Secure your Microsoft account so it’s hard to get into
Keep your digital property safe.
This story has been updated. It was originally posted on April 17, 2017.
If you’ve installed Windows 10 or 11, bought Microsoft Office, or set up an Outlook email address, chances are you have a Microsoft account. This hub ties together everything you do with Microsoft’s software, from Microsoft Edge to OneDrive.
With so much important digital data inside this account, you’ll want to keep it safe, of course. But you don’t need to be a seasoned security expert to put up effective protection against hackers and scammers. Here’s what to do.
Use a strong password and two-step verification
Take time to choose a secure password for your Microsoft account. The longer it is, and the more of a mix of cases, letters, and numbers it includes, the harder it will be to crack. It shouldn’t be something that’s commonly used, like “password”, and it shouldn’t be based on something people can easily find out about you, like the date of your birthday.
Also, make sure your Microsoft account password is unique—don’t borrow one from another account. Otherwise, once someone cracks the code for the weakest of these accounts (whether that’s Microsoft or something else), they’ll all be exposed. It’s like having a single key for your car, safety deposit box, house, and office.
To further bolster the security of your Microsoft account, switch on two-step verification. This process means that something else, besides your password, will be required to log in. It might be a code sent via text message or email, or generated from an app on your phone. Even if someone knows your password, that person won’t be able to get inside your account without the extra code.
To switch on two-step verification, go to your Microsoft account page online, log in, then click Security and follow the link for Advanced security options. Find the Additional security heading and click Turn on under Two-step verification. This will take you through the process of setting up a code via whatever method you prefer.
Check on device and account activity
When you log into your Microsoft account on the web, you will see a list of recent purchases linked to your account, and a list of all the devices where your account is active. As a best practice, review these lists regularly and check for any activity you don’t recognize. If you see something suspicious, Microsoft recommends using its unexpected charge troubleshooter before contacting them directly.
As for the devices, entries on the list should all be familiar computers, phones, and consoles. If you spot something that doesn’t fall into that category, click View details next to the device, then choose Remove this device. Err on the side of caution—even if you remove a device you need, you can still log on again next time you want to use it.
[Related: How to keep all of your accounts safe in a world where people want your data]
Click Security on your account page, then View my activity, and the next screen will give you a further breakdown of where your account has been active, complete with times, devices, and locations. Under the activity entries that aren’t your current session, you’ll see Secure your account links, which you can click if anything looks suspicious. Once you click through, Microsoft will prompt you to change your password.
Depending on the devices you’ve linked to your Microsoft account, such as phones and Xbox consoles, you might be able to access similar screens in the devices’ operating systems as well as on the web. In Windows 10, for instance, open up the Settings app, then choose Accounts, and then Sign-in options for getting into your device.
Stay up to date
You might not think it, given the number of high-profile hacks that hit the headlines, but companies like Microsoft are working hard to patch security holes and stay one step ahead of the hackers. One of the best ways to protect your Microsoft account is also one of the easiest: Just keep your software up to date.
Because this is so important, Microsoft has made it hard for you to avoid updates. But if you go to Settings then Update & Security in Windows 10, you can check your options. Remember to also regularly update your browser, desktop applications, and antivirus tools to minimize the odds of accidentally exposing your accounts.
In addition to Microsoft-specific steps you can take, the usual security advice applies too. Be wary of following unsolicited links from emails or social media, and never give out your password and username over the phone. Keeping your software up to date can help with this too, as most modern browsers now identify sites associated with phishing attempts designed to get personal info out of you.
One scam that often targets Windows users comes via a telephone call: If you get a call from someone who claims to be from Microsoft technical support and tells you you’ve got a virus on your system, report it to Microsoft. These con artists usually try to trick you into installing spyware on your computer, purportedly to fix your non-existent technical problems. Then they can use that spyware to steal your information and control your system.
Protect your privacy
Security is about keeping people out of your account, whereas privacy is about controlling the information you share with Microsoft and the wider world. The two fields do have some crossover—limiting the personal details you put online, for example, can make it harder for other people to impersonate you on the web. But Microsoft itself is also recording your online behavior.
To see Microsoft’s available privacy options, open your online account page and click Privacy. From this page, you can delete the information that Microsoft has been collecting about you. For example, if you’ve been using Microsoft apps like the Edge web browser, you can view and clear your activity logs from here. Depending on the devices you use, Microsoft might also keep logs of your location, and you can wipe this information if you want as well.
Why is Microsoft keeping all this data in the first place? If you click around the Privacy section, you can find explanations of what the company might want to do with your information. Some reasons are benign and even helpful—for example, tracking your location might allow Microsoft to give you better directions to your favorite restaurant. On the other hand, in exchange for this convenience, Microsoft is asking you to trust them to use your data privately and responsibly in the future. It’s up to you whether you accept the tradeoff or you choose to wipe the collected information.
You can find further privacy settings through the individual applications themselves (like Edge) and the Windows 10 Settings app. Click Privacy in Settings to turn various tracking options on and off, from location tracking to targeted ads. Again, you can find more information about why Microsoft stores this data and what it does with it by following the links near each option.