Microsoft Account – Optional Two-Step Verification
April 17, 2013
Summary:
- Microsoft will begin deploying a new, but optional, verification procedure requiring the user to provide two types of security information prior to accessing their Microsoft account.
Comments:
- This feature change is optional
- Microsoft accounts provide the ability to configure multiple types of security proofs
- Security proof types previously and currently available are – SMS capable phone number, Alternate E-mail address, Trusted PC, and Secret Question
- Multiple entries (more than one) of specific security proof types can be configured (e.g. two phone numbers, two alternate email address, two Trusted Pcs)
- Enabling two-step verification will ensure Microsoft verifies that at least two pieces of security information are on file for the respective Microsoft Account on the Microsoft servers and /or user provided during verification when signing on.
- Enabling two-step verification will also provide the option to opt-out of providing security codes after an initial two-step verification (per browser per device). Choosing this option will require using the device to sign on to the respective Microsoft account at least once every 60 days.
- Maintaining and updating your account security proofs will be important/necessary for any devices used to access Microsoft account services
- If your security information changes (e.g. Phone, Alternate Email) it should be considered mandatory to update your Microsoft account before wiping/deleting the old information.
Links:
1. Microsoft Account Gets More Secure
– http://blogs.technet.com/b/microsoft_blog/archive/2013/04/17/microsoft-account-gets-more-secure.aspx
2. Microsoft Account Security Proofs (for configuring security proofs and Two-Step Verification)
– https://account.live.com/proofs/Manage
Revisions:
April 17, 2013: Original Draft and Publish Date