If you’ve installed Windows 10, or bought Microsoft Office, or set up an Outlook email address, chances are you’ve got a Microsoft account. This hub ties together everything you do with Microsoft’s software, from Cortana to OneDrive.
With so much important digital data inside this account, of course you’ll want to keep it safe. You don’t need to be a seasoned security expert to put up effective protection against hackers and scammers. Here’s what to do.
Use a strong password and two-step verification
Take time to choose a secure password for your Microsoft account. The longer it is, and the more of a mix of cases, letters, and numbers it includes, the harder it will be to crack. It shouldn’t be something that’s commonly used, like “password”, and shouldn’t be based on something other people can easily find out about you, like the date of your birthday.
Also, make sure your Microsoft account password is unique—don’t borrow one from another account. Otherwise, once someone cracks the code for the weakest of these accounts (whether that’s Microsoft or any other account), they’ll all be exposed. It’s like having a single key for your car, safety deposit box, house, and office.
To further bolster the security of your Microsoft account, switch on two-step verification. This process means that something else, besides your password, will be required to log in. It might be a code sent via SMS or email, or generated from an app on your phone. Even if someone knows your password, that person can’t get inside your account without the extra code.
To switch on two-step verification, go to your Microsoft account page online, then click Security and follow the link for more security options. Opt to turn on two-step verification and you’ll get taken through the process of setting up a code through whatever method you prefer.
Check on device and account activity
When you log in to your Microsoft account page on the web, you will see a list of recent purchases linked to your account, and a list of all the devices where your account is active. As a best practice, review these lists regularly and check for any activity you don’t recognize. If you click through on any purchase, you’ll see a link labeled Investigate unknown charges on your statement, which you can click if you see a suspicious entry.
As for the devices, entries on the list should all be familiar computers, phones, and consoles. If you spot something that doesn’t fall into that category, click on the device, then choose More actions, then choose to remove it. Err on the side of caution—even if you remove a device you need, you can still log on again next time you want to use it.
Click Security on your account page, then Review Activity, and the next screen gives you a further breakdown of where your account has been active, complete with times, devices, and locations. Next to all the activity entries, you’ll find Secure your account links, which you can click on if anything looks suspicious. Once you click through, Microsoft will prompt you to change your password.
Depending on the devices you’ve linked to your Microsoft account, such as phones and Xbox consoles, you might be able to access similar screens in the devices’ operating systems as well as on the web. In Windows 10, for instance, open up the Settings app, then choose Accounts, and then Sign-in options for getting into your device.
Stay up to date
You might not think it, given the number of high-profile hacks that hit the headlines, but companies like Microsoft are working very hard to patch security holes and stay one step ahead of the hackers. One of the best ways to protect your Microsoft account is also one of the easiest: Just keep your software up to date.
Because this is so important, Microsoft has now made it very hard for you to avoid updates. But if you go to Settings then Update & security in Windows 10, you can check your options. Remember to also regularly update your browser, desktop applications, and antivirus tools to minimize the odds of accidentally exposing your accounts.
In addition to Microsoft-specific steps you can take, the usual security advice applies too. Be wary of following unsolicited links from emails or social media, and never give out your password and username over the phone. Keeping your software up to date can help with this too, as most modern browsers now identify sites associated with phishing attempts designed to get personal info out of you.
One scam that often targets Windows users comes via a telephone call: If you get a call from someone who claims to be from Microsoft technical support and tells you you’ve got a virus on your system, report it to Microsoft. These con artists usually try and trick you into installing spyware on your computer, purportedly to fix your non-existent technical problems. Then they can use that spyware to steal your information and control your system.
Protect your privacy
Security is about keeping people out of your account, whereas privacy is about controlling the information you share with Microsoft and the wider world. The two fields do have some crossover—limiting the personal details you put online, for example, can make it harder for other people to impersonate you on the web. But Microsoft itself is also recording your online behavior.
To see Microsoft’s available privacy options, open your online account page and click Privacy. From this page, you can delete the information that Microsoft has been collecting about you. For example, if you’ve been using Microsoft apps like the Edge web browser and the Cortana personal assistant, you can view and clear your activity logs from here. Depending on the devices you use, Microsoft might also keep logs of your location, and you can also wipe this information if you want.
Why is Microsoft keeping all this data in the first place? If you click around the Privacy section, you can find explanations of what the company might want to do with your information. Some reasons are benign and even helpful—for example, tracking your location might allow Microsoft to give you better directions to your favorite restaurant. On the other hand, in exchange for this convenience, Microsoft is asking you to trust them to use your data privately and responsibly in the future. It’s up to you whether you accept the tradeoff or you choose to wipe the collected information.
You can find further privacy settings through the individual applications themselves (like Edge and Cortana) and the Windows 10 Settings app. Click Privacy in Settings to turn various tracking options on and off, from location tracking to targeted ads. Again, you can find more information about why Microsoft stores this data and what it does with it by following the links near each option.
Online security has never been more important. For more information, check out our guide to protecting all your accounts.