Microsoft account security beefed up

Microsoft account security beefed up

Summary: [Correction] A log of recent account activity, an account recovery code and better control of notifications to be added in coming days. Microsoft accounts are used in Windows 8, and Skydrive.


Microsoft announced today that they have added new security and account control features to Microsoft accounts.

Account users will be able to view a log of recent use of the account, including the date/time, IP address and location from where the account was accessed. See below for an example.


As Microsoft says, they can't effectively protect your account unless you help, and checking information like this can help a lot.

They have also added a new recovery code feature, similar to Twitter's, for the very odd circumstance in which you lose use of both your authentication factors (typically your email address and mobile phone number). The code appears to be a globally unique identifier (GUID), a 32 16-byte value. [Correction: Thanks to @VMaxF1 for pointing out both that GUIDs are 16, not 32 bytes, and that recovery codes are actually 25 alphanumeric charcters, the same format as product keys.] The idea is that you save this value somewhere safe (not your phone) for such emergencies and (here's the tricky part) remember that you have it and where you put it when you need it.

Lastly, Microsoft has added greater control over security notifications, such as password resets. You must still receive them at your primary email address, but you can select which phone numbers receive SMS alerts.

Topics: Security, Microsoft, Windows, Windows 8

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I like the idea of showing all that recent activity information.

    It will be easier to tell exactly who and where someone accesses my account.
    Sam Wagner
    • Doesn't help much when they change the access to the account...

      Makes it rather hard to check the account use when you can't login to check the use...
  • They can'

  • I Wonder

    Where NSA logins show up as being from (China)? LOL.

    Good additions however. And I do think it may have been done in part because of the NSA hacking.
    • Has less to do with the NSA

      This is more due to the fact that MS is integrating your account to your phone and PC along with other services that have "stores" attached. The NSA just collects data up stream and bypasses all of this. I would not trust the integrity of https either as this secure socket is widely used and therefore is almost certainly compromised by the NSA.
      Rann Xeroxx
  • Certificates...

    I'd like to see them get a green badge of health from Calomel. At the moment is getting a red shield, saying that the SSL connection is insecure, because the keys are weak and they are no using PFS.