Setting up a Microsoft account doesn’t begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a solid baseline of security and protect that account from intruders. Below are seven steps to assist in making your Microsoft account safe:
What to do?
Create a Strong Password: The best way to ensure that you’ve nailed this requirement is to use your password manager’s tools to generate a brand-new password. Generating a new password ensures that your account credentials are not shared with any other account; it also guarantees that an older password that you might have inadvertently reused isn’t part of a password breach.
Print out a Recovery Code: Print out a recovery code and store it in a safe place; you’ll need it if you lose access to your account. Next step is to save a recovery code. If you’re ever unable to sign into your account because you’ve forgotten the password, having access to this code will save you from being permanently locked out. To find the code, go to the Microsoft Account Security Basics page, find the Advanced Security Options section and click Get Started. That takes you to the not-so-basic Microsoft Account Security page. (To go there directly, bookmark this address: https://account.live.com/proofs/Manage/additional.)
Scroll to the bottom of the page and look for the Recovery Code section. Click Generate A New Code to display a dialog box like the one shown here.
Turn on Two-Step Verification: On the Microsoft Account Security scroll up to the Two-Step Verification section and make sure this option is turned on.
Add a Secure Email Address as a Form of Verification: Microsoft recommends that you have at least two forms of verification available in addition to your password. If you need to reset your password, when two-step verification is enabled, you’ll need to supply both of those forms of identification or you risk being permanently locked out. A free email address, such as a Gmail account, is acceptable if your security needs are minimal, but a business email address is a much better choice.
Setup the Microsoft Authenticator App: In this configuration, any sign-in attempt that requires verification sends a push notification to your smartphone. Approve the request, and you’re done. To set up Microsoft Authenticator with a Microsoft account, go to the advanced Microsoft Account Security page.
Remove SMS Text Messages as a form of Verification: What makes SMS text messages so problematic from a security point of view is the reality that an attacker can hijack your mobile account.
Use a Hardware Security Key for Authentication: Using a hardware key, you can sign into your Microsoft account with just a PIN. This step is the most advanced of all. It requires an investment in extra hardware, but the requirement to insert a device into a USB port or make a connection via Bluetooth or NFC adds the highest level of security. To configure a hardware key, go to the advanced Microsoft Account Security page and click Add A New Way To Sign In Or Verify. Choose the Use A Security Key option and then follow the prompts.
What can you do to when this happens to you?
- Most people don’t need this level of advanced protection. But if your OneDrive account includes valuable documents like tax returns and bank statements, you’ll want to lock it down as tightly as possible.
- If you find your network breached immediately shut down and identify the source for the breach.
- Determine if any data has been corrupted and/or exfiltrated. If data has been lost notify those effected immediately.
- Notify your local law enforcement cybercrimes division and the FBI.
- Restore the network from a known clean backup
By Ed Bott January 5, 2021 ZD Net