Wednesday, August 4, 2021

How to secure Microsoft Account

How to secure Microsoft Account


With the Microsoft OneDrive integration feature coming soon in SimplePass. I wanted to make a blog post on how to secure your Microsoft account. Of course, once the integration is completed, there will be some additional tips on how to use OneDrive integration securely.

For those of you who haven't heard of Microsoft OneDrive, Microsoft OneDrive is a file hosting service from Microsoft. There is a web interface, Windows application, Android, iOS apps. The free version allows storing up to 5 GB. With Office 365, 1TB. For our purposes, we just need a few kb. This free service from Microsoft can be used for passwords synchronization across different devices.

The risk is that, if your Microsoft account gets hacked, your other Microsoft services such as email, files on OneDrive can get hacked. So, to minimize that risk, this blog post discusses how to secure your Microsoft account.

Microsoft along with a lot of other companies allow the use of MFA (Multi-Factor Authentication). There is even a page displaying recent activity, that shows recent login activity.

Navigate to https://account.microsoft.com/security?refd=account.microsoft.com, and login into your account.

Here you can see "Sign-in activity", clicking on that displays all recent login activity.

Click on Advanced Security, here turn on two-step verification. You can add an additional email or mobile number or Authenticator code or hardware key. My most preferred option is a hardware key like Yubico's Yubikey. But the drawback is that the hardware key costs money. I used to like Authenticator, but I recently saw a drawback in Microsoft's approach, and out of scope of current blog post. For now, I would say, if possible avoid the Authenticator option, for now. 

For example, if you add a different email, you need to secure that account. If you add mobile, be careful, that if you would lose access to your Microsoft account if you lose your mobile. A few months ago, I personally lost my mobile and it became a nightmare. Now, I have access to all my accounts. 

If you see any suspicious activity, scroll down and click "Sign me out" everywhere. Change your password. Periodically review your "Sign-in activity".

If you secured your Microsoft account, you can start using Microsoft OneDrive even today. Export passwords, upload to OneDrive. On the other device, log in into OneDrive, download, import. Then delete the file from your devices, recycle bin, and OneDrive, OneDrive's recycle bin. But if you exported passwords for the purpose of backup, you don't have to delete the file, but safeguard the file.


Stay safe from the prying online hacker's eyes.


How to secure Microsoft Account

No comments:

Post a Comment