to turn this option on.
Once you turn on, the setup is easy. It just confirms you are able to receive verification messages. If you’re using a modern smartphone with an up-to-date version of iOS or Android, you can safely ignore the prompts to create an app password for the mail client on those phones.
Step 4: Add a secure email address as a form of Verification
The more layers of verification the more security protection you have. Therefore, even Microsoft suggest at minimum two forms of verification in addition to your strong password. In other words, if you need to reset your password, if Two-Step Verification is active, you need to complete these verifications processes to gain access to your account. If unsuccessful you can be permanently locked out. So, the information you give is important.
A Gmail account can be used if your security needs are minimal. But a verification code is better sent to a business email address that paid for account rather than free like Gmail.
For instance, it’s recommended to use a Microsoft Authenticator for use with your Microsoft account. Even if you use another authenticator for all other services. By using the Microsoft Authenticator any sign-in attempt that requires verification, sends a push notification to your smartphone. Approve the request, and you’re finished. Easy! Subsequently you can have a password- less sign-in as well as verification and that a bonus. Easier!
If you like to set up Microsoft Authenticator with a Microsoft account,
Most importantly before taking this step ensure you have at least two forms of verification.
Ideally, a secure email and the Microsoft Authenticator app. And ensure you have saved a recovery code for the account, just encase. Lastly, from the advanced Microsoft Account Security page, expand the Text A Code section. Click on Remove
Step 7: Use a Hardware Security Key for Authentication
The next step and most advanced step, needs an extra bit of hardware. That fulfills the need to insert a device into a USB port or make a connection via Bluetooth or NFC adds the highest level of security.
You will be required to enter the PIN for your hardware key, then touch to activate it. When complete, you’ve got a powerful way to sign into any service powered by your Microsoft account without having to fuss with passwords.
But for most people having this level of protection is just not needed. In saying that you may want to consider it if your OneDrive account includes documents such as tax returns and bank statements. You’ll definitely want to lock it down!!!
Hopefully, any anxiety about locking up you Microsoft account has now disappeared. And we’ve been able to the explain through our Step by Step process an easy way to lockdown your account to suit you. We need to remember our Microsoft are valuable and therefore we need lock them down for their own protection. Now go lockdown your account.