Microsoft Beefs Up Account Controls for Xbox, PC, and SkyDrive

Photo credit: cleanfotos/Shutterstock.com
Photo credit: cleanfotos/Shutterstock.com

Those who use a Windows PC or Windows Phone device, Outlook.com, SkyDrive, Xbox and other Microsoft services can make use of a new view that gives more insight into recent sign-ins and other activity on accounts. The software giant has also added recovery codes for two-factor authentication users and the ability for users to choose where the company sends security notifications.

The flagship upgrade is a recent-activity page that displays different types of actions, including successful and unsuccessful sign-ins, the addition and deletion of security information and more. For each type of activity, the page shows what kind of device and browser was used, and what location the request came from, including a Bing-enabled map. Users can click a handy “This wasn’t me” button if they see something suspicious.

“You know best what’s been happening with your account – so the more we give you tools to understand what’s happening, the better we can work together to protect your account,” explained Eric Doerr, group program manager for Microsoft Account, in a blog. “For example, a login from a new country might look suspicious to us, but you might know that you were simply on vacation or on a business trip.”

Microsoft has also enabled recovery codes for people that use two-step verification, so that if a user changes or loses access to the security info provided as part of two-step verification they can use a kind of “spare key” to unlock their account.

“Because two-step verification setup requires two verified pieces of security information, like a phone number and email address, it will be a rare occasion when both options fail, but in the event they do, we’ve got you covered,” Doerr said. “We’ve added the ability to create a secure recovery code, which can be used to regain access to your account if you lose access to your other security information.”

Users can only request one recovery code at a time; requesting a new code cancels the old one.

Meanwhile, adoption for the two-factor verification, he noted, has been “impressive.”

“In the eight months since we released this feature, we’ve seen impressive adoption,” Doerr said. “Every day, thousands more users enable this extra protection for their account. We’re also delighted to see that customers who have turned on two-step verification are less likely to experience illegal activities with their accounts. If you have not yet activated two-step verification, we highly recommend you do.”

What’s Hot on Infosecurity Magazine?