New security features for Microsoft accounts
Posted on 10 December 2013.
Microsoft has added three new security improvements to its customer accounts: account recovery codes, insight into recent account activity, and more control over security notifications.

The recovery code is meant to reassure users, especially those who have enabled two-step verification, that they are going to be able to access their account even if one or both authentication factors fail for any reason. Once the code is created, users can write it down and keep it in a safe place, to use in case of the aforementioned emergency.

The option to view recent account activity will help users to keep an eye on their own account use and change of security information, but most importantly will show whether someone else has (successfully or unsuccessfully) tried to gain access to the account, and has rooted around it:

"For each type of activity, we show you what kind of device and browser was used, and what location the request came from," explains Eric Doerr, Group Program Manager, Microsoft Account.

"If you see something suspicious, there’s an easy 'This wasn’t me' button that will help you take steps to protect your account."

Finally, security notifications can now also be received via SMS. Up to now, the notifications were only sent to the primary email address (users can't opt-out of this security feature). Many users are not checking their email accounts regularly, but usually have their mobile phones always with them and always on.


Implementing an effective risk management framework

How do we balance the benefit of the free flow of information with the risk of inappropriate access and/or disclosure? What are the consequences of not doing so?

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Mar 26th