Windows 10 tip: Keep your Microsoft account secure with 2-factor authentication

Signing in to Windows 10 with a Microsoft account is convenient, unless your password is stolen or phished. Protect yourself by turning on additional security features.

2fa-for-microsoft-account.jpg

Turn on 2-factor authentication to secure your Microsoft account.

Click to enlarge

The default settings for Windows 10 strongly encourage you to sign in with a Microsoft account. Although it's easy enough to switch to a local account, there are good reasons for connecting that Microsoft account, including the ability to easily sync settings between devices.

But that powerful account is potentially a source of headaches if your credentials are stolen or phished. To protect yourself, I recommend that you turn on Microsoft's additional security features, which require a second form of authentication if someone tries to use those credentials on an unknown device.

The option is buried deep in the web interface for a Microsoft account. Fortunately, there's an easy-to-remember shortcut:

https://account.live.com/proofs/

Signing in with your Microsoft account at that page gives you access to three advanced security settings:

  • Two-step verification forces you to provide a second proof of identity when you sign in on an untrusted device. That code can be sent to an email address, delivered as a text message to your mobile phone, or generated by an authenticator app on your mobile phone
  • The trusted devices list lets you skip the second factor on a device you own after you successfully prove your identity. If a device is stolen, or you suspect you've been compromised, you can clear this list and force a 2FA prompt the next time you sign in on each previously trusted device.
  • A recovery code is worth printing out and saving in a secure location as a way to regain access if you lose access to other verification options.

Note that if you turn on two-step verification, you'll need to generate app passwords for signing in to Xbox, Microsoft Outlook, and third-party apps that can't receive a 2FA code.

Given the havoc that a hacked account can cause, I strongly recommend visiting this page and tightening up your Microsoft account security.

Previous tip: Protect removable storage devices with BitLocker encryption

Next week: Another Windows 10 tip from Ed Bott

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All