Microsoft offers security enhancement for sign-ins (Update)

Apr 17, 2013 by Anick Jesdanun

Microsoft is offering enhanced security for its email, storage and other services.

People who turn on the new feature will be asked not just for a username and password, but also a second piece of information, such as a temporary code sent as a text message to a phone on file. Google Inc. and Facebook Inc. already allow two-step verification as an option.

The security enhancements work with all Microsoft accounts, such as email addresses ending in Hotmail.com, MSN.com and Outlook.com. Those accounts unlock a range of Microsoft Corp. products, including email, Skype, SkyDrive storage, Xbox gaming, Office software subscriptions and Windows 8 machines.

Microsoft has no plans, however, to lift its current 16-character limit on passwords. Having a long password is one way to thwart hackers by making it harder to guess. In a statement, Microsoft says passwords are often compromised when people reuse them on multiple sites, respond to scam email messages or use machines that have malicious software. Longer passwords aren't helpful in those situations, the company says.

Two-step verification is one way to improve security without a longer password. Someone able to guess your password would still need physical access to your phone for the second code, for instance.

Microsoft already requires a second code for sensitive activities, such as editing credit card information. The new feature, available in the coming days, will allow people to require that for all tasks.

So if you're logging on from a new personal computer or mobile device, you'll be asked for that second code, sent to a phone number or an alternative email address on file. If you're offline and unable to get that second code, you can generate one using a Microsoft Authenticator app on Windows Phone devices. Those using iPhones or Android devices can install a third-party authenticator app compatible with Microsoft's system.

If you use a particular computer regularly, you can have that device remember that you're legitimate, so you're not asked for the second code again and again. But you may still have to provide one if you are switching Web browsers or if you haven't used that device for 60 days. If you lose a phone, you can revoke access remotely.

While two-step verification makes accounts safer, it requires more work to use and maintain, particularly if you change your phone number or the alternative email address. If you forget to update that information beforehand and you lose access to both, you'll need to go through a recovery process that comes a 30-day waiting period. The waiting period is to ensure that a hacker doesn't try to use it to take over your account.

Explore further: Study: Social media users shy away from opinions

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Skype to replace Microsoft Messenger in March

Jan 09, 2013

Microsoft on Wednesday sent out word that it will "retire" its Messenger online chat feature on March 15 and replace it with the Skype Internet telephony service it bought last year.

Hotmail in hot water over password flaw, rushes fix

Apr 28, 2012

Hackers tried to get the best of Hotmail by figuring out how to reset Hotmail user passwords for e-mail accounts this month. Locking hotmail users out of their own accounts when trying to key in their passwords ...

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0